PROMIT NOW · ALL SIX LENSES · 2026-04-03

◆ DAILY BRIEFING

Friday, April 3, 2026

6 angles · 297 sources · 9,385 words · ~48 min end to end

  1. Engineer 50 sources · 7 min

    Nine critical CVEs hit your production stack this week — gRPC-Go auth bypass (CVSS 8.1), Grafana RCE (CVSS 9.1), Rails Active Storage arbitrary file read/delete (CVSS 9.8), ORY Oathkeeper CVSS 10.0 auth bypass, and five AI/ML tools with CVSS 9.1–10.0 RCEs.

    Your production infrastructure has nine critical CVEs to patch this week (gRPC-Go auth bypass, Grafana RCE, Rails Active Storage file read/delete, ORY Oathkeeper CVSS 10.0, and five AI/ML tools with C…

    Read full briefing →
  2. Security 48 sources · 8 min

    TeamPCP has been attributed as a single threat actor behind the Checkmarx, Trivy, Axios, LiteLLM, and Telnyx compromises — and independent analysis confirms all 91 Checkmarx GitHub Action tags were overwritten, not just 'select versions' as vendors reported.

    TeamPCP has been unmasked as the single actor behind this month's Checkmarx, Trivy, Axios, LiteLLM, and Telnyx supply chain compromises — weaponizing your own security scanners — and they've already r…

    Read full briefing →
  3. Data Science 50 sources · 7 min

    Karpathy's 600-line 'autoresearch' framework let Shopify's CEO — not an ML engineer — shrink a 1.6B model to 0.8B while improving performance 19% via 37 automated experiments overnight.

    Six CVSS 9.0–10.0 vulnerabilities hit AI/ML tools simultaneously while AI coding agents select vulnerable dependencies 50% more often than humans — upgrade PyTorch to ≥2.6 and audit your dependency tr…

    Read full briefing →
  4. Product 50 sources · 8 min

    Open-weight models just crossed the frontier threshold at 1/10th–1/20th the inference cost (Holo3 beats GPT-5.4 on OSWorld at 78.85%; Arcee Trinity rivals Opus 4.6 under Apache 2.0), while institutional investors are dumping OpenAI shares at a 5:1 sell-to-buy ratio and lining up $2B+ for Anthropic.

    Open-weight AI models just hit frontier quality at 1/10th the cost while investors dump OpenAI shares 5:1 and line up billions for Anthropic — your vendor lock-in is the most expensive risk on your ar…

    Read full briefing →
  5. Leader 50 sources · 9 min

    AI just crossed the zero-day discovery threshold: Anthropic's upcoming model found 500+ high-severity vulnerabilities in battle-tested open-source software — including decade-old bugs in the Linux kernel, Ghost CMS, Vim, and Emacs — using prompts as simple as 'find a vulnerability.' Simultaneously, a study of 117,000 dependency changes confirms AI coding agents select known-vulnerable versions 50% more often than humans and hallucinate package names 20% of the time.

    AI can now find zero-day vulnerabilities in battle-tested software using a one-line prompt — while your AI coding tools simultaneously create new ones 50% faster than human developers. Microsoft just…

    Read full briefing →
  6. Investor 49 sources · 9 min

    Microsoft declared 'complete independence' from OpenAI and shipped three competitive models built by fewer than 10 engineers — the same week Caplight data revealed a 5:1 sell-to-buy ratio on OpenAI secondary shares ($1B listed vs.

    The AI lab layer is repricing in real time: OpenAI's secondary market shows a 5:1 sell-to-buy ratio while Microsoft ships competitive models with 10 engineers and declares independence — but the real…

    Read full briefing →