Right, but at least with supply-chain attacks the dependency tree is fixed and deterministic.

Nondeterministic systems are hard to debug, this opens up a threat-class which works analogously to supply-chain attacks but much harder to detect and trace.