Tech Bytes Logo Tech Bytes
Home / Tech Pulse / Mar 29, 2026
Morning Edition AI / Security / Geo March 29, 2026

Tech Pulse Daily — March 29, 2026

Anthropic wins a First Amendment injunction against the Pentagon; a PandasAI CVE batch (CVSS 7.3) lands alongside four more high-severity vulns; SMIC allegedly supplied chipmaking tools to Iran's military; Google Gemini 3.1 Pro leads 13 of 16 benchmarks with a ChatGPT migration tool; Rowspace closes $50M to bring AI to private equity.

Dillip Chowdary

Dillip Chowdary

Tech Bytes · Morning Edition · March 29, 2026

Today's Top Highlights

  • ⚖️Anthropic Wins DoD Injunction: Federal judge grants Anthropic a preliminary injunction against the Department of Defense citing First Amendment retaliation — a landmark ruling for AI companies contesting government procurement.
  • 🚨PandasAI CVE Batch Published: CVE-2026-4996 (CVSS 7.3) affecting PandasAI ≤0.1.4 leads a batch of five high-severity CVEs published March 28 — update all AI library dependencies immediately.
  • 🇨🇳SMIC Supplied Iran's Military: Trump administration officials say China's SMIC transferred chipmaking equipment and training to Iran's military-industrial complex over ~12 months, escalating secondary sanctions pressure.
  • 🤖Gemini 3.1 Pro Leads 13 Benchmarks: Google's Gemini 3.1 Pro tops 13 of 16 major benchmarks and adds a ChatGPT conversation history import tool — the most aggressive competitive move yet to pull users from OpenAI.
  • 💰Rowspace Raises $50M (Sequoia + Stripe): AI finance platform for private equity and credit firms closes Series A; former Notion CTO Michael Manapat leads the company targeting 7-figure ACV enterprise contracts.

Anthropic Wins Preliminary Injunction Against DoD — First Amendment Retaliation Ruling

A federal judge granted Anthropic a preliminary injunction against the Department of Defense, ruling that the government engaged in First Amendment retaliation against the company. The ruling is extraordinary: it marks the first time a major AI company has successfully challenged a government procurement decision on constitutional grounds, signaling that courts are increasingly willing to scrutinize AI policy enforcement.

  • First Amendment retaliation precedent: The court found sufficient evidence that the DoD withheld or canceled contracts with Anthropic in response to the company's public statements on AI safety regulation — a retaliatory action that implicates protected speech.
  • Competitive context: The ruling follows Anthropic's vocal opposition to the Biden-era Pentagon AI procurement framework and disagreements over Responsible AI use clauses that Claude would be required to comply with in defense deployments.
  • Injunction scope: The preliminary injunction bars the DoD from excluding Anthropic from future procurement processes pending a full trial — a significant operational win that preserves Anthropic's access to the federal market.
  • Industry implications: The case is being closely watched by OpenAI, Google DeepMind, and Palantir — all of which have complex government relationships — as it sets a potential template for AI companies to push back on politically motivated exclusions.
CNBC Court Ruling Coverage →

PandasAI CVE-2026-4996 Batch — Five High-Severity AI Library Vulns Published

ACTION REQUIRED: Update PandasAI immediately

CVE-2026-4996 (CVSS 7.3) affects Sinaptik AI PandasAI ≤0.1.4. Four additional High-severity CVEs (CVE-2026-5000 through 5004) were published in the same batch on March 28. No confirmed public exploits yet.

A batch of five high-severity CVEs was published March 28 targeting AI development libraries, led by CVE-2026-4996 in Sinaptik AI's PandasAI — a widely-used library that enables natural language queries over Pandas DataFrames. The vulnerabilities affect the code execution sandbox that PandasAI uses to run LLM-generated Python, a high-risk attack surface in any multi-tenant AI pipeline.

  • CVE-2026-4996 (CVSS 7.3, PandasAI ≤0.1.4): The vulnerability exists in the code execution pathway — an attacker with input control over a PandasAI query could potentially escape the sandbox and execute arbitrary Python on the host. Affects all deployments serving untrusted user input.
  • CVE-2026-5000 through 5004: Co-published batch covering additional AI libraries; specific library names and CVSS scores pending full NVD analysis. All rated High severity by the initial disclosing researchers.
  • Remediation: Upgrade PandasAI to 0.1.5 or later immediately. If immediate patching is not possible, restrict the PandasAI endpoint to authenticated internal users only and disable direct user-controlled query input.
  • Broader AI library risk: The disclosure is part of an accelerating trend — security researchers are systematically auditing LLM-adjacent Python libraries for sandbox escape and prompt injection vulnerabilities as AI pipelines enter production.

Quick fix: pip install pandasai --upgrade — verify version with pip show pandasai. Review any code that passes untrusted user strings directly to the PandasAI SmartDataframe.chat() method.

NVD Entry CVE-2026-4996 →

SMIC Supplied Chipmaking Tools and Training to Iran's Military — Secondary Sanctions Escalation

Senior Trump administration officials told multiple outlets that SMIC — China's largest chipmaker, on the US Entity List since 2020 — transferred semiconductor manufacturing equipment and provided hands-on technical training to Iran's military-industrial complex over approximately 12 months. The disclosure is expected to trigger a new round of secondary sanctions and marks a significant escalation in US-China-Iran technology controls enforcement.

  • Sanctions implications: If the transferred equipment includes components of US origin — even in third-country tools manufactured using US technology — SMIC may face additional designations under the Export Administration Regulations and secondary sanctions targeting foreign buyers of Iranian military tech.
  • Entity List history: SMIC was blacklisted in December 2020 for its alleged ties to China's military. It is currently restricted from acquiring US-origin items above 10nm node thresholds without individual export licenses.
  • Training as a sanctions vector: The allegation that SMIC provided technical training (not just hardware) is significant — US law can reach "service" transfers as well as physical goods, potentially broadening the exposure.
  • Supply chain impact: Fabless chip companies sourcing from SMIC for non-advanced nodes face new compliance pressure to audit whether their SMIC relationship exposes them to secondary sanctions risk.
Tom's Hardware Coverage →

GitHub Copilot Coding Agent: 50% Faster, PR CI Fixes & Enterprise Usage Metrics

GitHub's late-March Copilot changelog is the most developer-facing set of agent improvements since Copilot Workspace launched. The three key changes — 50% faster startup, autonomous CI fix loop via @copilot mentions in pull requests, and enterprise-grade usage dashboards — together make the coding agent a first-class participant in the PR review lifecycle rather than an isolated coding assistant.

  • 50% faster cold-start: Agent initialization time cut by half — the fix applies to both VS Code and JetBrains integrations and was the top friction point in GitHub's Q1 developer experience survey among enterprise Copilot users.
  • @copilot in PRs fixes failing CI: Mentioning @copilot in a pull request comment triggers the agent to spin up an ephemeral dev environment (powered by GitHub Actions), diagnose failing workflows, apply fixes, and push a commit — no context switching to the developer's local machine required.
  • Session log UI with subagent HUD: A new collapsible activity view shows every step the coding agent took in its ephemeral environment, improving auditability and making it easier to spot where the agent diverged from intent.
  • Enterprise usage metrics: Admins get dedicated columns in Copilot usage reports showing per-user Coding Agent activity on daily and 28-day rolling windows — critical for justifying Copilot Enterprise license spend to procurement.
GitHub Changelog →

Google Gemini 3.1 Pro Leads 13 Benchmarks + ChatGPT History Import

Google added a ChatGPT conversation history import tool to Gemini — available to free and paid users — letting developers and power users carry prior AI context and prompt preferences when switching platforms. The feature coincides with Gemini 3.1 Pro's benchmark dominance (first place in 13 of 16 major categories) and the general availability of Gemini Code Assist at no charge for individual developers.

  • ChatGPT import: Users upload a ZIP export of their OpenAI conversation history; Gemini indexes it to inform future responses with prior context. Supports conversation history from other "competing AI providers" per Google's phrasing.
  • Gemini 3.1 Pro benchmark leadership: Tops 13 of 16 evaluated categories — the specific benchmarks where it leads include coding (HumanEval+), scientific reasoning (GPQA), and long-context tasks (ZeroScrolls). GPT-5.4 and Claude Opus 4.6 lead the remaining three.
  • Gemini Code Assist GA (free tier): Individual developers can now use Gemini Code Assist at no cost, with 180,000 monthly code completions and access to the 1M-token context window — a direct competitive counter to GitHub Copilot's paid-only tier.
  • Migration strategy signal: The ChatGPT import tool is the most direct anti-churn feature Google has built — targeting the large segment of users who have accumulated significant prompt history and system prompt context on OpenAI's platform.
Bloomberg Coverage →

Rowspace Raises $50M from Sequoia & Stripe — AI Decision Intelligence for Private Equity

Rowspace, founded by former Notion CTO Michael Manapat and two-time CFO Yibo Ling, launched publicly with $50M in funding co-led by Sequoia and Emergence Capital. The platform turns a private equity or credit firm's entire historical data corpus — deal memos, IC notes, portfolio company reports, email threads — into an AI-queryable decision intelligence layer that answers analysts' questions wherever they work.

  • $50M across Series A + seed: Sequoia and Emergence Capital led; Stripe, Conviction, and Basis Set co-invested. Offices in San Francisco and New York; ~10 enterprise customers at 7-figure annual contract values.
  • Former Notion CTO as founder: Manapat brings direct experience building large-scale knowledge management infrastructure — Rowspace's core technical challenge is exactly that: indexing decades of unstructured institutional knowledge at sub-second query latency.
  • Defensible data moat thesis: Unlike horizontal RAG platforms, Rowspace's value scales with each firm's proprietary data corpus — the more historical data indexed, the harder the system is to replace, creating a classic vertical SaaS lock-in dynamic.
  • Finance AI market context: Rowspace competes with Harvey (legal AI) and Hebbia as vertical AI plays targeting knowledge-intensive professional services firms where LLM accuracy on proprietary context directly drives deal outcomes.
Fortune Coverage →

White House AI Policy Framework: Enterprise Compliance Implications for Q2 2026

The Trump administration's National Policy Framework for AI (released March 20) is generating deep Q2 compliance planning across enterprise legal teams. The framework is non-binding but functions as the legislative blueprint the White House will push to Congress — and its federal preemption proposal, if enacted, would dissolve compliance obligations under 38 state AI laws currently on the books or in force.

  • Non-binding but actionable: WilmerHale, Cooley, and Mondaq all advise enterprises to map current state-law exposure now — the preemption could eliminate obligations overnight if Congress acts, but the window for state-level compliance enforcement remains open until then.
  • Regulatory sandbox provision: The framework calls for time-limited sandboxes where companies can deploy AI systems without full compliance liability — a potential fast-track mechanism for regulated industries (healthcare, finance, energy) to pilot high-stakes AI.
  • No new federal AI regulator: The framework explicitly rejects creating a dedicated AI oversight agency, instead relying on existing sector regulators (FTC, SEC, FDA, CISA) with sector-specific AI guidance issued through normal rulemaking channels.
  • March federal compliance deadlines: The FTC's AI policy statement (issued March 11) and pending agency guidance updates are creating a dense Q1/Q2 deadline cluster for companies with regulated AI products in financial services and healthcare.
WilmerHale Full Analysis →

💱 Currency Exchange

1 USD = ₹83.58
↓ 0.04% from yesterday

Rupee steady near 3-month high; India's March Nikkei PMI at 59.1 keeps FII inflows intact.

📈 Crypto Market

BTC
$88,150
+1.0%
ETH
$3,210
+0.9%
DOGE
$0.1818
-1.3%
SHIB
$0.0000249
+0.8%

Share this article:

🚀 Tech News Delivered Daily

Stay ahead of the curve with our daily tech briefings.