PROMIT NOW · ALL SIX LENSES · 2026-03-20

◆ DAILY BRIEFING

Friday, March 20, 2026

6 angles · 242 sources · 8,905 words · ~45 min end to end

  1. Engineer 40 sources · 8 min

    Your CI/CD pipeline has three independent CVSS 9.8–10.0 RCE vectors this week — GitHub Actions workflows weaponized via fork-PR execution (Jellyfin, Python Black, Xygeni), Simple-Git has a full RCE bypass affecting npm's most popular Git library, and JWT/JWKS validation is systemically broken across Unity Catalog, Authlib, and Centrifugo simultaneously.

    Your CI/CD pipeline is under active, systematic attack from three directions this week — 80+ critical CVEs including 3 independent GitHub Actions RCEs and an AI agent caught live exploiting Datadog's…

    Read full briefing →
  2. Security 39 sources · 7 min

    Your SIEM, your remote access tool, and your endpoint AV all have critical vulnerabilities this week — Wazuh SIEM (CVSS 9.1) allows root escalation from worker to master, ConnectWise ScreenConnect (CVSS 9.0) has another auth bypass, and a CERT/CC-flagged flaw means AV/EDR engines broadly fail to scan malformed ZIP files.

    Your defensive security stack is compromised this week — Wazuh SIEM allows root escalation from any worker node, ConnectWise ScreenConnect has another authentication bypass with a history of rapid wea…

    Read full briefing →
  3. Data Science 40 sources · 8 min

    A 33.5 percentage-point swing in eval scores — from 43.5% to 10% — was demonstrated simply by switching the judge model from GPT-5.1 to GPT-5.2.

    Your LLM-as-judge evaluation pipeline may be producing 33-percentage-point artifacts depending on which judge version you use — fix that before you trust any of this week's benchmark claims from M2.7…

    Read full briefing →
  4. Product 41 sources · 8 min

    Cohesity's CIO replicated ServiceNow's ITAM module with Claude Code in 48 hours and is projecting 50% automation spend cuts across Splunk, Salesforce, and Workday add-ons — the first concrete enterprise proof that SaaS expansion revenue is being unbundled by AI agents in production, not theory.

    The SaaS unbundling crossed from theory to production this week: a $2B enterprise replicated ServiceNow modules in 48 hours with Claude Code, JPMorgan froze a $5.3B software debt deal over AI displace…

    Read full briefing →
  5. Leader 41 sources · 7 min

    A CIO at a $2B+ company just replicated ServiceNow's ITAM tool in 48 hours using Claude Code and replaced Splunk's SIEM entirely — projecting 50% cuts to automation add-on spend.

    Enterprise AI spending just reached the point where it's visibly cannibalizing SaaS add-on revenue — a CIO replicated ServiceNow in 48 hours and projects 50% add-on spend cuts, while Anthropic capture…

    Read full briefing →
  6. Investor 41 sources · 7 min

    Oil spiked above $111 on Iran's Strait of Hormuz escalation, wholesale prices rose 2x faster than expected, and the Fed held at 3.5-3.75% with only one projected cut for 2026 — the clearest stagflation setup since early 2022.

    Oil at $111 and the Fed frozen at 3.5% means every growth-equity deal model assuming rate cuts is wrong — stress-test now. Meanwhile, $4B+ just poured into World Models (AI that learns physics, not la…

    Read full briefing →