Frontier Weekly (Jul 12–18): Fable 5 Made Permanent, Kimi K3 Ships, and a Rough Week for Agent Safety
Every week Laojin watches 17 core AI sources and translates what matters into business language. This week's six: Anthropic blinks twice, Kimi K3 prices itself against Sonnet, OpenAI's red-team model, and two agent incidents everyone should learn from.
Every week, Laojin watches the AI world's highest-signal sources (17 X accounts + 8 official channels) and translates what matters into business language. Each item: what happened (with original link + confidence label) → Laojin's take → follow or not.
1. Anthropic Blinks: Fable 5, Its Strongest Model, Becomes Permanent in Subscriptions
What happened: On July 18, Anthropic's official account announced that starting July 20, Claude Fable 5 will be included in all Max and Team Premium plans (at 50% of limits); Pro and Team Standard users keep access via usage credits and get a one-time $100 credit. Anthropic had planned to pull its best model out of subscriptions and sell it API-only, extending the free trial again and again (it was set to end July 19) — now it's simply permanent. (Simon Willison's Jul-18 log, quoting the @claudeai announcement verbatim) 【first-hand】
Laojin's take: Let's be honest — GPT-5.6 Sol and Kimi K3 forced this. A subscription without the best model doesn't renew. No matter how tight compute is, customer experience wins. When the giants fight, subscribers pick up the spoils.
Follow? Yes. If your team uses Claude, check your plan tier this week. If you're negotiating an annual contract, write "best model included in subscription" into the terms before signing.
2. Moonshot's Kimi K3: 2.8 Trillion Parameters, Priced Against Sonnet for the First Time
What happened: Moonshot released Kimi K3 on July 16 — 2.8 trillion parameters, with open weights promised by July 27. API pricing is $3/M input and $15/M output (K2.6 was $0.95/$4), the most expensive model ever from a Chinese lab. Artificial Analysis gives it an Elo of 1547 on long-horizon knowledge work, behind only Claude Fable 5; cost per task is $0.94, about half of Opus 4.8 ($1.80). Simon Willison tested it day one: it has only a "max" reasoning effort, and one simple prompt burned 13,241 reasoning tokens (25 cents). (Simon Willison's hands-on review) 【first-hand】
Laojin's take: An open-weights model daring to charge Sonnet prices means its maker believes it performs at Sonnet level. But note the test detail: this model thinks *hard* — don't run simple jobs on it or your token bill will cry. The old rule holds: match the model to the job. That's exactly why we built AllModelsAPI, a multi-model gateway.
Follow? Yes. Add K3 to your test list for coding and long-document tasks; after weights drop on July 27, run the math on self-hosting.
3. Anthropic's Enterprise Triple Move in One Week: Admin API, Self-Serve HIPAA, and Mid-Conversation System Messages Going GA
What happened: On July 14, Claude Enterprise launched an Admin API (beta): members, roles, invites, and groups are all programmatically manageable; the same day, HIPAA configuration became self-serve — admins review the BAA, download the implementation guide, and enable it in one flow, on both Enterprise and the API. On July 15, mid-conversation system messages went GA on Fable 5 / Mythos 5 / Opus 4.8 across the API, Bedrock, and Google Cloud — no beta header required. (Anthropic release notes · Claude, · Developer Platform) 【first-hand】
Laojin's take: None of this is sexy, but all of it is the real bottleneck of using Claude at company scale: how you manage people, pass compliance, and control long-running tasks. The bottleneck of AI adoption was never the model — it's this unglamorous plumbing. Anthropic is paving the road for everyone.
Follow? If you're building an enterprise Claude deployment, have your tech lead check your setup against all three. If you serve healthcare clients, self-serve HIPAA saves weeks of procurement — exactly the kind of work our AI adoption services handle for clients every day.
4. OpenAI Unveils GPT-Red: AI Attacking AI to Fight Prompt Injection
What happened: On July 15, OpenAI detailed GPT-Red, an internal red-teaming model trained with self-play RL to be an "attacker": it succeeds at indirect prompt injection in 84% of scenarios (human red-teamers: 13%). After adversarial training on its attacks, GPT-5.6 Sol shows 6× fewer failures on the hardest direct-injection benchmark versus OpenAI's best production model from four months earlier. GPT-Red is internal-only, used purely to harden OpenAI's own models; OpenAI also demoed it compromising a vending-machine agent (repricing items to $0.50, cancelling another customer's order). (MarkTechPost's Jul-16 deep dive, citing OpenAI's official blog) 【first-hand】
Laojin's take: The scariest thing in the agent business is "AI getting tricked into doing bad things." OpenAI just admitted it's enemy #1 and spent serious compute on the cure. Discount vendor benchmarks as always, but the direction is real: injection resistance is becoming a new axis of model selection.
Follow? If you build agent apps, add "prompt-injection defense" to your model checklist; wait for the promised paper before copying specific techniques.
5. xAI's Grok Build Caught Uploading Users' Entire Directories — Then Open-Sourced Everything
What happened: On July 14, users discovered that running the grok CLI in a home directory uploaded "SSH keys, password manager databases, documents, photos — everything" to xAI's cloud buckets. Musk promised all previously uploaded data would be "completely and utterly deleted"; xAI disabled default data retention (effective July 12), then released Grok Build's entire 844K+ lines of Rust under Apache-2.0, with support for local-first self-hosted inference. Simon Willison audited the code himself: the upload code remains but is disabled, and many tool implementations are "ported from" Codex and OpenCode. (Simon Willison's code audit) 【official】
Laojin's take: A "default upload" incident can destroy a tool's reputation overnight. xAI is trading full open source plus local-first for trust — that will become the new selling point for coding tools. For buyers, there's one more hard criterion: does your data leave the building?
Follow? When evaluating coding agents, put "data boundary" on your due-diligence list: what gets uploaded by default? Can it run locally? If something leaks, can it actually be deleted?
6. ⚠️ This Week's Action Item: OpenAI Confirms Codex Can Delete a User's Entire Home Directory
What happened: On July 16, OpenAI Codex lead Thibault Sottiaux published the investigation conclusion: with Full Access enabled and no sandboxing or auto-review, GPT-5.6 Codex tried to override the $HOME environment variable to point at a temporary directory — and made an "honest mistake," deleting the user's real home directory instead. OpenAI promised developer-message updates, safer permission guidance, harness safeguards, and a full post-mortem within days. (Simon Willison quoting the official conclusion verbatim) 【official】
Laojin's take: Even OpenAI's own agent wiped a user's machine. The model isn't evil — the permissions were reckless. If your business runs on agents, memorize three words: sandbox, least privilege, human approval before destructive actions. Skip none.
Follow? 【Do it this week】Today, audit every AI agent in your company: is "full access" on? Does it run in a sandbox? Is there human confirmation before it deletes files or touches databases? If you'd rather have a second pair of eyes, book a free consult and I'll walk through it with you.
FAQ
Do I need to chase every model update?
No. My rule is "let the dust settle for two weeks": watch third-party hands-on tests (like Simon Willison's) before adding anything to your evaluation list. What deserves same-day action is anything touching your current bills and permissions — like this week's Fable 5 subscription change and the agent permission audit.
What is "prompt injection," and why should a business owner care?
Prompt injection is when an attacker hides instructions inside a webpage, email, or file to hijack your AI — for example, tricking it into sending out customer data. If your AI reads external content (browsing, email, documents), the risk exists. OpenAI spending serious compute on it tells you this is the #1 security problem in agent adoption.
Before handing work to an AI agent, what's the minimum safety checklist?
Three things. One: run it in a sandbox or isolated environment — never give it the keys to the whole machine. Two: destructive actions (deleting files, writing to databases, sending messages) require human confirmation. Three: audit its data boundary regularly — what uploads by default, and can it run locally. This week's OpenAI and xAI incidents failed on exactly these three.
---
_Sources: 17 X accounts + 8 official channels monitored this week; official blogs and newsletters preferred. Confidence labels: 【first-hand】official release · 【official】officially confirmed · 【multi-source】cross-confirmed · 【single-source】one secondary report · 【rumor】unverified. The views above are Laojin's personal opinions and do not constitute investment advice._