I'm kind of surprised that Microsoft aren't able to preempt this scenario better, with the amount of money they're pouring into SecOps and surveillance.
I can feel like this sometimes too. And I think it's an interesting discussion to be had in relation to how it is the same tool some use to generate code and build systems.
Nice to see a real contender in the "revenue stack" space that treats usage metering, entitlements, and checkout as one system instead of a pile of loosely coupled addons.
Cooldowns feel like a solid, ecosystem agnostic way to reduce blast radius from "malicious release goes live and gets auto pulled everywhere" attacks. They do not prevent compromise, but they buy the one thing defenders usually lack: time for humans and tooling to notice before wide rollout.