Briefing · Sunday, July 5, 2026

Good morning. It's Sunday, July 5, and we're covering OpenAI's new three-model family in limited preview, a Linux kernel race condition with a 99% exploit success rate that sat unannounced for 70 days, the MCP specification release candidate that removes sessions from the protocol core, and Mistral's open theorem-proving model hitting 100% on miniF2F.
The Bad Epoll write-up has been picking up ground since Thursday as distribution teams discover their backports have not shipped. Today is a good day to verify your kernel patch status.
In today's brief:
THE BIG ONE
OpenAI published its GPT-5.6 family preview for a select group of partners, with broader API access described as coming soon. Three models cover the usual spectrum: Sol for frontier reasoning and long-horizon agentic work, Terra as the balanced everyday workhorse at roughly GPT-5.5-class performance for 2x lower cost, and Luna as the fast, cheap option for latency-sensitive applications.
Pricing per million tokens: Sol at $5 input / $30 output, Terra at $2.50 / $15, and Luna at $1 / $6. Sol introduces two capability tiers that are new to the family. Max reasoning effort gives the model more time on difficult problems, which is a named toggle rather than a hidden quality level. Ultra mode goes further - it spins up subagent pipelines to parallelize complex tasks inside a single request. If that architecture sounds familiar, it is a direct parallel to how Anthropic's Claude Code handles multi-agent delegation, and it suggests both companies are converging on the same model for agentic workloads.
Two infrastructure changes land alongside the models. Prompt caching gains explicit cache breakpoints, letting you control where the cache boundary falls rather than leaving it to the model. The minimum cache lifetime rises to 30 minutes. Cache writes cost 1.25x the uncached input rate; reads still receive the 90% discount. This directly addresses a common complaint about caching nondeterminism in longer workflows where the cache boundary kept shifting.
The preview timing matters: it lands the same week Codex Remote Control reached general availability, letting a developer start a task on desktop and review or approve actions from a mobile device. OpenAI now cites 5 million weekly Codex users, with knowledge workers growing 3x faster than developers - the same week they are showing the frontier model for the next 12 months. Our Codex vs Claude Code comparison is the closest reference we have until Sol lands more broadly.
Why it matters: Sol's ultra mode puts the multi-agent capability race in plain view, and Terra's pricing positions it as the default replacement for most GPT-5.5 workloads. The limited preview rollout means teams evaluating models for new projects cannot run benchmark comparisons against Sol today. Watch for community reports comparing Sol to Opus 4.8 on agentic tasks - that data will tell you more about where the frontier actually sits than the release post does.
SECURITY
CVE-2026-46242, nicknamed "Bad Epoll," is a race-condition use-after-free in the Linux kernel's epoll subsystem - the event-loop mechanism that nearly every modern service, browser, and Android app relies on to wait for file and network events. When two epoll file descriptors set up to monitor each other are closed simultaneously, the kernel reads and writes through a pointer to already-freed memory. The exploit the researcher built succeeds 99% of the time despite a six-instruction timing window. Any Linux system on kernel v6.4 or later is affected, including Android.
The backstory is the more instructive part. A single 2023 commit introduced two separate race conditions into the same 2,500-line epoll code path. The first, CVE-2026-43074, was discovered by Anthropic's Mythos model during a security audit. Bad Epoll was the second condition in the same code, and it eluded the AI review because its timing window is narrow enough to rarely trigger KASAN, the kernel's primary memory-error detector, leaving almost no runtime evidence. A human researcher found it during a manual follow-up pass on the same commit.
The patch has been in the kernel mainline since April 24. The problem: most distributions have not yet shipped backports, and the fix sat unannounced for 70 days before the public write-up dropped. That 70-day gap between upstream patch and public disclosure is the operationally relevant number this weekend. Check your kernel version, check whether your distribution has backported the fix, and apply from mainline if the backport is not yet available.
Why it matters: Two things compound the standard vulnerability response here. First, the exploit reliability at 99% means any developer workstation or CI runner accessible to an unprivileged account is effectively compromised until patched. Second, the AI-found companion CVE demonstrates both what automated auditing gets right and where it has blind spots. A race condition with a narrow timing window and minimal observable runtime error signature will still slip through model-assisted review - the kind of coverage gap that human follow-up audits are still necessary to close.
PROTOCOLS
The MCP 2026-07-28 specification release candidate published this week with six breaking changes. The headline: initialize is gone. Protocol version, client identity, and capabilities now travel in a _meta object on every request. Any server instance can handle any request. Sessions are removed from the protocol core.
The other five changes with immediate practical consequence:
All Streamable HTTP requests must include Mcp-Method and Mcp-Name headers. Without them, requests fail at the gateway level. This enables gateway routing without payload inspection, but it is a hard requirement that breaks any client not yet sending those headers.
Long-lived SSE GET streams are replaced by the Multi Round-Trip Request pattern. tools/call returns an InputRequiredResult with an opaque requestState; the client echoes it back on the follow-up request. If you are streaming responses via GET-based SSE today, this is the most disruptive change.
The core Tasks feature moves to a separate extension, SEP-2663, with a new polling lifecycle. tools/call returns a handle; clients poll with tasks/get. The tasks/list method is gone entirely.
Missing resources previously returned error code -32002. That now maps to standard JSON-RPC -32602. Update any error handling that keys on the specific numeric code.
Roots, Sampling, and Logging are formally deprecated but remain functional for at least twelve months from the July 28 final date - no immediate migration required for those three.
The RC window is 23 days. SDK maintainers and client implementers are validating against production workloads now. Our MCP 2026-07-28 breaking changes guide has the full migration map with code examples for the stateless transition. The spec authors' core advice: migrate at your SDK's pace, not the spec's finalization date.
Why it matters: Stateless MCP is the right architecture for horizontal scaling and serverless deployments, but it is a hard cut for anyone running stateful server implementations today. Sessions being removed from the protocol core changes the mental model for server authors fundamentally. The 23-day heads-up before finalization is generous by protocol standards. If your production MCP server uses sessions, the RC landing is the trigger to start migration planning, not July 28.
RESEARCH
Mistral released Leanstral 1.5, an open model built for Lean 4 formal theorem proving and program correctness verification, available under Apache 2.0 at $0 on Mistral's Labs API tier.
The numbers: 119B total parameters with 6.5B active per forward pass via a mixture-of-experts architecture, 256K context window for handling long proof files alongside related code. Performance on benchmarks: 100% solve rate on miniF2F, 587 of 672 PutnamBench problems solved (a new state of the art), 87% on the FATE-H algebra benchmark, and 34% on FATE-X. The model runs as labs-leanstral-1-5 through the Mistral API and weights are on Hugging Face.
Formal methods have historically been confined to safety-critical industries because the tooling required deep expertise in proof assistants. A free, open model that speaks Lean 4 natively changes the accessibility calculation for any team that wants mechanically verified correctness proofs alongside AI-generated code. Our Leanstral 1.5 write-up covers the benchmark context, the Lean 4 integration workflow, and who the tool is actually useful for in practice today.
Why it matters: If you are building with AI agents that generate code, formal verification is the missing trust layer between "the tests pass" and "the logic is provably correct." Leanstral 1.5 is the most capable open option for this problem by a significant margin. The Apache license and $0 Labs pricing eliminate the cost and licensing barriers that previously kept formal verification out of most engineering workflows.
TOOLS WORTH A LOOK
WHAT ELSE IS HAPPENING
FROM THE SITE
Friday and Saturday were productive. On July 4: Claude Sonnet 5 Developer Guide covering migration, API changes, and effort levels; Dan Luu's Agentic Testing Notes, our analysis of where his constraint-first bottleneck findings point for real engineering teams; Image Token Compression Is a Real Agent Cost Lever with reproducible numbers; Jamesob's Local LLM Hardware Guide with the configurations that actually work; and the Leanstral 1.5 Theorem Proving Model explainer. On July 3: App Builder - From a Prompt to a Working App and Agent Studio - Authoring Roles, Not Just Knowledge.
Every link above goes to a primary source or our sourced coverage. Tomorrow's brief lands when the news does - subscribe to get it by email.
The daily brief, delivered. Free, unsubscribe anytime.