Tech Bytes Logo Tech Bytes
Home / Tech Pulse / Mar 28, 2026
Evening Wrap AI / Security / Policy March 28, 2026

Tech Pulse Daily — March 28, 2026

Claude usage limits end today amid GPU surge; Microsoft patches 79 CVEs including an APT28-exploited MSHTML zero-day; Nscale closes Europe's largest-ever AI round at $2B; Meta fires 700 and grants four executives up to $921M each in stock; White House AI policy targets preemption of 38 state laws.

Dillip Chowdary

Dillip Chowdary

Tech Bytes · Evening Wrap · March 28, 2026

Today's Top Highlights

  • 🤖Claude Computer-Use Goes Wide: Anthropic ends the off-peak 2x usage multiplier today due to GPU capacity constraints from millions of new users migrating post-OpenAI Pentagon controversy.
  • 🔴79 CVEs Patched — APT28 Zero-Day Active: Microsoft's March Patch Tuesday fixes 79 flaws including a SQL Server CVSS 8.8 privilege escalation and an MSHTML zero-day Russia's APT28 was actively exploiting before the patch.
  • 💰Nscale $2B Series C: UK AI infrastructure startup raises Europe's largest-ever AI round, valuing Nscale at $9.5B — Nvidia-backed, targeting 100,000 H100-class GPUs by Q3.
  • 😤Meta Fires 700, Pays Execs $921M: Meta simultaneously cuts 700 Reality Labs and non-AI roles while SEC filings reveal four executives receive up to $921M each in retention stock over five years.
  • 🏛️White House AI Policy Targets 38 State Laws: Trump administration's National AI Policy Framework calls for federal preemption of 38 state AI laws enacted in 2026.

Anthropic Claude Computer-Use Expansion & Capacity Crunch

Anthropic's Claude computer-use agent — capable of autonomously opening apps, browsing the web, and filling spreadsheets from a single mobile task prompt — expanded broadly through late March. The surge in adoption is directly tied to a mass migration of users away from OpenAI following its controversial Pentagon AI infrastructure contract.

  • Off-peak 2x promotion ends March 28: Anthropic confirmed the doubling of usage limits during off-peak hours ends today due to GPU capacity constraints — the first public sign of infrastructure strain at this scale.
  • $19B annualized revenue: Anthropic approaches $19B ARR as OpenAI surpasses $25B — the gap narrowed significantly in Q1 2026 driven by enterprise Claude 4.6 adoption.
  • Claude Mythos in closed trials: Leaked Anthropic documentation (first reported March 27) confirms "Capybara" (Claude Mythos) is in limited defensive cybersecurity trials — described internally as "a step change above Opus."
  • Computer-use architecture: The agent executes multi-step tasks via screenshot-driven reasoning loops, combining vision, planning, and action execution in a single extended context window.
Read Deep Dive →

Microsoft Patch Tuesday: 79 CVEs, APT28 MSHTML Zero-Day

CRITICAL: Patch SQL Server immediately

CVE-2026-21262 (CVSS 8.8) allows any authenticated user to escalate to sysadmin without physical access. APT28 exploited CVE-2026-21513 before the patch was available.

Microsoft's March 2026 Patch Tuesday addressed 79 CVEs across Windows, SQL Server, .NET, and Office. Two zero-days were disclosed: one actively exploited in the wild by Russia's APT28 via a crafted MSHTML file, and a SQL Server privilege escalation actively discussed in underground forums before patching.

  • CVE-2026-21262 (SQL Server, CVSS 8.8): Privilege escalation to sysadmin for any authenticated database user — affects SQL Server 2019, 2022, and Azure SQL Managed Instance on-prem deployments.
  • CVE-2026-21513 (MSHTML zero-day, APT28): Russian state actor exploited this pre-patch via crafted Office documents; enables remote code execution through the legacy MSHTML rendering engine still present in Windows.
  • CVE-2026-26127 (.NET DoS, CVSS 7.5): Remote denial-of-service crashes .NET 9.0 and 10.0 applications on Windows, macOS, and Linux — requires no authentication, affects cloud-hosted services.
  • Office RCE via preview pane (CVE-2026-26110/26113): Code execution with no user interaction beyond previewing an Office file — disable the Outlook and Windows Explorer preview pane as interim mitigation.

Verify patch status: Run SELECT @@VERSION in SQL Server — compare against the March 2026 CU release notes. Update .NET runtimes via dotnet --list-runtimes.

Full CVE List at BleepingComputer →

Nscale Raises $2B Series C — Europe's Largest AI Infrastructure Round

UK-based Nscale closed a $2B Series C led by Nvidia and a consortium of European sovereign wealth funds, reaching a $9.5B valuation. The round marks the largest AI infrastructure funding event in European history and signals institutional conviction that neutral, on-shore EU GPU compute is a multi-decade infrastructure category.

  • 100,000 H100-class GPUs by Q3 2026: Nscale's expansion roadmap targets becoming the largest non-hyperscaler GPU cluster in Europe — positioned as sovereign compute for EU AI Act compliance.
  • Nvidia as strategic equity investor: Nvidia's direct stake (not a hardware supply agreement) signals commitment to building a European AI compute backbone outside AWS, Azure, and GCP.
  • $9.5B valuation at Series C: Up from $1.2B valuation at Series B last September — a 7.9x jump in under a year, reflecting hyperscaler-equivalent demand for GDPR-native infrastructure.
  • EU AI Act compliance positioning: European data residency requirements under the AI Act are a core sales driver; Nscale's GPU clusters are designed for in-region data processing from the ground up.
Read Deep Dive →

Shield AI Raises $1.5B Series G at $12.7B — AI Defense Autonomy Scales

Shield AI closed a $1.5B Series G co-led by Advent International and JPMorgan Chase's Strategic Investment Group, valuing the company at $12.7B. The round funds global scaling of Hivemind — autonomous pilot software enabling unmanned aircraft to execute complex combat missions without GPS, communications links, or human operators in the loop.

  • Hivemind on F-16s and MQ-20s: Deployed on US Air Force aircraft including the F-16 Viper and Kratos UTAP-22 Mako; expansion to allied nation platforms is a primary use of the Series G proceeds.
  • JPMorgan direct co-lead: JPM participated via its Strategic Investment Group — a direct balance sheet commitment, not a fund vehicle — marking one of the largest bank-direct AI defense bets on record.
  • 4.7x valuation growth since 2022: From $2.7B in 2022 to $12.7B today, driven by DoD contract wins and the acceleration of unmanned systems spending in the FY2026 NDAA.
  • Competitive context: Shield AI's raise follows Anduril's $1.5B round in January — the AI defense sector is in a capital formation sprint ahead of anticipated DoD budget expansion in FY2027.
Read Analysis →

Meta Cuts 700, Grants Four Execs Up to $921M Each in Stock

Meta simultaneously announced approximately 700 layoffs concentrated in Reality Labs, recruiting, and non-AI sales — and filed SEC disclosures revealing retention stock packages of up to $921M per executive for CFO Susan Li, CTO Andrew Bosworth, CPO Christopher Cox, and COO Javier Olivan vesting over five years. The contrast crystallizes Zuckerberg's all-in AI pivot.

  • Reality Labs headcount recycled into AI: Meta's second round of Reality Labs cuts in 2026 (first: 10% of the unit in January); displaced headcount is being absorbed by Meta Superintelligence Labs.
  • Alexandr Wang leads Meta Superintelligence Labs: Following Meta's $14.3B acquisition of Scale AI, Wang joined as head of the lab — the $921M retention packages lock in the senior leadership supporting his mandate.
  • $169B 2026 cost forecast unchanged: Meta reaffirmed record capital expenditure guidance; AI infrastructure (data centers, custom silicon MTIA, power procurement) accounts for the majority of spend.
  • EU regulatory scrutiny: The simultaneous layoff-and-exec-windfall disclosure is drawing attention under the Corporate Sustainability Reporting Directive Article 9 — potential social governance compliance issues in the EU.
CNBC Coverage →

GitHub Copilot 50% Faster + Dependabot npm Malware Detection

GitHub's late-March changelog drops two significant improvements: Copilot's agentic mode initializes 50% faster — eliminating the main friction point in async coding workflows — and Dependabot gains active malware detection for npm packages, a direct response to the wave of supply chain attacks through Q1 2026.

  • Copilot agent 50% faster cold-start: Initialization time reduction applies to both VS Code and JetBrains IDE integrations; cited as the top friction point in GitHub's Q1 developer experience survey.
  • Dependabot npm malware scanner: Scans package manifests against a curated malware signature database and flags known-malicious packages before they enter lock files — critical after the TeamPCP WAV steganography npm attack last week.
  • 28 new secret scanning providers: March additions include Vercel, Snowflake, Supabase, and Lark tokens, with validity checks now live for DeepSeek and Pinecone API keys.
  • 39 push-protection detectors default-on: GitHub enabled push protection by default for 39 secret types — blocks accidental credential commits before they reach remote history on push.

Enable today: Go to Settings → Code security → verify Dependabot version updates and secret scanning are active on all repositories, especially those with npm workspaces.

GitHub Changelog →

White House AI Policy Framework Targets 38 State Laws for Federal Preemption

The Trump administration's National Policy Framework for Artificial Intelligence — released March 20 and generating intense enterprise legal analysis through month-end — proposes a "light-touch" federal regime explicitly designed to preempt the patchwork of 38 state AI laws enacted in 2026. Priority domains include child safety, digital replicas (deepfakes), and AI infrastructure build-out.

  • Federal preemption of 38 state laws: If enacted, enterprises would face a single federal compliance standard instead of managing divergent requirements across California, Colorado, Texas, New York, and 34 other states.
  • FTC AI policy statement in scope: The FTC issued its AI policy statement by the March 11 federal deadline; the framework aligns with FTC's existing deceptive-practices authority rather than introducing new rulemaking.
  • Child safety and deepfake carve-outs: The framework explicitly preserves state authority for child online safety and non-consensual intimate imagery (NCII) — the two areas with the broadest bipartisan support in Congress.
  • Infrastructure deregulation emphasis: Data center permitting and AI power grid expansion are framed as national security imperatives — potentially accelerating EPA waiver processes for new builds in constrained markets.
WilmerHale Analysis →

💱 Currency Exchange

1 USD = ₹83.61
↑ 0.08% from yesterday

Rupee holds near 3-month high as FII inflows continue into Indian tech equities.

📈 Crypto Market

BTC
$87,240
+1.2%
ETH
$3,180
-0.6%
DOGE
$0.1842
+2.1%
SHIB
$0.0000247
+0.8%

Share this article:

🚀 Tech News Delivered Daily

Stay ahead of the curve with our daily tech briefings.