varying levels of incompetency can be solved by using safer but slower languages. Malicious is harder in the face of multiple colluding actors. Automated flagging of suspect code by AI to wider groups for review and sign off would drastically raise the bar (but obviously not solve the sneakiest of cases).