I know your being somewhat sarcastic.

My money is on the entire FAANG etc having their Thales based root CA keys compromised . I’ve been less than impressed with security measures taken around key material and/or network security in general.

Once you start really understanding the full capabilities and vulnerabilities of these commercial CA appliances , you realize how massive the attack surface is.

My current stack is Nitro key HSM with XCA on an air gapped laptop. Keep it all in a decent safe with cameras and alarm system.