Good morning. You’re starting a new week. Here’s what changed while you were away—and what you need to act on before Friday.

1. Per-Seat Pricing Is Dead. Your Contract Model Isn’t.

What happened: Jefferies slashed Workday’s price target by 54% on fears that AI will collapse per-seat SaaS revenue. Workday then beat earnings. The market is pricing in disruption that enterprises aren’t seeing yet.

Why this matters: Your SaaS vendors are panicking about AI cannibalization. That panic creates leverage. If you’re renewing contracts in Q2-Q3, you have an opening to renegotiate pricing models (outcome-based, usage-based, hybrid) before vendors figure out their AI strategy.

What to do: Don’t renew on autopilot. Ask: “If your AI cuts my seat count by 30%, how does our contract adapt?”

Read my full analysis on the SaaSpocalypse →

2. Shadow AI Just Got Measured at Scale

What happened: Harmonic Security analyzed 22.4 million enterprise AI prompts.
Result:

• 665 distinct AI tools operating in corporate environments.

• Only 40% of companies had purchased official subscriptions.

• 98,034 instances of sensitive data on personal free-tier accounts.

Why this matters: The “80% shadow AI” stat everyone quotes just got evidence. But here’s the buried insight: healthcare orgs that deployed approved AI saw 89% reduction in shadow usage. The problem isn’t that employees use AI. It’s that IT can’t compete with frontier model UX.

What to do: Stop blocking. Start matching. If your approved tool is slower or more restricted than the free tier, you’ve already lost.

3. IBM Terraform Pricing: March 31 Deadline is Real

What happened: IBM’s acquisition of HashiCorp completed Feb 27. Legacy Terraform Cloud free tier (500 resources) discontinued. New pricing: $0.10-$0.99/resource/month. March 31 cutoff for existing free-tier users.

Why this matters: If you’re running 10,000 resources on Premium tier, your annual bill just hit $118,800. Migration risk (state files, team retraining, compliance recertification) is a 6-12 month project. Most teams will absorb the cost rather than migrate. IBM knows this.

What to do: If you’re staying, negotiate now (volume discounts, multi-year lock-in for price protection). If you’re leaving, OpenTofu (open-source fork) is drop-in compatible but requires self-hosting infrastructure. More on this coming soon.

4. a16z Top 100 AI Apps: Your Enterprise Roadmap Just Dropped

What happened: a16z published their March 2025 Top 100 Gen AI Consumer Apps report. ChatGPT dominates (2B monthly visits, 5x larger than #2). Character.AI users average 298 sessions/month (nearly 10x daily). Productivity tools and AI companions are the fastest-growing categories.

Why this matters: Consumer AI adoption patterns predict enterprise worker demands within 12 months. Your employees are using these tools at home. When they come to work Monday and your enterprise AI can’t match the UX, they bring their own tools anyway.

What to do: Treat the a16z list as a preview of your workforce’s expectations. Productivity tools that embed in existing workflows (Chrome extensions) beat standalone apps. Plan accordingly.

5. Vectra AI: 80% Shadow AI + 20% Breach Rate

What happened: Vectra AI’s Shadow AI report (March 2) confirmed 80%+ enterprises have widespread unauthorized AI usage. 20% have experienced a data breach linked to unsanctioned AI tools. Average breach premium: $670,000 (IBM 2025 Cost of Data Breach Report).

Why this matters: Gartner says 69% of employees bypass cybersecurity guidance. Adding more controls doesn’t reduce shadow AI—it just makes it invisible. The BYOD playbook applies: prohibition failed 2010-2015, managed enablement won.

What to do: Minimum Effective Friction > Maximum Control. Give employees AI that works, with guardrails baked in. Gartner predicts 50% of CISOs adopt “human-centric security design” by 2027. Get ahead.

6. Multi-Agent Infrastructure: The Missing Control Plane

What happened: Galileo released Agent Control on March 11, an open-source control plane (Apache 2.0) that lets enterprises enforce AI agent policies centrally—no more hard-coding guardrails into each agent. Launch partners include Cisco, CrewAI, AWS Strands, Glean, and ServiceNow. Zilliz open-sourced Memsearch on March 14—a Markdown-based memory system extracted from viral project OpenClaw. 900 GitHub stars in 48 hours.

Why this matters: If you’re running one AI agent, you hard-code policies and wing the memory. If you’re running 10, you need infrastructure. Agent Control solves governance—one decorator (@control()) turns any function into a policy-enforced decision point. Update PII detection across 50 agents with zero code changes. Memsearch solves continuity—agents that forget context every session are toys, not tools. Markdown files mean human-readable, version-controlled memory.

What to do: Deploying 5+ agents? Start with Agent Control (centralized policies) and Memsearch (persistent memory). They’re the service mesh + database for your agent fleet. Both are open-source (Apache 2.0, MIT)—no vendor lock-in.

The Signal You Might Have Missed

Microsoft quietly validated Anthropic’s entire strategy when Copilot Cowork (their biggest 2026 product launch) shipped with Claude, not GPT-5.x. $13 billion into OpenAI, but the product runs on Anthropic.

Why? Claude Code already has 4% of GitHub commits. Microsoft is betting that developers trust Anthropic for work AI more than OpenAI. That’s an “Intel Inside” moment.

Watch where Microsoft deploys Claude next. It’s your roadmap for which AI vendor your board will approve in 2027.

One Question to Start Your Week

Which of these signals is on your plate this week?

Reply and let me know. I read every response and your answers shape next Monday’s edition.

—Karthik

Next waypoint: Monday, March 24

This is a new weekly series. What signals should I track? Reply and let me know.