Tech Digest – March 29, 2026

Cybersecurity After Autonomous 0-Days

Anthropic’s Claude Found 500+ Zero-Day Vulnerabilities — The 90-Day Disclosure Window May Not Survive

Anthropic researcher Nicolas Carlini demonstrated autonomous zero-day discovery live on stage, with Claude finding a blind SQL injection in Ghost — a publishing platform with 50,000 GitHub stars and no prior critical security vulnerability in its history — in 90 minutes. The broader research is more dramatic: Anthropic’s Frontier Red Team pointed Claude Opus 4.6 at production open-source codebases with nothing more than a VM and standard tools, harvesting over 500 validated high-severity vulnerabilities, including a 23-year-old Linux kernel bug and a FreeBSD remote root exploit written autonomously in four hours. In a collaboration with Mozilla, Claude found 22 vulnerabilities in Firefox, one flagged within 20 minutes of first contact with the codebase. Separately, Linux kernel maintainer Greg Kroah-Hartman reports that AI-driven security reporting has “really jumped” across all open source projects in the past month — the defensive side is already feeling the volume.

Note: The 90-day disclosure window assumes human-speed discovery. When a single model finds 500 vulnerabilities in production codebases — including one that hid from human reviewers for 23 years — the question for any institution running open-source infrastructure is not whether to patch faster. It’s whether the entire disclosure and patching cycle, as currently structured, still works.

Sources: Anthropic Red Team, SC Media, The Register

AI Outpaces Its Own Benchmarks

GPT-5.4 Scores 95% on the 2026 US Mathematical Olympiad — Last Year, Models Scored Below 5%

GPT-5.4 achieved 95% on USAMO 2026, essentially saturating a benchmark that broke every frontier model just twelve months ago. The gap to other models remains large: Gemini 3.1 Pro scored 74%, Claude Opus 4.6 reached 47%, and the strongest open model, Step-3.5-Flash, managed 45%. USAMO tests original mathematical proof construction at the Olympiad level — not calculation, not pattern matching, but novel reasoning. The result arrives as three frontier models — GPT-5.5, Claude 5 Mythos, and DeepSeek-V4 — are widely anticipated to launch in April, a triple release that would represent the most concentrated capability jump in AI history.

Note: From near-zero to near-saturation in twelve months. Whatever planning assumptions an institution holds about AI capability timelines — for procurement, workforce development, or digital strategy — the gap between “AI cannot do this” and “AI does this better than almost all humans” is now measurable in months, not years.

Sources: MathArena (USAMO 2026), OfficeChai

Robotics Becomes Geopolitical

China’s Agibot Ships Its 10,000th Humanoid Robot — US Senators Introduce Bill to Ban Government Use

Agibot rolled out its 10,000th humanoid robot in late March, doubling from 5,000 in just three months — a 4× acceleration in production speed compared to the previous phase. The company, which ranked first globally in humanoid robot shipments in 2025, is deploying across logistics, retail, hospitality, manufacturing, and education, with units now reaching Europe, North America, Japan, South Korea, and the Middle East. The geopolitical response is following close behind. US Senators Tom Cotton and Chuck Schumer introduced the bipartisan American Security Robotics Act, which would bar federal agencies from purchasing or operating humanoid robots made by Chinese companies, citing backdoor access and data exfiltration risks. A House companion bill from Representative Elise Stefanik is expected.

Note: Agibot units are already deploying in Europe. The US is legislating a procurement ban. The EU has no equivalent restriction under discussion — and no comparable production scale to offer as an alternative. The window between “this is an interesting trend” and “we need a policy position” is closing faster than institutional review cycles typically allow.

Sources: PR Newswire (Agibot), The Robot Report, Reuters, The Hill

Biology Becomes a Compile Target

Anthropic Tests a Desktop Biology Lab While Living Pharmacy Implants Work in Rats

Anthropic is testing Claude Operon, a dedicated desktop mode for biology and health research discovered inside the Claude desktop app in late March. Operon is not a chatbot with biology prompts — it is a separate research workspace supporting CRISPR screen design, single-cell RNA analysis, phylogenetic trees, and protein language models, with persistent project sessions and local file system access. In parallel, researchers published the first integrated framework for how epigenetic regulation controls aging (Nature), mapping the mechanisms that could eventually make senescence an engineering target. And Northwestern scientists created HOBIT, a “living pharmacy” implant that kept engineered cells alive inside rats for a month while simultaneously dosing three drugs, including a GLP-1 medication — a step toward biologics that manufacture themselves inside the patient.

Note: When the leading AI lab builds a dedicated biology workstation — not a chat feature, but a research environment with CRISPR tools and persistent sessions — it signals how fast life sciences research infrastructure is being rebuilt around AI. Health authorities and research funders are operating in a field where the tooling changes quarterly.

Sources: TestingCatalog, Nature, Gizmodo

Energy & Infrastructure at Scale

First Steel Goes Up at Stargate’s Michigan Data Centre

OpenAI CEO Sam Altman confirmed that the first steel beams went up at the Michigan Stargate data centre site, a joint project with Oracle and Related Digital. Stargate is among the largest AI infrastructure projects in the US. The transition from announcement to structural steel marks a capital commitment that is now physical, not financial — a harder thing to reverse and a louder signal about expected demand.

Sources: Sam Altman

South Korea Mandates Solar on All Public Parking Lots Over 1,000 m²

South Korea’s amended Renewable Energy Act, in force since late November 2025, requires all public parking lots larger than 1,000 m² to install at least 100 kW of renewable energy capacity — overwhelmingly solar panels. The mandate applies retroactively to existing facilities operated by central and local governments, not just new builds. Facility owners can install panels directly or lease space to external operators, providing compliance flexibility without weakening the requirement.

Note: The retroactive application is the detail worth studying. This is not a building code for new construction — it mandates upgrades to existing public infrastructure with clear thresholds, flexible compliance paths, and no exemptions for legacy facilities. For EU municipalities exploring their own renewable energy mandates under the Energy Performance of Buildings Directive, the Korean model is a concrete template.

Sources: pv magazine, Reuters

US Microreactor Programme Targets 3–4 Reactors at Criticality by July

The US Department of Energy’s reactor pilot programme could see three to four microreactors reach criticality by July 4, a Senate panel was told. Microreactors — factory-built, transportable nuclear units typically producing 1–20 MW — are being positioned as a flexible energy source for remote facilities, military installations, and the growing power demands of AI data centres.

Note: The US is moving microreactors from paper to criticality at military speed. The EU’s nuclear energy debate remains split along national lines. But energy demand from digital infrastructure does not wait for political consensus — and the institutions that secure reliable power first will set the pace for the next decade of digital services.

Sources: Exchange Monitor

The Optimizer’s Paradox

Chess Grandmasters Win by Playing Worse — While LLMs Push Everyone Toward the Same Conclusions

Chess grandmasters, all training on the same AI-generated optimal play, are now winning tournaments by deliberately playing suboptimal moves their opponents have not prepared for. When everyone studies the same perfect strategy, unpredictability becomes the competitive edge. In a parallel finding, research reported by the Financial Times shows that large language models elevate expert consensus and moderate positions — in sharp contrast to the populist polarization of social media. Two faces of the same phenomenon: AI is a convergence engine. In competitive contexts, the smart response is deliberate divergence. In governance and public consultation, the convergence toward expert reasoning may actually improve decision quality.

Note: When every institution runs analysis, drafts strategy, and prepares communications through the same AI models, outputs converge. The chess world is a live preview: competitive advantage shifts to whoever deliberately diverges from AI-recommended consensus. The governance finding suggests the opposite — that convergence may improve policy quality. Knowing which context you are in matters more than the tools you use.

Sources: Bloomberg, Financial Times