PROMIT NOW · ALL SIX LENSES · 2026-04-09

◆ DAILY BRIEFING

Thursday, April 9, 2026

6 angles · 217 sources · 8,499 words · ~42 min end to end

  1. Engineer 36 sources · 7 min

    Kubernetes service account tokens are now the #1 post-exploitation pivot target — Unit 42 reports a 282% YoY increase in token theft, with both Lazarus Group and opportunistic attackers (React2Shell, CVE-2025-55182 weaponized in 48 hours) executing the identical attack chain: compromise workload → extract /var/run/secrets/.../token → test RBAC → pivot to cloud.

    Kubernetes service account tokens have become the standardized breach pivot point — 282% YoY theft increase with nation-state and opportunistic attackers converging on the same exploit chain. Meanwhil…

    Read full briefing →
  2. Security 36 sources · 7 min

    APT28 weaponized 18,000+ compromised routers across 120 countries into an OAuth token theft machine targeting 200+ organizations — and your MFA was irrelevant because stolen tokens bypass it entirely.

    Your identity layer is under coordinated assault from three distinct vectors simultaneously: APT28 stole OAuth tokens from 200+ organizations via 18,000 hijacked routers (MFA irrelevant), Dgraph's unp…

    Read full briefing →
  3. Data Science 36 sources · 6 min

    Z.ai's GLM-5.1 — a 744B MoE model under MIT license, trained entirely on 100K Huawei Ascend chips with zero Nvidia silicon — scored 58.4 on SWE-bench Pro, beating both GPT-5.4 and Opus 4.6 on the most credible coding benchmark at roughly one-third the cost.

    An open-weight 744B MoE model under MIT license just took #1 on SWE-bench Pro coding at one-third the cost of proprietary alternatives — while Google's own RAG system proves that 90% accuracy with 50%…

    Read full briefing →
  4. Product 37 sources · 7 min

    Stripe's Machine Payments Protocol went live this week: 894 AI agents executed 31,000+ transactions across 60+ API-only 'headless merchants' at $0.003–$35/request — zero accounts, zero UI, payment embedded in the HTTP request.

    Agent-native commerce went live on Stripe this week — 894 AI agents, 31,000 transactions, $0.003/request, zero signups — and Databricks proved governance (not features) is the 12x multiplier for getti…

    Read full briefing →
  5. Leader 37 sources · 8 min

    CISA just lost half its workforce and $707M in funding while the FBI reports record $21B in cybercrime losses — at the exact moment AI-powered autonomous zero-day discovery went operational and the post-quantum cryptography deadline compressed from 2035 to 2029.

    Your cybersecurity was built on three assumptions — government coordination, human-speed attackers, and unbroken encryption — and all three failed in the same week: CISA lost half its workforce, AI mo…

    Read full briefing →
  6. Investor 35 sources · 7 min

    Z.ai just trained a 744B-parameter model on 100,000 Huawei Ascend chips — zero Nvidia silicon — that beat GPT-5.4 and Claude Opus 4.6 on SWE-Bench Pro, then released it under MIT license at one-third the cost.

    China just proved export controls don't contain frontier AI — a 744B-parameter model trained on zero Nvidia silicon beat every proprietary model on the most commercially relevant coding benchmark and…

    Read full briefing →