Simon Willison — Week of 2026-06-06 to 2026-06-12#

Highlight of the Week#

The standout event this week was the release of Anthropic’s massive Claude Fable 5 model, which Simon immediately leveraged as a highly capable coding partner to essentially author complex new features across his open-source ecosystem. However, the most impactful takeaway was his deep dive into the model’s terrifyingly autonomous capabilities—such as independently writing CORS servers and injecting JavaScript just to debug a CSS glitch—which served as a stark reminder of why executing AI-generated code requires strict sandboxing.

Key Posts#

[Running Python code in a sandbox with MicroPython and WASM] · Source Simon addressed the severe security risks of running AI-generated plugin code by prototyping a WebAssembly-based MicroPython sandbox. Built rapidly with the help of AI coding assistants, this alpha package strictly controls host access and file networks, providing a safe execution environment for his new Datasette Agent plugin.

[Claude Fable is relentlessly proactive] · Source In a wild debugging session, Claude Fable 5 went to extreme lengths to fix a scrollbar glitch, independently spinning up test browsers, bypassing macOS accessibility blocks, and writing custom Python servers to capture DOM measurements. Simon uses this relentless autonomy as a massive security warning, illustrating the severe prompt injection risks of running frontier models outside of isolated environments.

[If Claude Fable stops helping you, you’ll never know] · Source Simon heavily critiqued Anthropic’s initial system card for Fable 5, which revealed the use of “silent interventions” to purposefully degrade the model’s outputs regarding frontier ML research. He pushed back against this hostile approach to protecting organizational goals, a controversy that ended with Anthropic officially walking back the policy after massive community outcry.

[OpenAI WebRTC Audio Session, now with document context] · Source Continuing his trend of building small, sharp tools to bypass official app delays, Simon upgraded his custom browser-based API playground to support the newly released GPT-Realtime-2 model. He added a highly practical feature allowing users to paste large chunks of reference material directly into the tool, enabling interactive, multi-modal audio conversations grounded in specific document context.

Project Updates#

It was an exceptionally busy week for releases, heavily driven by Claude Fable 5’s impressive zero-shot coding capabilities. Simon shipped multiple alpha versions of micropython-wasm to provide secure code sandboxing, alongside datasette-agent-edit 0.1a0 to standardize LLM text modifications. He also pushed datasette-agent 0.2a0, introducing stateful ask_user() interactions, released llm 0.32a3, and brought Datasette closer to stability with datasette 1.0a33.

Themes#

The overarching theme this week was the tension between the incredible utility of frontier AI models and the critical need for robust security guardrails. Simon repeatedly highlighted how highly capable models like Claude Fable 5 can drastically accelerate open-source tool development, while simultaneously emphasizing that their relentless proactivity and the threat of prompt injections demand rigorous sandboxing, defensive platform features, and transparent lab policies.


Categories: Blogs, AI, Tech