Claude Sonnet 5 just leaked

claude-sonnet-5-20260203

That model string hit the internet Sunday night. February 3rd. Yesterday.

Early testers are already reporting it out-codes Opus 4.5—Anthropic’s own $15/million-token flagship. One tester prompted it to build a space shooter game. Single shot. Fully playable. Another asked for an ASCII world map and got coastlines, mountain ranges, and country labels that previous models couldn’t even approximate.

But here’s what makes this week genuinely strange: Google also just turned text prompts into walkable 3D worlds—and gaming stocks cratered on the news. Meanwhile, the protocol connecting all these AI agents to your data? It shipped to 97 million developers without a lock on the door.

The best week in AI might also be the most dangerous. Here’s what you need to know—and do.

🔄 What I Got Wrong Last Week

I said Opus 4.5 would hold the coding crown through Q1. Lasted six weeks. Sonnet 5 reportedly matches it on SWE-bench while running faster and cheaper. The lesson: in 2026, even “flagship” has a half-life measured in weeks. Plan accordingly.

In Today’s 5-Minute AI Digest. You will get:

1. The MOST important AI News & research
2. AI Prompt of the week
3. AI Tool of the week
4. AI Tip of the week

…all in a FREE Weekly newsletter. 

Leaked builds show Anthropic’s next Sonnet model with a 128k context window, competitive math performance against frontier models, and coding output that reportedly surpasses Opus 4.5 in structured visual generation. The model string claude-sonnet-5-20260203 suggests an imminent public release. If Anthropic holds to its pricing strategy, expect a workhorse model at Sonnet 4.5 rates.

Google DeepMind’s Genie 3 world model is now available to AI Ultra subscribers ($250/month) in the US. Type a prompt, get a 3D environment you can explore in real-time at 720p/24fps. Take-Two, Roblox, and Unity stocks dropped on the news. It’s not a game engine yet—60-second generation limits apply—but the trajectory is clear.

The cloud data company just locked in a multi-year partnership giving its 12,600 customers access to OpenAI models across AWS, Azure, and GCP. Snowflake explicitly remains “model-agnostic”—also working with Anthropic and Google. The enterprise AI race is consolidating around multi-vendor strategies.

January 2026 saw a surge in AI agent security incidents. The Model Context Protocol—now the standard for connecting AI to external tools—is being deployed without authentication by default. Researchers demonstrated prompt injection attacks through calendar invites and MCP servers running wide open on production systems. 66% of CISOs now rank AI threats as their top 2026 concern.

Everyone’s racing to ship AI agents. Almost no one’s securing them.

MCP adoption exploded to 97 million monthly SDK downloads—but authentication remained optional by design. That’s now backfiring spectacularly.

January’s incident tracker reads like a horror show: - Microsoft Copilot — Reprompt attack let attackers hijack sessions via manipulated URL parameters - Clawdbot — Personal AI assistant deployed on MCP with zero guardrails, exposing credential theft vectors - 5ire MCP vulnerability (CVE-2026-22792) — Unsafe client rendering enabled arbitrary code execution

Here’s the second-order effect most coverage misses: securing these agents requires monitoring at runtime, not just during development. Traditional code audits don’t catch prompt injection through a poisoned calendar invite. Companies like MintMCP, Lasso Security, and Palo Alto’s AIRS are racing to fill this gap—but enterprise security roadmaps for 2026 largely don’t include agent-specific controls.

The winners in agentic AI won’t just be the ones with the best models. They’ll be the ones who figured out governance before their name appeared in a CVE.

Read the full deep dive: “The Unlocked Door in Your AI Stack” →

What it does: Runs a “pre-mortem” on any project—forces the AI to tell you exactly how and why it will fail before you launch.

The prompt:

You are a brutally honest consultant who has seen this exact project fail 100 times.

The project: [describe your project in 2-3 sentences]

Tell me:
1) The 3 most likely ways this fails
2) The earliest warning sign for each failure mode
3) The one assumption we're making that is probably wrong
4) What we'll wish we had done differently in 6 months

Be specific. Be uncomfortable. Optimism is not helpful here.

Why it works: AI defaults to cheerleading. This prompt explicitly inverts that bias. The “brutally honest consultant who has seen this fail” framing accesses pessimistic reasoning patterns the model normally suppresses.

Real-world application: A founder used this before a product launch and caught a pricing assumption that would have killed conversion. The AI predicted “customers will balk at annual-only billing” — they added monthly, and 62% of early users chose it.

📸 Screenshot this: Every project has a failure mode you’re avoiding thinking about. The pre-mortem prompt finds it for you.

What it is: An AI notepad that captures meetings without putting a bot in the call—it listens locally on your device and writes notes in your voice.

Why you need it: You’re tired of “Otter is joining” interrupting your calls. You’re tired of notes that sound like a court transcript. Granola runs silently in the background, hears what you hear, and produces notes that actually sound like you wrote them.

One-liner pitch: “Meeting notes without the awkward bot.”

Rating: ⭐⭐⭐⭐⭐ (5/5)

Key features: - No bot joins your call—works via system audio capture - Learns your writing style and formats notes to match - Works with Zoom, Meet, Teams, and phone calls - Just raised $20M—actively shipping features weekly

Best use case: Sales calls, investor meetings, or any conversation where “an AI is recording this” changes the dynamic.

Link: granola.ai

The tip: When a new model drops, don’t test it on easy tasks. Test it on the prompt that broke the last model.

Every model has failure modes—tasks where it hallucinates, loops, or gives confidently wrong answers. You’ve found these the hard way. Keep a “breaking prompt” file. When Sonnet 5 goes live, that’s your benchmark.

Why it works: New model hype biases you toward success. You’ll subconsciously pick tasks it’ll ace. Your breaking prompts are adversarial by design—they reveal limits, not capabilities.

Limitations: Some failures are architecture-specific and won’t transfer. If your breaking prompt exploited a context window limit, and the new model has a larger window, you’ll need new tests.

Pro move: Run your three hardest prompts on Sonnet 5, Opus 4.5, and GPT-5.2 in parallel. Document the differences. The model you trust for each task type might not be the same model.

You just learned: - Claude Sonnet 5 is live—test it with your hardest prompt, not your easiest - MCP is the unlocked door in your AI stack—Microsoft, Clawdbot, and others already got burned - The pre-mortem prompt finds the failure mode you’re avoiding

Now implement one.

If you’re technical: Open your terminal. Run npx @anthropic-ai/mcp list or check your IDE’s MCP config. Count how many servers are connected. If any are third-party or unfamiliar—that’s your attack surface. Audit or remove.

If you’re not technical: Forward this issue to your engineering lead with one question: “Do we know what MCP servers are running in our AI tools?”

If you’re launching anything: Run the pre-mortem prompt before your next meeting. Bring the output. Watch the room get uncomfortable—then grateful.

Most readers will skim this and forget it by lunch. The ones who act today will be the ones who aren’t explaining a breach—or a failed launch—next quarter.

— R. Lauritsen

P.S. Run the pre-mortem prompt on your current project. Right now. I’ll wait. The thing it surfaces will be the thing you were avoiding thinking about.

P.P.S. Know someone shipping AI agents without a security review? Forward this. They’ll either thank you or owe you one.

The gap between what AI can do and what we’ve secured just got wider. Stay curious—and stay paranoid.