The supply-chain argument, made carefully
After the 2026 gateway compromise, 'how many packages are in your hot path?' became a real procurement question. Our answer is a number: zero.
March 2026's compromise of a major Python LLM gateway was a watershed less for its damage than for its lesson: the hot path of AI infrastructure had quietly accumulated thousand-package dependency trees, each package a door, each maintainer account a key under a mat. Security teams now ask vendors to enumerate their runtime dependencies. Most answers are spreadsheets.
Ours is a sentence: the Crowkis runtime image contains one statically-compiled Rust binary, a non-root user, and an empty data directory. No interpreter, no package manager, no shell tooling to live off, no node_modules and no site-packages. The attack class that compromised the gateway — poisoning an upstream package — has no upstream to poison here.
One file to security-review. No supply chain to poison.
Signing closes the distribution edge: releases ship signed, so the binary you run is provably the binary we built. Verification is offline, like the licensing — no certificate dance with our servers, no trust in our uptime, nothing phoning anywhere ever.
The bottom line
Supply-chain security is mostly subtraction, and subtraction has to happen at design time — you can't patch your way from a thousand dependencies to none. We started at none and stayed.