Arch Linux AUR Hit by Another Wave of Now More Sophisticated Malware Attack

Is there any information on if this is the same attack vector (orphaned packages that were adopted)? I believe they already locked down adoption, but maybe also a combination of existing maintainers being taken over?

Companies like Anthropic and OpenAI need to sponsor open source projects by giving them free agent credits. Otherwise, bad actors can just outspend and totally overwhelm the somewhat dim and very overworked set of human maintainers. Humans in software are obsolete, full stop.