In partnership with
Hello friends!
Welcome to this week’s Sloth Bytes. I hope you had a great week.
Want to get the most out of ChatGPT?
ChatGPT is a superpower if you know how to use it correctly.
Discover how HubSpot's guide to AI can elevate both your productivity and creativity to get more things done.
Learn to automate tasks, enhance decision-making, and foster innovation with the power of AI.
See Why HubSpot Chose Mintlify for Docs
HubSpot switched to Mintlify and saw 3x faster builds with 50% fewer eng resources. Beautiful, AI-native documentation that scales with your product — no custom infrastructure required.
We’re running a super short survey to see if our newsletter ads are being noticed. It takes about 20 seconds and there's just a few easy questions.
Your feedback helps us make smarter, better ads.
The “Dangerous” AI Model is Now Out (Sorta)
Back in April, Anthropic built a model so good that they refused to let anyone have it. It found critical zero-days in every major OS and browser and it could build working exploits in hours instead of weeks the model was called “Mythos” and it ended up creating Project Glasswing. A defensive program to protect the world’s most critical software (AWS, Google, Apple, Linux, Nvidia, etc)
Two months later, Anthropic figured out how to make a version normal people can actually use called Claude Fable 5.
It’s in a new category called the “Mythos-class.” It's the same model with the A LOT more safeguards. When Fable 5 detects a sketchy query, it falls back to Claude Opus 4.8 instead.
Anthropic ran an external bug bounty spanning over 1,000 hours of testing that produced zero universal jailbreaks. The UK government's AI Safety Institute reportedly made some progress toward one but didn't fully crack it. So at least they’re taking security serious.
As for the benchmarks:
Yep it’s great… the difference in cybersecurity is insane.
Real world example: Stripe said it compressed months of engineering work into days and completed a Ruby migration that would have taken a team over two months
API:
claude-fable-5at $10 input / $50 output per million token. Available on all your favorite coding tools. It’s really expensive though…
If you want to use it inside Claude, it’s available on Pro, Max, Team, and Enterprise claude until June 22.
On June 23 it’ll gets removed from those plans and requires usage credits. Anthropic says they "aim to restore it as a standard subscription feature" once capacity allows” So who knows when it’ll come back.
This model costs double the tokens of Opus 4.8 and researchers have noted Anthropic may have built something too expensive to serve for everyone.
If you're on the $20/month Claude Pro plan... good luck. It takes 2x more usage than Opus (some people say it feels like more), so you're probably getting one or two prompts before you hit your usage limit.
This model is like a Lamborghini with a two-gallon tank. Fast and beautiful, but it’s not gonna take you very far.
npm v12 is coming out with some useful security fixes
Looks like npm is finally doing something after those crazy attacks a few weeks ago.
I also broke down exactly how npm install works and why it's been so exploitable: it runs third-party code on your machine by default every time you install a package.
But that’s now going to change in npm v12. It’s focusing on blocking supply-chain attacks that abuse behaviors triggered by npm install.
Three things changing:
Install scripts off by default:
npm installwill no longer runpreinstall,install, orpostinstallscripts from dependencies unless explicitly approved vianpm approve-scriptsGit dependencies blocked: will not resolve unless you pass
--allow-gitRemote URL dependencies blocked: HTTPS tarballs also blocked unless you pass
--allow-remote
Basically code execution that currently runs automatically during install will now require explicit approval
(pnpm has had these defaults for 18 month btw. npm is just catching up.)
WWDC 2026: Siri has a brain and agents are in Xcode now
Every year Apple holds WWDC and every year and this year is what I honestly expected last year’s to be.
iOS 27, iPadOS 27, macOS 27, watchOS 27, and visionOS 27 all dropped in developer beta today. Also this was Tim Cook's final WWDC keynote as CEO before John Ternus takes over in September. A little bit of history if you're into that kind of thing.
Before getting into the dev tools, here's what's actually new:
Siri is completely rebuilt with a Google Gemini-powered engine and a new standalone app, with cross-app task completion and personal context access. It’s about time Apple.
Liquid Glass 2 with a new layered effect, intensity slider, and accessibility fixes. Thank lord. Oh wait this is my newsletter, so I can add this image:
I can’t help it. I see this every time I hear about liquid glass
Performance: 30% faster app launch times, photos load 70% faster, AirDrop transfers 80% quicker. Amazing improvements here.
Preparing for their fold phone: iOS 27 beta contains
foldState,mechanicalAngleDegrees, and multi-display detection strings. Apple said nothing about a foldable iPhone but the SDK is clearly getting ready for one
Basically the same as IOS 27: Fancy Siri, better liquid glass, and more AI features.
First macOS release to require Apple Silicon (M chips). Intel Macs are finally getting left behind.
Golden Gate is the last macOS version with full Rosetta 2 support. macOS 28, coming fall 2027, will remove it. This means any app still compiled only for Intel stops working
Golden Gate also automatically uninstalls Rosetta 2 if you had it installed on macOS 26, so you'd need to reinstall it manually if you still need it
Now the stuff that directly affects your codebase:
Coding agent fully integrated: start conversations from anywhere, agents work independently with built-in skills like Apple Documentation Search, extend with external plug-ins
Plan mode: sketch your interface, agent generates a design doc before touching code
Auto-localization: tell the agent to localize your app — languages, string catalogs, and translations added automatically
Seven bundled agent skills: including
swiftui-whats-new-27,uikit-app-modernization, andaudit-xcode-security-settings— export withxcrun agent export-skills, works in any MCP-compatible agent outside Xcode tooProjects and workspaces: create common projects faster, customize toolbar, apply per-project themes, Markdown visual editor
Device Hub: unified place to run, view, and interact with physical and simulated devices from your Mac
Organizer AI triage: click "Generate Recommendations" on any crash or hang report and Xcode opens a coding assistant conversation with that report pre-loaded
There's a lot more: full Xcode 27 release notes here.
Other highlights worth knowing:
Foundation Models: new
LanguageModelprotocol lets you swap between Claude, Gemini, or Apple's on-device model without changing your app code. Free Private Cloud Compute access for apps under 2M downloads. No API keys neededApp Intents: SiriKit is deprecated. App Intents is now the only way Siri talks to your app. No App Intents means your app is invisible to the new Siri when iOS 27 ships in September.
Foldable APIs: new hinge-state and multi-display layout APIs in SwiftUI and UIKit. Worth adopting early so your app is ready when the iPhone Fold ships
8 Myths on Software Engineering and AI - Research paper busting 8 persistent misconceptions about AI in software engineering. Most interesting stat: 80% of developers use AI tools but only 29% trust their accuracy.
Why Git Has a Variable Named false_but_the_compiler_does_not_know_it_ - Git deliberately creates a value that's always false at runtime but can't be proven false to the compiler at compile time. One of those rabbit holes that makes you weirdly appreciative of how much thought goes into C code.
The Problem With useEffect - If you've ever stared at a useEffect like it personally wronged you, this is for you. Solid breakdown of exactly where the mental model falls apart.
sem - Semantic understanding on top of Git. Instead of raw line diffs, you see which functions were added, modified, or deleted. Zero config, 26 languages, and apparently AI agents are 2.3x more accurate when given sem output vs raw diffs.
apple/container - Apple's open-source tool for running Linux containers using lightweight VMs on Mac, written in Swift and optimized for Apple Silicon. Solid timing given all the WWDC news this week.
Penpot - Open-source, self-hostable design and prototyping tool. Basically an open source Figma.
Quill - A modern text editor that’s easy to extend. If you ever needed a text editor into a project, this is one of the cleaner options out there.
Question for you this week: Any fun projects you working on? Let me know what’s going on.
That’s all from me!
Have a great week, be safe, make good choices, and have fun coding.
If I made a mistake or you have any questions, feel free to comment below or reply to the email!
See you all next week.
What'd you think of today's email?
Want to advertise in Sloth Bytes?
If your company is interested in reaching an audience of developers and programming enthusiasts, you may want to advertise with us here.
