It's not a SEV0 for LLM providers. If you already have code execution on some system, you've lost already, and whatever process the malware happens to start next is not at fault.

It 100% is, and I posted my rationale here [1]. I would stake my reputation on this being the appropriate stance.

[1] https://news.ycombinator.com/item?id=45039442