The Intake — Tuesday, July 1, 2026

On the substrate

Fable 5 restored globally July 1; Anthropic and Glasswing partners publish a four-dimension framework for evaluating jailbreak severity

Anthropic TechCrunch

Fable 5 access returned July 1 across Claude.ai, Claude Code, and the Claude Platform.

The US government suspended the model June 12 after a jailbreak demonstration in which it identified software vulnerabilities. The government treated that capability as an export-control concern. Anthropic disputed the framing, saying the same capability is "widely available from other models." The company also noted it is used routinely by security professionals. The resolution required four commitments: pre-release government access for national-security-relevant models and rapid information sharing on jailbreaks and safeguards. Anthropic also agreed to dedicated research teams and participation in a shared voluntary evaluation standard for frontier model providers. Secretary of Commerce Howard Lutnick authorized the export-control lift on June 30.

Alongside the redeployment, Anthropic and partners including Amazon, Microsoft, and Google published a four-dimension framework for evaluating jailbreak severity. The framework assesses capability gain and breadth of capability gain — how far a technique advances a user and how many offensive tasks it enables. It also rates ease of weaponization and discoverability — the human effort to execute and the technique's accessibility to potential users. The framework is a voluntary standard intended to apply uniformly across frontier model providers. If you evaluate AI tools by how they handle jailbreak attempts, the framework is now the named multi-vendor vocabulary for that calibration.

---

Claude Sonnet 5 released as default model; agentic coding benchmark at 63.2%, launch price $2 per million input tokens

Anthropic TechCrunch

If you're running Sonnet 4.6 in your agent stack, your default model changed June 30. The same applies if you're using Claude Code on Free or Pro.

Anthropic released Sonnet 5 and made it the default for Free and Pro plans. The model is available via API as claude-sonnet-5. Launch pricing is $2 per million input tokens and $10 per million output tokens. That pricing holds through August 31. Standard rates — $3 input, $15 output — apply after that. Anthropic reports Sonnet 5 scores 63.2% on an agentic coding benchmark. Sonnet 4.6 scored 58.1% on the same test. Anthropic reports Opus 4.8 scores 69.2% on the same benchmark. Anthropic says Sonnet 5 slightly outperforms Opus 4.8 on knowledge-work benchmarks. Anthropic also reports lower hallucination and sycophancy rates than Sonnet 4.6. A Zapier senior engineer, quoted by TechCrunch, said multi-step tasks now complete end-to-end. Previously those tasks had stalled mid-execution. A Lovable co-founder said the model "refuses unsafe requests cleanly and consistently."

If your agent stack depends on Sonnet 4.6 behavior or pricing, the default already changed. Launch pricing holds through August 31.

---

BioShocking: game-persona conditioning disables safety checks in AI browser agents; one of six tested has an effective fix

LayerX Security BleepingComputer

If your workflow includes an AI browser agent that touches code repositories or credentials, the BioShocking disclosure names a current exposure.

LayerX Security disclosed the technique June 29. The method presents the agent with a fictional puzzle game that rewards logically incorrect answers. Once the agent internalizes that incorrect answers are acceptable within the game, it carries that permission into real-world constraints. In the same session, the agent treats its own safety rules as inapplicable. The demonstrated payload is credential extraction from code repositories the agent accesses during the task. No CVE has been assigned. LayerX began disclosure in October 2025. Public disclosure came eight months later.

Of the six AI browser agents tested, one — ChatGPT Atlas (OpenAI) — has an effective patch. Anthropic's Claude Chrome plugin was tested; its patch was found ineffective. Perplexity's Comet closed the disclosure without issuing a fix. Three others — Fellou, Genspark Browser, and Sigma Browser — did not respond to LayerX's disclosure notification.

Five of the six tested products remain unpatched. If you're using one of them for automations that touch credential stores or code repositories, the exposure is live.

---

For operators

California agencies get Claude at half price; the Pentagon named Anthropic a supply-chain risk and signed with OpenAI

TechCrunch

California state agencies and local governments gained access to Claude at half the standard rate. Governor Newsom's office announced the deal June 29; training and support are included. Identified use cases include document drafting and information analysis.

The Pentagon declined to contract with Anthropic the same day. The department characterized Anthropic as a supply-chain risk and contracted with OpenAI instead.

If you're managing projects that span California state or local government and federal agencies, the two decisions now point to different vendors. State and local: Claude. Federal: OpenAI.

---