Krypteia Sec
Back to AI Briefs
TLP:CLEARAI-2026-0517

Daily AI Builder Brief - May 17, 2026

May 17, 20263 min read
aiclaude-codeanthropicmcpbuilder-intel

Executive Summary

  • Claude Code 2.1.143 ships plugin dependency enforcement and projected context cost in the /plugin marketplace.
  • Background session editing lands behind worktree.bgIsolation: "none" for direct working copy edits without EnterWorktree.
  • PowerShell now passes -ExecutionPolicy Bypass by default and is on by default on Windows for Bedrock/Vertex/Foundry users.
  • Anthropic posted a policy paper sketching two 2028 scenarios for global AI leadership, with chip export controls front and center.
  • Programmatic Claude usage gets its own monthly credit meter starting June 15 ($20 Pro, $100 Max 5x, $200 Max 20x).
  • Salesforce's Benioff said on All-In he expects to burn about $300M in Anthropic tokens this year on coding and product work.
  • LiteLLM CVE-2026-42208 (CVSS 9.3) sits in CISA KEV; if you proxy through it, patch now.

Claude Code

v2.1.143: plugin guards, cost projection, background edits

claude plugin disable now refuses when a dependent plugin needs it. The /plugin marketplace shows per-turn and per-invocation token estimates. worktree.bgIsolation: "none" lets background sessions edit the working copy directly. Stop-hook blocking caps at 8 consecutive blocks before ending a turn. Background sessions now preserve model and effort level after idle wake. Changelog

Anthropic

2028 AI leadership scenarios

Anthropic published a paper urging tighter US and allied export controls on chips and restricted access to American AI models, framing 2028 as the fork in the road. Paper

Programmatic usage on its own meter

Starting June 15, Agent SDK, GitHub Actions, and third-party framework calls bill against a separate credit pool at API rates. Pro $20, Max 5x $100, Max 20x $200. InfoWorld coverage

Gates Foundation partnership

$200M across four years in grants, Claude credits, and technical support for global health, life sciences, education, and economic mobility. Announcement

MCP Ecosystem

Nothing notable in the last 48 hours

Last week's AWS MCP Server GA is still the freshest material change. No new official servers or spec drops since May 15.

Broader AI

LiteLLM CVE-2026-42208 in CISA KEV

SQL injection in the LiteLLM proxy, exploited within 36 hours of disclosure, added to KEV on May 8. If you route model calls through LiteLLM, confirm you're patched. The Hacker News

What This Means For Builders

  • Budget the June 15 split. If you ship anything on Agent SDK or GitHub Actions today, your subscription won't cover it next month. Price the new meter into your run cost now.
  • Turn on worktree.bgIsolation: "none" only where you want background sessions touching the working copy directly. Keep isolation on for anything pre-merge.
  • Audit any LLM proxy in the path. LiteLLM's KEV entry is the second proxy-layer RCE/SQLi this quarter; treat the proxy tier as production-critical.
  • Read the projected context cost in /plugin before installing. The marketplace now tells you what it'll cost before you find out at runtime.

Sources

  1. https://code.claude.com/docs/en/changelog
  2. https://www.anthropic.com/research/2028-ai-leadership
  3. https://www.infoworld.com/article/4171274/anthropic-puts-claude-agents-on-a-meter-across-its-subscriptions.html
  4. https://www.anthropic.com/news/gates-foundation-partnership
  5. https://thehackernews.com/2026/04/litellm-cve-2026-42208-sql-injection.html
  6. https://www.anthropic.com/news