Latest AI model releases, papers, and open-source projects (May 24 to 25, 2026)

Two days, three signal layers

The May 22 to 23 window I wrote up earlier this week illustrated one ecosystem gap: tagged releases lag the commit log by one to three weeks, so a quiet announcement day can hide a productive code day. The May 24 to 25 window illustrates a different gap, sharper and more useful. There is a layer beneath both releases and commits: server-side platform behavior at the major labs. It changes occasionally, with no announcement, and the only artifact is the cluster of client-side fixes that land within an hour of each other across multiple repos.

On May 24, a quiet Sunday, the only visible work was four small commits on one repo finishing the prior week's interrupt-recovery thread. On May 25, three things happened in order: Microsoft Research dropped a paper that any roundup will cover (SkillOpt), Fazm tagged v2.9.37 with a real guardrail story plus a third browser mode, and at 5:50 PM Pacific Anthropic silently broke every Claude Code wrapper that had been passing a one-year expires_in to its OAuth token-exchange endpoint. The first two are public and indexed. The third is the kind of event that ends up in client commit histories and nowhere else.

May 24: four commits, one carryover thread

If you stopped at the announcement layer, May 24, 2026 was a non-event. No frontier-model drop, no headline paper, no security disclosure, no major open-source release. The Hugging Face dated-papers feed for the date is dominated by carryover from earlier in the week.

One open-source agent project landed exactly four commits, all small, all finishing a thread that started in the May 23 burst:

• 1c88b298 — Increase max recent workspaces limit to 9. A UI ceiling that affected nobody until session restore worked reliably enough to make nine workspaces a realistic state.
• 46bc074b — Support both partial and empty interrupt markers in recovery. The prior-context window from May 23 only handled the "cleanly interrupted with a marker" case; this extends it to streams that died mid-write or never wrote a marker at all.
• c8371846 — Record interrupted tools as cancelled in recent tool summary. The recent-tool list now distinguishes "ran to completion" from "cancelled by interrupt" instead of presenting both as completed.
• d6743ff6 — Clean up tool history and interrupted sessions on session close. When a window is closed mid-stream, the tool history is now drained so the next open does not show ghost in-flight calls.

None of this is announcement-grade. All four commits are bug-class polish on a feature that landed in the prior 48 hours and a half. The reason it is worth a sentence in the May 24 to 25 record is that this is what a Sunday looks like at the agent layer the week before a release, and it is the exact pattern you want to recognize when you are reading the ecosystem: a quiet day after a busy day is often closure on the busy-day thread, not actually nothing.

May 25 early afternoon: Fazm v2.9.37 ships

The tagged release of the window is v2.9.37, dated 2026-05-25 in CHANGELOG.json. Three things are worth pulling out.

• Agent guardrails for system-altering commands. The agent now warns before running shell commands that change system state (disabling Wi-Fi or network interfaces, modifying firewall rules, system shutdown, deleting outside the workspace). The motivation is that an autonomous coding agent with shell access will eventually be asked, by accident or pressure, to do something it should refuse. The version of "refuse then cave under pushback" that any general-purpose chat model defaults to is the wrong failure mode in an agent harness.
• Consistent handling of user-provided passwords. The agent now treats a user-typed password the same way every time instead of refusing then accepting after a follow-up message. This is the corollary to the guardrail: refusing a legitimate sudo request because the password looks sensitive is just as bad as caving on a destructive command.
• No-browser-MCP (Assrt only) mode. A third Settings option under Browser Automation: disable Playwright and the bundled browser-harness MCPs entirely, leave only the Assrt MCP active. The use case is users whose primary Chrome session keeps contending with Playwright's lock file. Removing the implicit browser MCPs eliminates the contention class without disabling AI-driven browser work entirely, because Assrt runs its own browser surface.

v2.9.37 ships, and from the changelog alone it looks like the day's release work is done. It is not.

May 25 at 5:50 PM Pacific: the OAuth break nobody announced

The unannounced event of the window arrives at 17:50:10 PDT on May 25, in a single commit on the Fazm repo modifying nine lines of acp-bridge/src/oauth-flow.ts. The commit message is Remove expires_in from OAuth token exchange to prevent HTTP 400. The next commit at 17:52:10 PDT wires the change into the user-facing Connect-Claude flow. The first commit's comment block is what tells you what really happened on the server side:

The Anthropic side of this change has no news post, no API changelog entry, no documentation update visible from the public docs site as of two days after the event. The only place the change exists, in writing, is in the inline comment Fazm's commit added to oauth-flow.ts and in the HTTP 400 response body that production endpoint returns to any client passing the now-rejected field. Search the Anthropic news page for the May 24 to 25 window and there is nothing. Search public Claude Code wrapper repos for OAuth-related commits dated May 25, and the pattern of same-day fixes lights up.

The May 25 timeline, in order

The full Monday cascade is worth seeing in sequence. The morning is public and indexable. The afternoon shifts into the kind of work that only exists in commit history. The day ends with the OAuth fix still un-tagged.

Two signals every May 24 to 25 roundup missed

The dated roundups I checked for this window cover SkillOpt, the Cursor Composer 2.5 first-week promo expiry, the Codex Pro 2x extension, and a few minor model-pricing updates. None of them mention:

1. The Anthropic OAuth policy enforcement at 17:50 PDT on May 25. The change rejected token-exchange requests including the expires_in field for the user:sessions:claude_code and user:mcp_servers scopes with HTTP 400 ("Custom expires_in not allowed for scope ..."). Any Claude Code client passing a one-year token lifetime broke at the moment of next login. The fix is trivial (remove the field), but you cannot remove a field you do not know exists, and the only artifact telling you it exists is the 400 response body.
2. The cleanup-day pattern on May 24. Four commits closing the May 23 interrupt-recovery thread. A roundup that indexes tagged releases shows zero releases for May 24; a roundup that indexes commit subjects ranged by date shows the actual end of that week's interrupt-recovery work.

Both signals are accessible from a single workstation in about three minutes. The OAuth signal requires reading the commit log of any one Claude Code client filtered to the date and grepping for "OAuth" or "auth". The cleanup-day signal requires reading the same commit log for the previous day. Neither is hidden; both are absent from every dated AI roundup I could find for this window.

The honest counterargument

The objection to chasing "silent server-side policy changes" is that most of them do not matter, and the discipline of reading every client repo's commit log for auth-shaped fixes is more cost than signal. That is fair for almost every other 48-hour window in 2026. Most OAuth, auth, and token-related commits are routine maintenance with no platform-side trigger. The reason May 25 is worth singling out is not that OAuth fixes happened, it is that two minutes separated the two commits and the response body contained an enforcement reason that did not exist the prior week. Both of those are detectable signals that this OAuth fix is the consequence of a server-side change, not a client-side rewrite.

The refinement is to spot-check, not to subscribe. Read the dated commit log of one Claude Code client when an aggregator-checked day looks too quiet. If you see an auth-shaped fix clustered tightly in time on that day, it is worth one minute of follow-up: pull the diff, read the inline comment, and check whether the change explains itself as a response to a platform-side enforcement (it usually does, and the comment is usually explicit). If yes, you have a signal nobody else has. If no, you wasted a minute. The signal-to-noise on this discipline is high in practice because client engineers tend to document the why of these fixes in the diff itself, even when their own changelog skips it.

What to predict from this window

Three short predictions, all falsifiable inside two weeks.

• Anthropic will document the new OAuth-lifetime policy in some form (an API changelog entry, a deprecation note, an authentication-docs update) within the next 7 to 14 days. The HTTP 400 response body is already documenting it inadvertently; once the silent-enforcement pattern reaches a critical mass of broken clients, the public docs catch up.
• SkillOpt or an equivalent skill-document optimizer becomes a default surface inside at least one Claude Code wrapper in the next two months. The +19.1 inside Claude Code on GPT-5.5 is too large a gain for the agent ecosystem to ignore, and the artifact-transfer property (one optimized skill.md, no re-optimization, works across harnesses) makes it cheap to integrate.
• The May 25 analytics burst at Fazm (five commits adding message-text and partial-response tracking to chat_agent_query_failed) will translate into a settings option or support-export tool inside two minor versions. That kind of instrumentation push only ships if the team plans to read the resulting analytics, and reading analytics that include user prompts almost always requires a user-facing export or opt-out surface.