OneLogic
All editions

Lumina Digest

The AI developments that matter, explained.

How would you like to read it?

Same edition, explained without the jargon — and just as faithful. It's not a quick summary: an independent check confirms the plain-language version stays true to the original, without dropping or distorting anything.

Anthropic Brings Claude Fable 5 Back Online After U.S. Export Controls Are Lifted

The frontier model is available worldwide again as of July 1, after the Trump administration revoked the export controls triggered by a cybersecurity alarm. It returns with a new safety classifier and an imminent pricing change.

Anthropic brought Claude Fable 5 back online on Wednesday, July 1, 2026. The decision comes after the Trump administration revoked, on June 30, the export controls imposed on June 12 — just three days after the model's release on June 9 (Anthropic's official announcement; AP News).

The block stemmed from a cybersecurity alarm. Amazon researchers had shown that, with targeted prompts, Fable 5 could be induced to identify software vulnerabilities and, in one case, to generate code that demonstrated how to exploit the flaw. The Commerce Department stepped in after learning of that research (Forbes). The reinstatement comes with a new classifier that, according to Anthropic, blocks the technique described by Amazon in more than 99% of cases. When a request is blocked, it is routed to the less powerful Opus 4.8 model.

Access became global again as of July 1: on paid plans, Fable 5 is included for up to 50% of weekly usage limits through July 7, after which it will be available on consumption credits. Anthropic keeps Fable 5 — with full safeguards and open to the public — distinct from Mythos 5, which is more powerful and has fewer protections, reserved for approved cybersecurity partners only.

Critical voices are not lacking: OpenAI CEO Sam Altman branded the approach "fear-based marketing," comparing it to someone who builds a bomb and then sells the fallout shelter (Forbes).

Why it matters

  • Entrepreneurs · End users: A frontier model was switched off and back on based on a government decision: continuity of access to a tool on which business processes are built becomes a risk to factor in. And the pricing model is already changing soon — after July 7 you move from included limits to consumption credits, with a direct impact on budgets and planning.
  • ICT engineers / IT managers: It's a concrete security and compliance precedent: a coding model can be induced to produce exploit code, and vendor availability now also depends on geopolitical factors. When choosing a vendor, classifiers, fallback routing, and service continuity must be weighed, not just performance.
  • LLM builders / devs: The technical detail is instructive: a targeted classifier that blocks Amazon's technique in more than 99% of cases, the fallback of blocked requests to Opus 4.8, and the separation between Fable 5 (public) and Mythos 5 (partners only) outline a replicable safety-gated release pattern.

Anthropic Releases Claude Sonnet 5: New Tokenizer (~30% More Tokens) and Sampling Parameters That Return a 400 Error

The model is a drop-in for Sonnet 4.6 at the same per-token price, but three documented changes alter the actual costs and request signature for anyone integrating the APIs.

Anthropic released Claude Sonnet 5 on June 30, 2026, presenting it as a drop-in replacement for Claude Sonnet 4.6 at the same per-token price. Rates stay at $3/$15 per million input/output tokens, with an introductory discount of $2/$10 through August 31, 2026. Under the surface, the official documentation lists three changes that directly affect anyone integrating the APIs.

The first is a new tokenizer: the same text produces "roughly 30% more tokens" than Sonnet 4.6. It is not an API change — requests, responses, and streaming keep the same shape — but it shifts everything that is measured or estimated in tokens. The usage fields grow, the 1M-token window holds less text, and a max_tokens tuned for 4.6 can truncate the equivalent output. Simon Willison measured the effect by content type: ~1.42x for English, ~1.33x for Spanish, ~1.27x for Python code, and ~1.01x for Chinese. At the same per-token rate, the bill for an equivalent request goes up: effectively a price increase, Willison notes, masked behind unchanged nominal rates.

The second, per the migration guide: setting temperature, top_p, or top_k to a non-default value returns a 400 error; they must be removed and replaced with instructions in the system prompt. This is not a Sonnet 5 invention — the constraint had already been introduced on Claude Opus 4.7 — but it now comes down to the Sonnet class. The third: adaptive thinking is on by default (previously it was off), so max_tokens needs to be rechecked; manual extended thinking has been removed and it, too, returns a 400.

Why it matters

  • LLM builders / devs: It is a drop-in upgrade in name only: without adjustments, requests fail or output gets truncated. Prompts need to be re-counted with the new token counting, max_tokens reviewed, and costs recalculated (at the same rate, ~30% more tokens means higher spend per request and a context window that holds less text). In addition, non-default temperature/top_p/top_k must be removed (400 error) and the now on-by-default adaptive thinking must be handled.

The EU Council Adopts the Digital Omnibus on AI: An Extension for High-Risk Systems, but the Obligations Remain

The Council gives final approval to the AI Act simplification package: the high-risk deadlines slip to 2027-2028, while transparency and new prohibitions remain fixed at the end of 2026. Legal analyses speak of a recalibration, civil society of a rollback.

In late June 2026, the Council of the European Union gave final approval to the package of targeted amendments to the AI Act contained in the Digital Omnibus. This is the simplification measure proposed by the Commission on 19 November 2025. The most significant change is the postponement of the deadlines for high-risk AI systems: the obligations become applicable on 2 December 2027 for stand-alone systems and on 2 August 2028 for those integrated as safety components in a product. The original deadline had been set at 2 August 2026 (Baker Botts analysis). The transparency obligations, by contrast, remain set at 2 December 2026, namely the machine-readable labeling of AI-generated content. On the same date the new prohibitions introduced in Article 5 take effect: non-consensual intimate images (so-called "nudifiers") and AI-generated child sexual abuse material (Loyens & Loeff). The package adds minor relaxations: exemptions extended to small mid-caps, machinery products with AI components spared from duplicate requirements, and processing of personal data permitted for bias detection.

Both legal analyses insist on the same point: it is a "recalibration, not a rollback." The risk-based framework remains intact: only the timeline changes. Companies, they warn, should use the time gained to build governance and technical controls. This reading, however, is contested. A coalition of digital rights organizations (EDRi, Access Now, ECNL, Amnesty International) calls the package a "vehicle for deregulation." The charges: less information loaded into the public database, potentially harmful systems on the market for longer without the full safeguards, and the dangerous precedent of reopening a law before it has even entered into application (EDRi).

Why it matters

  • Entrepreneurs: Those who develop or import high-risk AI systems in the EU gain more than a year of extra headroom to comply: until 2 December 2027 for stand-alone systems, until 2 August 2028 for embedded ones. These have direct effects on compliance budgets and legal planning. But it is a deferral, not a cancellation: the substantive obligations remain, and the near-term deadlines on transparency/labeling and the new prohibitions (2 December 2026) need to be planned for right away.

Microsoft Warns of 'Tool Poisoning' in MCP: The Security Perimeter Shifts to the Agents

Microsoft reports that hidden instructions in MCP tool descriptions can make AI agents exfiltrate corporate data. It is not a brand-new flaw — Invariant Labs documented it back in April 2025 — but its coming-of-age as an enterprise concern arrives now that agents are becoming 'write-capable'.

Microsoft has sounded the alarm on the security of AI agents built on MCP (Model Context Protocol): "poisoned" tool descriptions can induce an agent to exfiltrate corporate data without the user noticing. In the Security Blog post The state of MCP security in 2026, picked up by The Hacker News, the company describes tool poisoning. These are malicious instructions hidden in a tool's text metadata: the description field, the parameter descriptions, the input schema. The model reads the full description when it enumerates the tools; in the UI the user sees only a concise, innocuous version. It is enough for the tool to be loaded into context — it need not even be invoked — for the agent to follow the hidden instructions.

In Microsoft's example, an apparently legitimate guide conceals the order to collect the last thirty unpaid invoices and attach a summary of them to an ordinary request. That request thus ends up going to an external recipient. The perimeter shifts: agents move from read-only to write-capable flows, and MCP servers must be treated as supply-chain dependencies, not as convenient connectors.

This is not, however, an unprecedented attack. Invariant Labs coined the term "Tool Poisoning Attack" on April 1, 2025. Its proof-of-concepts exfiltrated SSH keys and configuration files from Cursor and Claude Desktop, including the "rug pull" variant (descriptions modified after approval). It is a widely documented attack, catalogued by the OWASP MCP Top 10 as entry MCP03. The recommended mitigations: pinning tool definitions (a hash flags every change, as mcp-scan does), registries and allowlists of trusted servers, metadata inspection, and human approval for high-impact actions. In parallel, an arXiv survey (Natanzi and Tang, June 30, 2026) systematizes LLM vulnerabilities across eight lifecycle stages. It flags "tool/agent execution" and "retrieval and memory" as new attack surfaces. Two independent analyses thus converge on the same shift of the perimeter toward the agentic layer.

Why it matters

  • ICT engineers / IT managers: Anyone bringing MCP agents into the enterprise must treat the servers as supply-chain dependencies: allowlists of trusted sources, pinning of tool definitions to catch 'rug pulls', human approval on high-impact actions, and logs that distinguish the human request, the agent's decision, the tool invocation, and the data movement.
  • LLM builders / devs: Those building agents cannot trust tool metadata: the description is, for all intents and purposes, executable input for the model. Tool ingestion must be designed with metadata inspection and pinning, least-privilege permissions, and verification of the definitions before they enter the context — not just of the code they execute.

Meta reportedly used testers posing as minors to probe rival chatbots on sensitive topics

An investigation attributes to Meta an internal project in which hundreds of contractors, using fake under-18 accounts, questioned ChatGPT, Gemini, and Character.AI about suicide, sex, and drugs. Meta calls it safety benchmarking; the services being tested were not aware of it.

According to a Wired investigation, Meta ran an internal project — code-named "Cannes," managed by the contractor firm Covalen — in which hundreds of contractors posed as minor users to question competitors' chatbots about highly sensitive topics. Using fake under-18 accounts, the testers sent prompts and images to OpenAI's ChatGPT, Google's Gemini, and Character.AI, then logged the responses in spreadsheets.

The scale is notable: a single round completed in August 2025 exceeded 45,000 prompts; one spreadsheet reviewed contained 3,748 of them, including hundreds on suicide and self-harm, hundreds on eating disorders, at least 239 on sex and relationships, plus drugs, insults, and racial slurs. The activity was still ongoing as of April 21, 2026.

The contested point is consent: none of the three target companies were aware of or had authorized the tests, which their respective terms of use prohibit (OpenAI explicitly forbids unsolicited safety testing and attempts to circumvent its protections). Meta does not deny the work and describes it as "a responsible and industry-standard practice" for ensuring safe, age-appropriate experiences, stating that it does not use competitor benchmarking to train its own models. Google, for its part, said it neither approved the tests nor knew their purpose, adding that its own checks show Gemini responding in line with its policies on the samples examined; the sources do not document a successful bypass, but rather prompts built to force the guardrails.

Critical readings diverge: Rumman Chowdhury (Humane Intelligence) speaks of a "governance gray zone in which safety becomes a convenient pretext for anticompetitive practices," while a former contractor described the team's dismay at some of the texts they were asked to submit.

Why it matters

  • End users: It's a concrete reminder that the chatbots we use every day are pushed to the limit precisely on the most fragile conversations — suicide, self-harm, eating disorders, sex — and that their protections can be stress-tested and subjected to circumvention attempts even by third parties, without the service's knowledge. The sources do not, however, establish a successful bypass: they document prompts built to force the guardrails, not harmful responses obtained, and Google actually stated that on the samples examined Gemini responded in line with its own policies. For users and families the takeaway holds: don't assume guardrails are infallible, and stay cautious when these tools touch highly vulnerable topics, especially with minors.

Google Launches gemini-omni-flash in Public Preview, the High-Speed Conversational Video Model

Google brings gemini-omni-flash to public preview on the Gemini API and AI Studio: it generates and edits video through conversation, 10 seconds at 720p for $0.10/second, with audio editing held back for safety. In the EEA, Switzerland, and the United Kingdom, editing of user-uploaded videos is not currently available.

Google has made gemini-omni-flash-preview available in public preview, a multimodal model for conversational video generation and editing, accessible from the Gemini API and Google AI Studio (as well as in the Gemini app and Google Flow). The announcement, dated June 30, 2026, comes alongside Nano Banana 2 Lite (gemini-3.1-flash-lite-image), the fastest and most affordable image model in the line.

The model accepts text, image, and video input — text-to-video, image-to-video, and reference-to-video generation — and produces clips with native audio. Editing happens in natural language and maintains character and scene consistency across multiple turns. Generation is for now limited to 10 seconds (longer durations "coming soon") at 720p resolution. The price is $0.10 per second of video produced, the same rate as Veo 3.1 Fast.

Google states several limitations: uploading audio references and scene extension are not yet supported, video references under 3 seconds are not processed correctly, and character consistency issues remain across scene changes. There is also a geographic constraint relevant to the Italian audience. The official documentation specifies that in the European Economic Area, Switzerland, and the United Kingdom, editing of user-uploaded videos is not currently available; editing of videos generated by the model, however, remains supported. Voice and audio editing is furthermore deliberately held back for safety reasons related to deepfakes, and every output carries the SynthID watermark. The independent press finally notes skepticism about whether Omni Flash is truly a new category: rather than a new product, it may be a tighter integration of capabilities already shown by the sector. It also notes the absence of official benchmarks against Veo 3 or third-party models such as Seedance.

Why it matters

  • LLM builders / devs: A new multimodal endpoint in public preview on the Gemini API enables video pipelines with conversational editing and multi-turn visual consistency. The current constraints — 10 seconds, 720p, no audio references or scene extension, and metered pricing at $0.10/second — must, however, be weighed before taking it to production. Pay particular attention if you develop from the EEA, Switzerland, or the United Kingdom: editing of user-uploaded videos is not currently available in these areas (editing of videos generated by the model remains available), a limit that reshapes which use cases are actually permitted.
  • End users: Editing a video by talking to it instead of regenerating it from scratch lowers the barrier to use. Still, the limits of short clips and low resolution remain, along with the SynthID watermark on every output and the block on voice editing designed to counter deepfakes. In Italy — and across the rest of the EEA, Switzerland, and the United Kingdom — there is an additional restriction: it is not currently possible to edit user-uploaded videos, while it remains possible to edit those generated by the model.