PROMIT NOW · ALL SIX LENSES · 2026-03-12

◆ DAILY BRIEFING

Thursday, March 12, 2026

6 angles · 190 sources · 9,583 words · ~48 min end to end

  1. Engineer 32 sources · 8 min

    CVE-2026-29000 in pac4j lets anyone forge JWTs using only your public RSA key — no secrets needed, pre-auth, public PoC live, and it's likely buried in your Java dependency tree behind framework adapters you forgot about.

    The highest-leverage engineering work this week is not choosing better models — it's building the infrastructure around them. Vimeo proved that separating LLM generation from structural formatting hit…

    Read full briefing →
  2. Security 30 sources · 9 min

    CVE-2026-29000 in pac4j — a maximum-severity JWT forgery requiring only a public RSA key — has a live proof-of-concept and your Java apps almost certainly inherit it as a transitive dependency you've never audited.

    A maximum-severity Java JWT forgery with a live proof-of-concept sits in dependency trees most organizations have never audited, a prompt injection against an AI triage bot just backdoored 4,000 devel…

    Read full briefing →
  3. Data Science 32 sources · 7 min

    Google DeepMind shipped Gemini Embedding 2 — the first natively multimodal embedding model mapping text, images, video (≤120s), and audio into a single 3,072-dim vector space with Matryoshka truncation to 768 dims at inference time.

    Google shipped Gemini Embedding 2 — the first model that puts text, images, video, and audio into one vector space with tunable dimensions — and it could cut your embedding infrastructure from three p…

    Read full briefing →
  4. Product 32 sources · 9 min

    A 340-person engineering survey just quantified PM's biggest blind spot: only 27% of engineers find both the problem AND success criteria clear in your tickets, while 59% discover missing work mid-cycle — and this rate is identical from 10-person startups to 1,000+ engineer orgs.

    Your specs — not your engineers' velocity — are the proven bottleneck: only 27% of engineers find tickets clear enough to start work, and only 9% of teams use AI to fix requirements despite 95% using…

    Read full briefing →
  5. Leader 32 sources · 8 min

    A federal court just ruled that AI agents need platform authorization — not just user permission — to access third-party services, while Amazon convened an emergency all-hands after its own AI coding tool tried to delete and rebuild an entire production system.

    AI agents crossed from experimental to production at 95% of enterprises — and this week the legal system, Amazon's own outages, and a zero-click Copilot exploit all proved the governance infrastructur…

    Read full briefing →
  6. Investor 32 sources · 7 min

    Tech just issued $120B+ in bonds to fund AI in a single cycle — Amazon $42B, Salesforce $20-25B (Moody's immediately downgraded it), Oracle burning $50B in capex — while the SoftBank→OpenAI→Oracle financing chain reveals every node is leveraged against the same AI revenue assumption.

    Tech just went to the bond market for $120B+ in a single cycle to fund AI infrastructure that isn't yet producing cash returns — while a federal court ruled AI agents need platform permission to opera…

    Read full briefing →