

It could already be happening. The likelihood could even be higher than not.
It doesn’t necessarily need to be a single event. There are already AI systems being sold in healthcare. Even pre-LLMs. Who’s to say these system are being closely monitored and studied. There could statistically be patients who have died or been maimed who otherwise wouldn’t if they had real human professionals instead of someone who used a system that was sold on the doctors office.

KDE has a history of doing that. Plasma widgets are a gaping security hole. You can poke a hole through root. I’m pretty sure you can traverse up the JS object hierarchy from a widget and modify the whole desktop in anyway you want. At least at some point this was possible. A widget can and has deadlocked plasmashell from even loading. Their response was basically “works as intended” and closed the issue.