PROMIT NOW · ALL SIX LENSES · 2026-04-17

◆ DAILY BRIEFING

Friday, April 17, 2026

6 angles · 208 sources · 9,425 words · ~48 min end to end

  1. Engineer 35 sources · 8 min

    Axios just scored a CVSS 10.0 for header injection that bypasses your URL allowlists and exfiltrates cloud IAM credentials via IMDS — and it's one of at least seven critical CVEs (five at 9.8+) hitting common production dependencies this week, including Django, pgx/v5 Go driver, OAuth2 Proxy, and Apache Tomcat.

    Your production dependencies got hit with a CVSS 10.0 (Axios cloud credential theft) and six more 9.1-9.8 CVEs in the same week — while a new tool proved every standard AWS IAM containment method is b…

    Read full briefing →
  2. Security 34 sources · 8 min

    Your AWS incident response playbooks are broken today — the open-source 'notyet' tool exploits IAM eventual consistency to reverse every standard containment method (inline policies, permission boundaries, access key deactivation, even AWS's own SSM runbook) within seconds.

    Your AWS IR containment methods are reversed in seconds by a public tool (only SCPs work), Microsoft just dropped 243 CVEs including a CVSS 10.0 in the most popular JavaScript HTTP client, AI-generate…

    Read full briefing →
  3. Data Science 34 sources · 7 min

    Three architecturally distinct approaches to compute-efficient scaling dropped simultaneously — Parcae's layer-looping matches 2x-sized Transformers, NVIDIA's Nemotron 3 Super runs 12B of 120B params at 7.5x throughput, and Nucleus-Image brings sparse MoE to diffusion at 2B/17B active-to-total ratio.

    Three simultaneous architecture drops (Nemotron 12B/120B, Parcae 2x quality via looping, Nucleus-Image 2B/17B) prove that active parameter count — not total parameters — is the new model size metric,…

    Read full briefing →
  4. Product 35 sources · 8 min

    LinkedIn's Hiring Assistant is growing customers 36% week-over-week at $1,000+/user/month while Microsoft's own Office 365 Copilot sits at 3% adoption — the most expensive natural experiment in enterprise AI just proved vertical agents targeting one workflow crush horizontal copilots by an order of magnitude.

    The enterprise AI market just delivered its verdict: LinkedIn's vertical agent grows 36% weekly at $1K/user while Microsoft's horizontal Copilot stalls at 3% adoption, Snap says AI writes 65% of its c…

    Read full briefing →
  5. Leader 35 sources · 9 min

    A single hacker using Claude Code and GPT-4.1 breached nine Mexican government agencies in weeks — AI generated 75% of exploit commands, producing 2,957 structured intelligence reports from 305 compromised servers.

    A single hacker with Claude Code breached nine governments in weeks while Snap disclosed AI writes 65% of its code and cut 16% of staff — and the market cheered both. The AI revolution just stopped be…

    Read full briefing →
  6. Investor 35 sources · 8 min

    Anthropic is rejecting offers above $800 billion on revenue that tripled to $30B in months — the same week it attacked Figma directly (stock down 45% YTD) and a shoe company rebranding as 'NewBird AI' surged 580% on zero AI credentials.

    Anthropic rejecting $800 billion while attacking Figma directly, OpenAI launching a CPC ad platform targeting $11B by 2027, and a shoe company surging 580% on an AI rebrand — these aren't three storie…

    Read full briefing →