Signal
Anthropic shipped Claude Sonnet 5, priced for agents, not just chats. On June 30, Anthropic released Sonnet 5, a mid-tier model tuned for autonomous use: browsing, working in a terminal, and running long chains of steps without a human checking in after every reply. Anthropic says it approaches its own flagship Opus 4.8 on agentic-coding and computer-use tests at a fraction of the price ($2/$10 per million input/output tokens through the end of August). The number to watch isn’t the benchmark score, it’s the price. When capable agents get cheap enough to run constantly rather than occasionally, more of them will run with less human review in the loop. That’s a security and oversight question as much as a product one. Source: Anthropic, TechCrunch
OpenAI answered with a three-tier GPT-5.6 lineup: Sol, Terra, Luna. On July 9, OpenAI released Sol (flagship, $5/$30 per million tokens, aimed at coding, science, and security work), Terra (mid-tier default, $2.50/$15), and Luna (budget, $1/$6). OpenAI says Sol tops an independent coding-agent benchmark. The tiering itself is the story: both major labs are now competing on cost-per-completed-task, not just raw capability. If you build on these APIs, the budget tier is worth testing before defaulting to the expensive one. Treat any single benchmark chart, from any vendor, as marketing until an independent group reproduces it. Source: OpenAI, OpenAI
A token nobody revoked since 2022 led to a breach touching roughly 200 companies. Attackers got into market-intelligence vendor Klue using a credential issued for a limited pilot in 2022 that was simply never turned off. From there they pulled OAuth tokens (the digital keys apps use to act on your behalf in another service without knowing your password) and reached into customer Salesforce and cloud environments. LastPass, HackerOne, and Jamf were among the confirmed casualties; one extortion crew has since tried to shake down Klue’s own customers directly. The lesson generalizes past this one vendor: every integration you’ve ever approved for a partner tool is a standing door, and most organizations have no inventory of which ones are still open. Source: BleepingComputer, TechCrunch
DHS confirmed a breach of HSIN, the network that shares threat intel across federal, state, and local responders. The alerts had already fired twice. On July 1, the Department of Homeland Security confirmed intruders had been inside the Homeland Security Information Network for weeks, notably during a stretch of heightened attention around World Cup security coordination. The detail worth sitting with: internal alerts flagged the suspicious activity twice before the breach was confirmed, and both times they were dismissed as false positives. This wasn’t a detection failure. The detection worked. The response process didn’t. Source: BleepingComputer
An EU court told Apple its app stores are still a “gatekeeper” under the Digital Markets Act. On July 8, the EU General Court upheld the European Commission’s classification of Apple’s App Stores (iPhone, iPad, Mac, TV, Watch) as a single core platform service, meaning they stay subject to the DMA’s interoperability and competition rules. A separate, narrower challenge over iMessage was thrown out as inadmissible rather than decided on the merits. Apple can still appeal to the EU’s top court, but for now the practical rules around alternative app stores and payment systems for EU users hold. Source: Courthouse News
Noise
“Grok 4.5 is Opus-class.” Elon Musk’s framing spread fast after Grok 4.5’s rollout, but xAI’s own published chart shows it winning only two of the four benchmarks it highlighted against Claude Opus 4.8, and independent testers put it closer to fourth among frontier models, with a higher hallucination rate and one benchmark result withdrawn over contaminated test data. The evaluations backing the “Opus-class” claim were run in-house. Read the model’s own numbers before the headline built from them. Source: Let’s Data Science
AI, the seasoning you put on everything. Jersey Mike’s Subs, a sandwich chain, mentioned “artificial intelligence” 22 times in its IPO filing this week. Nobody thinks a hoagie needs a foundation model. It’s a clean, low-stakes tell that AI language has become something companies reach for by reflex, independent of whether it describes anything they actually do. Source: TechCrunch
One term, demystified
OAuth token. When you let one app or service act on your behalf inside another (a scheduling tool that reads your calendar, a vendor dashboard that pulls your support tickets), it usually doesn’t get your password. It gets an OAuth token instead: a piece of digital credential that says “this specific app can do these specific things, on this account, until revoked.” That’s a good design, right up until nobody remembers to revoke it. The Klue breach above happened because a token minted for a small 2022 pilot was still live and trusted years later. A token is only as safe as the list of who’s still holding one, and almost nobody keeps that list up to date.