The Intake
The Intake — Wednesday, July 2, 2026
On the substrate
Fable 5 returns after a 19-day export-control suspension; Anthropic opens a HackerOne bug bounty for jailbreaks
Anthropic CNBC The Hacker News
Fable 5 returned globally on July 1, ending a 19-day export-control suspension.
Anthropic suspended global access to Fable 5 and Mythos 5 on June 12. That was three days after launch. Amazon researchers had demonstrated a prompt technique that caused the model to generate exploit code for software vulnerabilities. The US Commerce Department withdrew the export-control license requirement on June 30. Anthropic says a new safety classifier blocks the technique in over 99% of cases. Queries that hit the classifier route to Claude Opus 4.8 rather than returning an error. Mythos 5 remains restricted — available only to approximately 100 US critical infrastructure entities. Alongside the return, Anthropic launched a HackerOne bug bounty program for Fable 5 jailbreaks. Anthropic also published a four-criteria framework for scoring jailbreak severity.
If you run security testing against frontier models, the HackerOne program is now the formal reporting channel for Fable 5. The four-criteria framework is the named vocabulary for scoring jailbreak technique severity.
---
MCP server responses and poisoned web search results can escape Cursor's sandbox and run code on your host machine
If you use Cursor IDE with MCP servers connected or with web search enabled during sessions, Cato AI Labs disclosed two vulnerabilities this week. Both let crafted input escape the IDE sandbox and run commands directly on your host machine.
The first flaw, CVE-2026-50548, abuses Cursor's working-directory write allowlist. The exploit overwrites the sandbox helper binary. That removes sandboxing for the session entirely. The second flaw, CVE-2026-50549, exploits a symlink resolution check. The check fails silently when the target path is missing. That allows writes outside the project boundary. The attack vector for both is crafted MCP server responses or poisoned web search results. Neither flaw requires any user interaction to trigger execution. Both carry a CVSS score of 9.8. Cato AI Labs named the disclosure DUNESLIDE. The patch is Cursor 3.0, released April 2, 2026.
If you're running Cursor below version 3.0, the attack surface is active. Both CVEs and the full technique are now public.
---
MCP publishes beta SDKs targeting a July 28 stateless spec; the session handshake is removed entirely
Model Context Protocol Blog WorkOS
If your MCP server implementation relies on the Mcp-Session-Id header or the initialize/initialized handshake for state, the July 28 spec removes both.
The MCP team published beta SDKs on June 29. The release candidate targets July 28 as the final spec date. The headline change is a stateless core: client capabilities now travel in _meta on every request. Any server instance can then handle any request without sticky sessions or shared session stores. The spec also introduces a formal Extensions framework using reverse-DNS identifiers. Long-running async Tasks move from an experimental core feature to an extension. SDK maintainers have a 10-week migration window from the May 21 release candidate publication.
If you're building or maintaining an MCP server, the beta SDK is available now. If your implementation depends on session state or the initialize handshake, the migration window from May 21 closes in late July.
---
OpenAI announces Sol, Terra, and Luna; limited preview now, general availability expected this week
OpenAI announced GPT-5.6 on June 26. The flagship model, Sol, is in limited preview now.
The family includes Sol, Terra, and Luna — flagship, balanced, and fast/low-cost tiers. The preview is limited to approximately 20 partner organizations. Their participation was shared with the US government. That falls under the June 2 executive order on voluntary frontier model review. OpenAI stated the preview restrictions should not become a long-term norm. Sol introduces a "max reasoning effort" mode and an "ultra mode." The ultra mode deploys subagents during a task. OpenAI says Sol reaches up to 750 tokens per second on Cerebras infrastructure. OpenAI reports Sol sets a new state of the art on Terminal-Bench 2.1. General availability is expected in the July 2–10 window per analyst tracking.
If you're not in the preview cohort, general availability is expected within the week. Terra and Luna — the balanced and fast-tier options in the same family — follow alongside.
---
For operators
Godot Engine bans AI-authored code and autonomous agent contributions from project repositories
If you maintain an open-source project that accepts community contributions, the Godot Foundation's July 1 amendment names where review burden lands when contributors can't explain or fix the code they submit.
The Foundation amended its contributor guidelines on July 1. The policy prohibits AI-generated code in pull requests and submissions by autonomous AI agents. It also prohibits AI-generated text in maintainer communication. Permitted exceptions are single-line completion, regex help, debugging lookups, and translation assistance. Each requires disclosure. New contributors — those with three or fewer merged pull requests — must obtain explicit maintainer permission before submitting. That applies to new features and significant refactoring. The Foundation attributed the policy to a rising volume of AI-assisted contributions that maintainers described as "increasingly draining and demoralizing" to review. The decision names who bears the review burden when contributors rely on AI they cannot fully explain or fix.
If you're weighing a similar policy for your project, the Godot amendment is the most recently published template for where to draw that line and how to exempt low-risk uses.
---
Article 50 of the EU AI Act activates August 2; high-risk system deadlines deferred to 2027–2028
European Commission EU AI Act Service Desk
If you haven't checked whether your deployment triggers EU Article 50 transparency obligations, August 2 is now four weeks away.
Article 50 requires any public-facing AI system that could be mistaken for a human to disclose it is an AI. It also requires labeling of AI-generated audio, video, and images. General-purpose AI model providers must demonstrate compliance with the GPAI Code of Practice as of August 2. Equivalent measures satisfy the requirement. The EU AI Office gains enforcement and penalty powers then. Maximum fines reach 7% of global annual turnover. The cap is EUR 35 million. Annex III high-risk system obligations were deferred under the Digital Omnibus provisional agreement. Standalone high-risk systems must comply by December 2, 2027. Systems embedded in Annex I products have until August 2, 2028.
If your deployment is EU-facing and includes a public-facing AI interface, August 2 is the trigger date for Article 50. If you use a general-purpose AI model provider, their GPAI compliance status with the EU AI Office is a factor as of the same date.
---