PROMIT NOW · ALL SIX LENSES · 2026-03-08

◆ DAILY BRIEFING

Sunday, March 8, 2026

6 angles · 48 sources · 8,653 words · ~44 min end to end

  1. Engineer 8 sources · 8 min

    Two CVSS 10.0 vulnerabilities dropped this week — pac4j-jwt (CVE-2026-29000) lets attackers forge JWTs with just your public key, and FreeScout's zero-click RCE (CVE-2026-28289) exploits a TOCTOU where file validation runs before Unicode sanitization.

    AI can now find real zero-days in production codebases at ~$400 per vulnerability (22 Firefox bugs in 14 days), while two CVSS 10.0 authentication bypasses dropped this week, 48% of zero-days target y…

    Read full briefing →
  2. Security 8 sources · 7 min

    Two new CVSS 10.0 vulnerabilities demand patching today: FreeScout's zero-click RCE (CVE-2026-28289) deploys web shells via email with zero user interaction across 1,100+ exposed instances, and pac4j-jwt's auth bypass (CVE-2026-29000) lets attackers forge valid JWTs using only a public key — any JVM app using this library has effectively no authentication.

    FreeScout and pac4j-jwt both scored CVSS 10.0 this week — one deploys web shells via email with zero clicks, the other lets attackers forge authentication tokens with only a public key — while Claude…

    Read full briefing →
  3. Data Science 8 sources · 7 min

    Anthropic's Claude Code burns ~$5,000 in compute for every $200 subscription — a 25:1 subsidy ratio confirmed across multiple sources — meaning your AI coding tool economics are built on a temporary loss-leader that will repriced.

    AI coding tools are subsidized at 25:1 ($5K compute for a $200 subscription), benchmark integrity is broken (Claude decrypted its own eval answers from the web), and vLLM v0.17 just made AMD inference…

    Read full briefing →
  4. Product 8 sources · 7 min

    Catalini's new 'Economics of AGI' paper quantifies what Grammarly's attribution scandal just proved in the wild: automation costs are plummeting while verification costs remain stubbornly high.

    The AI product market just split into two economic layers: generation (commodity, price-compressing, everyone ships it) and verification (defensible, high-margin, nobody's nailed it). Grammarly's attr…

    Read full briefing →
  5. Leader 8 sources · 7 min

    The U.S.

    Your infrastructure is under active exploitation (Cisco's 50+ CVEs, Tycoon2FA defeating 60% of enterprise MFA), your macro assumptions just broke (92K jobs lost, oil at $91, Fed frozen), and the AI ac…

    Read full briefing →
  6. Investor 8 sources · 8 min

    Anthropic's Claude Code burns $5,000 in compute per user per month while charging $200 — a 25x subsidy ratio now confirmed across multiple intelligence sources — and SoftBank is loading its largest-ever $40B bridge loan onto OpenAI in the same week prediction markets double to $20B each amid active class-action lawsuits.

    AI labs are burning $25 to earn $1 on coding tools while SoftBank loads $40B in debt onto a single company and prediction markets double to $20B amid active lawsuits — the capital deployment euphoria…

    Read full briefing →