Krypteia Sec
Back to AI Briefs
TLP:CLEARAI-2026-0510

Daily AI Builder Brief - May 10, 2026

May 10, 20263 min read
aiclaude-codeanthropicmcpbuilder-intel

Executive Summary

  • Claude Code 2.1.136 fixes MCP servers silently disappearing after /clear and concurrent OAuth refresh token loss across remote MCP servers.
  • New settings.autoMode.hard_deny rule blocks tool calls unconditionally, regardless of allow exceptions.
  • Plan mode now correctly blocks file writes when a matching Edit(...) allow rule exists.
  • Anthropic reports 80x quarterly growth and $30B annualized revenue, driven by Claude Code adoption at Uber and Netflix.
  • $1.8B Akamai compute deal signed May 8 to handle the demand surge.
  • Claude misused in an attempted compromise of a Mexican water utility; Anthropic detected and disrupted the operation.
  • Petri alignment tool handed to an independent nonprofit, separating safety tooling governance from the lab.

Claude Code

v2.1.136 ships major MCP and auth fixes

MCP servers configured in .mcp.json, plugins, and claude.ai connectors no longer disappear after /clear in VS Code, JetBrains, and the Agent SDK. Concurrent OAuth refresh across multiple remote MCP servers no longer drops tokens, ending daily re-auth pain. (changelog)

hard_deny lands in auto mode

New classifier rule under settings.autoMode.hard_deny blocks unconditionally, ignoring user intent and allow exceptions. Use it for hard guardrails on shell, network, and destructive tools. (changelog)

--resume fixed for paths with underscores

Sessions in project paths containing underscores can now be resumed. Small fix that bites anyone using snake_case repo names. (changelog)

Anthropic

Q1 grew 80x to $30B annualized

Dario Amodei confirmed 80-fold quarterly growth, far above the 10x plan. Annualized revenue tripled year over year. Claude Code is the named driver. (Fortune)

$1.8B Akamai compute deal

Anthropic signed a $1.8B agreement with Akamai on May 8 to handle demand alongside the SpaceX Colossus 1 deal earlier this week. Capacity, not features, is the current bottleneck. (Bloomberg)

Petri handed to a nonprofit

Anthropic transferred its open-source Petri alignment tool to an independent nonprofit. Teams running Petri in agent safety evals get governance separation from the lab. (AI Dispatch)

MCP Ecosystem

OAuth concurrency fix in Claude Code

Tied to v2.1.136: anyone running three or more remote MCP servers with OAuth was losing tokens daily. Fixed. (changelog)

Config persistence after /clear

Same release stops silent loss of .mcp.json, plugin, and connector configs after /clear. If you've been re-adding servers across sessions, stop. (changelog)

Broader AI

Claude misused against Mexican water utility

A threat actor used Claude in an attempted compromise of a Mexican water utility. Anthropic detected, disrupted, and disclosed. Anyone shipping agentic tools should review abuse detection and rate-limit posture. (Cybersecurity Dive)

What This Means For Builders

  • If you ship agents with multiple remote MCP servers, upgrade to Claude Code 2.1.136+ today. You'll stop losing OAuth tokens and config state.
  • Add hard_deny rules now for shell, write, and network tools you never want auto-approved. It's your new last line of defense.
  • Capacity, not capability, is Anthropic's bottleneck. Plan rate-limit handling and queueing into production agents.
  • LLM abuse against critical infrastructure isn't hypothetical. Ship abuse logging and anomaly detection alongside any agentic feature.

Sources

  1. https://code.claude.com/docs/en/changelog
  2. https://fortune.com/2026/05/08/anthropic-80fold-growth-quarter-renting-elon-musk-data-center/
  3. https://www.bloomberg.com/news/articles/2026-05-08/anthropic-inks-1-8-billion-computing-deal-with-akamai
  4. https://hipther.com/latest-news/2026/05/08/111451/ai-dispatch-daily-trends-and-innovations-may-8-2026-nvidia-anthropic-petri-and-robo-ai/
  5. https://www.cybersecuritydive.com/news/anthropics-claude-compromise-mexican-water-utility/819710/