Daily AI Builder Brief - May 14, 2026

Executive Summary

Claude Code 2.1.141 lands ANTHROPIC_WORKSPACE_ID for workload identity federation scoping
New terminalSequence hook field gives builders desktop notifications and window titles without seizing the terminal
Rewind menu adds "Summarize up to here" to compress earlier context mid-session
Claude for Small Business ships with connectors into Quickbooks, PayPal, HubSpot, Canva, Docusign, Google Workspace, and Microsoft 365
Claude for Legal expands with 20+ legal MCP connectors and 12 practice-area plugins
Claude Code weekly limits rise 50% through July 13 across Pro, Max, Team, and Enterprise
2.1.141 fixes a cross-session bug where /model silently changed autocompact thresholds in other sessions
Microsoft MDASH found 16 Windows flaws including 4 critical RCEs, orchestrating 100+ AI agents

Claude Code

2.1.141 ships workload identity federation and Rewind compression

ANTHROPIC_WORKSPACE_ID scopes WIF tokens to a workspace. terminalSequence in hook JSON drives notifications, titles, and bells cleanly. claude agents --cwd <path> filters session lists to a directory. The Rewind menu's "Summarize up to here" compresses context without losing the thread. Markdown table wrapping is fixed after the 2.1.136 regression. Changelog

2.1.140 tightens agents and fixes loop spam

Agent subagent_type now matches case and separator insensitively, so "Code Reviewer" resolves to code-reviewer. /loop no longer schedules redundant wakeups. Background service startup works on machines with enterprise endpoint security. Changelog

Anthropic

Claude for Small Business

Toggle install drops Claude into Quickbooks, PayPal, HubSpot, Canva, Docusign, Google Workspace, and Microsoft 365. Pre-built workflows replace the "how do I wire this up" step. Announcement

Claude for Legal expansion

20+ new legal MCP connectors and 12 practice-area plugins covering research, contracts, discovery, and matter management. Worth watching as a template for vertical MCP packs. Coverage

Claude Code weekly limits up 50% through July 13

Pro, Max, Team, and Enterprise get a temporary 50% bump. Details

MCP Ecosystem

Vertical MCP packs land in legal

The 20+ legal connectors signal Anthropic's bet on domain-specific MCP bundles over generic ones. If you build vertical agents, this is the shape to copy. Coverage

Broader AI

Microsoft MDASH finds 4 critical Windows RCEs

Microsoft's new multi-model agentic scanning harness orchestrated 100+ specialized agents to find 16 Windows flaws including 4 critical RCEs. The architecture (ensemble debate, not single-shot) is the lesson for offensive AI builders. Blog

Amazon Quick authorization bypass

Fog Security found Amazon Quick's Chat Agent API enforced restrictions only in the UI. Direct backend calls reached disabled agents. AWS rated it "none" and published no advisory. If you ship agents, server-side authz isn't optional. Help Net Security

What This Means For Builders

Wire ANTHROPIC_WORKSPACE_ID into your WIF setup. Workspace-scoped tokens are the audit story you'll need next quarter.
Vertical MCP packs (legal, small business) are the new product shape. Bundled workflows beat generic connectors.
Enforce server-side authorization on every agent call. The Amazon Quick bypass shows what happens when UI is the only guard.
The 50% weekly limit bump runs through July 13. Plan heavy agent work into that window.