The Vexa CVEs landed without ceremony — an automated bot posting severity scores and ENISA links [2][3], no vendor statement, no coordinated patch window. For operators running self-hosted AI tooling, this is now the operative condition: the disclosure is already public before the deployer's security team has been notified through any internal channel. The window between public exposure and internal awareness is where the operational cost lives. Self-hosting trades vendor control for local sovereignty, but it also trades the vendor's disclosure pipeline for whatever monitoring the operator has assembled themselves.…