Tech Brief
March 23, 2026
Your morning roundup of the most relevant technology and AI news. Curated by 312 IT Consulting.
JPMorgan reclassifies AI from experimental R&D to core infrastructure spending
JPMorgan Chase has officially moved its AI investments out of the "experimental R&D" category and into "core infrastructure" — signaling that the largest U.S. bank now considers AI essential operations technology, not a side project. The bank is focusing its AI spend on three areas: internal productivity through AI agents, hardening cybersecurity defenses against AI-driven threats, and personalizing retail banking experiences at scale.
Why it matters for your business: When one of the world's largest companies reclassifies AI as infrastructure — the same category as servers and networks — it tells you where the market is heading. Small businesses don't need JPMorgan's budget, but the principle applies: if AI is still a "nice to have" experiment in your organization, you're falling behind competitors who are baking it into daily operations. Start with one high-impact workflow — like building your first AI workflow — and measure the ROI.
Read more →Critical Langflow vulnerability exploited within 20 hours of public disclosure
A critical remote code execution flaw in Langflow (CVE-2026-33017) — an open-source framework used to build AI-powered applications — was actively exploited within just 20 hours of the vulnerability being publicly disclosed. Attackers used the flaw to gain full server access, install backdoors, and steal data from organizations running unpatched instances. Separately, CISA added five new security flaws affecting Apple devices, Craft CMS, and Laravel Livewire to its Known Exploited Vulnerabilities catalog, with a patch deadline of April 3.
Why it matters for your business: Twenty hours from disclosure to active exploitation is the new normal. If your team uses open-source AI tools, developer frameworks, or third-party CMS platforms, you need a patching process that moves in hours, not weeks. Make sure someone on your team monitors CISA's KEV catalog and your software vendors' security bulletins. If you don't have that capacity in-house, that's exactly the kind of gap a managed IT partner can fill.
Read the advisory →Microsoft Copilot SMB discounts expire March 31 — last chance for 35% off
Microsoft's limited-time promotions for small and mid-size businesses are ending on March 31, 2026. The offers include 15% off standalone Microsoft 365 Copilot for Business subscriptions and 35% off bundled Business Standard + Copilot packages. Microsoft is also pushing purpose-built go-to-market resources for SMB customers exploring Azure for the first time, and 157 new AI-powered solutions went live on the Microsoft Marketplace this month alone.
Why it matters for your business: If your team is already on Microsoft 365 and you've been considering Copilot, this week is the deadline to lock in a meaningful discount. The 35% bundle savings on Business Standard + Copilot is particularly compelling — it's one of the steepest SMB discounts Microsoft has offered on AI tooling. Not sure if Copilot is worth it for your team's workflows? Book a quick call and we'll help you evaluate the fit before the deadline hits.
See the March announcements →U.S. authorities disrupt botnets that infected more than 3 million devices worldwide
U.S. federal prosecutors announced the disruption of multiple botnets that had quietly infected more than 3 million devices globally — including routers, IoT devices, and business computers. The operation marks one of the largest recent cyber enforcement actions and involved coordination across multiple agencies. Separately, three individuals tied to Super Micro Computer were charged in an alleged scheme to divert high-end AI hardware to China through Southeast Asia.
Why it matters for your business: Botnets don't just target big companies — they recruit any device with weak credentials or outdated firmware, including the routers and smart devices in your office. If you haven't updated your router firmware recently, changed its default admin password, or inventoried IoT devices on your network, now is the time. Our cybersecurity checklist covers exactly what to check.
Read the full story →Ransomware-as-a-Service and AI-generated phishing are lowering the barrier for cyber attackers
The World Economic Forum's 2026 Global Cybersecurity Outlook warns that Ransomware-as-a-Service (RaaS) platforms are now enabling low-skill attackers to launch sophisticated campaigns against hospitals, government networks, and small businesses. Meanwhile, cybercriminals are increasingly using generative AI to create personalized phishing emails, deepfakes, and polymorphic malware that adapts to evade traditional detection tools. The report found that 87% of security leaders now identify AI-related vulnerabilities as the fastest-growing cyber risk.
Why it matters for your business: The "we're too small to be targeted" mindset is more dangerous than ever. When attackers can rent ransomware platforms and use AI to generate convincing phishing emails personalized to your employees by name, every business is a potential target. Invest in employee security awareness training, enable multi-factor authentication everywhere, and test your backup and recovery procedures now — not after an incident. Our disaster recovery guide walks through exactly how.
Read the WEF report →Put today's tech news to work for your business
312 IT Consulting helps small and mid-size businesses in Chicagoland cut through the noise and implement technology that actually moves the needle. Let's talk about what's relevant for you.
Book a Free Consultation