In this issue
Last Friday the White House ordered Anthropic to cut off access to its two most powerful models, Mythos and Fable 5, for every foreign national. Rather than check passports, Anthropic switched both models off entirely.
The smartest model in your stack can disappear overnight for reasons that have nothing to do with you, your contract, or your use case. Read more below.
Topics of the day:
Export order pulls Anthropic's Fable 5 and Mythos offline
ChatGPT Enterprise adds spend controls and usage analytics
A Copilot bug could leak emails and 2FA codes
ChatGPT gets noticeably sharper at health questions
Curated reads on agent vaults, email SDKs, and AI wearables
The Shortlist: OpenAI's rare-disease wins, Apple's price hike, NVIDIA at Cannes
Washington pulls Anthropic's most powerful models offline
What's happening: On Friday the White House ordered Anthropic to revoke access to its two most advanced models, Mythos and Fable 5, for all foreign nationals, including immigrants living in the US, after a dispute over carrier SK Telecom's access and alleged China ties. Rather than gate the models by nationality, Anthropic shut both off entirely.
In practice:
Treat your top model as a single point of failure, because the one you build on can be switched off by a government order you had no part in.
Keep a fallback model wired up and tested, since the gap between Mythos-tier output and the next option down is exactly what breaks when access vanishes.
Watch the geopolitics, not just the changelog, because where your vendor's customers and compute sit now decides whether you can use the model tomorrow.
Check what your contract actually says about losing access overnight, since most say almost nothing, and that silence is now a real operating risk.
Bottom line: The smartest model in your stack can vanish overnight for reasons that have nothing to do with you.
ChatGPT Enterprise gets real spend controls
What's happening: OpenAI rolled out credit usage analytics and updated spend controls for ChatGPT Enterprise, pulling ChatGPT and Codex usage into one Global Admin Console. Admins can break spend down by user, product, and model, and pull the same numbers through a Cost API.
In practice:
Find your heaviest users and your runaway workflows, since the console now breaks credit spend down by person, product, and model in one view.
Pipe the Cost API into your own dashboards, so AI spend sits next to your cloud and SaaS lines instead of hiding in a separate console.
Separate useful heavy usage from waste before you cut budgets, because high spend on real work is not the same as a misconfigured agent stuck in a loop.
Set the controls before rollout, not after the overage, since the whole point of this release is catching cost drift early rather than explaining it later.
Bottom line: AI stopped being a flat subscription a while ago. Now at least you can watch the meter while it runs.
A Copilot bug could have leaked your emails and 2FA codes
What's happening: Researchers at Varonis disclosed SearchLeak, a chained vulnerability in Microsoft 365 Copilot Enterprise that let an attacker exfiltrate emails, meeting notes, and 2FA codes through a single malicious link. Microsoft patched it in June, but the attack worked by turning Copilot's own search against the user.
In practice:
Confirm your tenant is on Microsoft's June patch, since SearchLeak could reach anything the signed-in user could, from emails to SharePoint files.
Assume any AI assistant with broad data access is also a broad attack surface, because the same reach that makes Copilot useful makes a leak bigger.
Treat links that land inside AI tools with the same suspicion as email attachments, since the whole attack started with one crafted URL.
Ask where else this pattern hides, because injecting a prompt through a URL parameter is not unique to Copilot.
Bottom line: The assistant reading your inbox can be talked into emptying it. Patch fast, and stop assuming guardrails alone keep AI tools honest.
Read Later
Email SDK - A unified TypeScript SDK for sending mail through any provider, handy if you have rewritten the same email code for the third time.
Race your own ghost on Meta Ray-Bans - A builder wired the Ray-Ban Display into a running game so he can race a recording of his past self, a fun look at where AI wearables are heading.
Infisical agent-vault - A credential proxy and vault that keeps API keys out of your AI agents' hands, the kind of guardrail today's Copilot story argues for.
Kapso CLI - Gives your agents real WhatsApp numbers, so an automation can text customers instead of living inside a chat window.
agentic-stack - One portable set of agent instructions that runs across Claude Code, Codex, and other harnesses, if you are tired of rewriting prompts per tool.
ChatGPT just got noticeably better at health
What's happening: OpenAI shipped GPT-5.5 Instant, which it says now matches its frontier Thinking models on tough health evaluations, and rolled it out to every free user. More than 230 million people already ask ChatGPT health and wellness questions every week.
In practice:
Expect your customers and your team to lean on ChatGPT for health questions, because the free tier just got materially better at them.
Notice the new behavior, it asks for context, flags when to seek care, and hedges uncertainty instead of sounding falsely confident.
Keep verifying anything that matters, since better is not the same as a clinician, and the model itself now admits that more often.
Bottom line: Health is quietly one of the biggest reasons people open an AI tool at all. The answers are getting good enough that pretending otherwise is the riskier move.
The Shortlist
OpenAI showed that one of its reasoning models helped doctors crack 18 previously unsolved rare-disease cases in children, a concrete sign of AI moving from chat into real diagnostic work.
NVIDIA used Cannes Lions to show partners rebuilding ad and marketing pipelines around AI, worth a look if your team buys or makes creative at any scale.
Apple is reportedly set to raise prices, with the cost of building AI features cited as one pressure, a reminder that someone always ends up paying for the AI arms race.
Cloudflare published a guide to building your own AI vulnerability harness, so you can probe your apps for weaknesses before an attacker turns your assistant against you.
This newsletter is where I (Kwadwo) share products, articles, and links that I find useful and interesting, mostly around AI. I focus on tools and solutions that bring real value to people in everyday jobs, not just tech insiders.
