Krypteia Sec
Back to AI Briefs
TLP:CLEARAI-2026-0524

Daily AI Builder Brief - May 24, 2026

Invalid Date3 min read
aiclaude-codeanthropicmcpbuilder-intel

Executive Summary

  • Claude Code 2.1.149 lands /usage per-category cost breakdown (skills, subagents, plugins, per-MCP-server), so you can finally see which connector is burning tokens.
  • Four PowerShell and worktree permission bypasses patched in the same release. If you're on Windows or use git worktrees with Claude Code, update now.
  • Claude Code now renders GFM task lists (- [ ] / - [x]) as real checkboxes in output.
  • Anthropic published a Project Glasswing update: ~50 partners found 10,000+ high/critical vulns in one month using Claude Mythos Preview. Claude Security is in public beta for Enterprise.
  • MCP 2026-07-28 release candidate locked May 21: stateless core, MCP Apps (server-rendered UI), Tasks extension for long-running work, OAuth/OIDC-aligned auth. Final spec ships July 28.
  • Enterprise: allowAllClaudeAiMcps managed setting lets admins load claude.ai cloud connectors alongside managed-mcp.json.

Claude Code

2.1.149: /usage breakdown, GFM checkboxes, sandbox fixes

Per-MCP-server cost is now visible in /usage. Scrollable /diff detail view with arrow/j/k/PgUp/PgDn keys. Markdown task lists render as checkboxes. /feedback reports now include pre-compaction conversation. Changelog

Security: PowerShell and worktree permission bypasses

Built-in cd functions (cd.., cd\, cd~, drive letters) were changing working directory undetected. Sandbox write allowlist in git worktrees was covering the entire main repo instead of just shared .git. Both fixed in 2.1.149. Patch immediately if you're on Windows. Changelog

Anthropic

Project Glasswing: initial update

50 partners, one month, 10,000+ high/critical vulns found. Cloudflare alone reports 2,000 bugs (400 high/critical). Claude Security is in public beta for Enterprise; custom vuln-scanning skills and a triage harness are available. Mythos-class models stay restricted. Anthropic post

MCP Ecosystem

Spec 2026-07-28 release candidate locked (May 21)

Largest revision since launch. Stateless core runs behind plain round-robin load balancers (no sticky sessions, no shared session store). Adds MCP Apps for server-rendered UI, Tasks extension for long-running work, and tightens auth to OAuth/OIDC. Ten-week validation window; final spec July 28. MCP blog

Broader AI

Nothing today.

What This Means For Builders

  • Run /usage after your next session and kill any MCP connector that isn't earning its tokens. The per-server breakdown makes that decision trivial now.
  • If you ship MCP servers, start porting to the 2026-07-28 RC now. Sticky-session infra becomes optional; the gateway story gets much simpler.
  • Windows + Claude Code users: update before your next session. The PowerShell cd bypass is the kind of thing that quietly defeats your sandbox.
  • Enterprise security teams: Claude Security beta is the path to ship Glasswing-grade scanning without waiting for Mythos access.

Sources

  1. https://code.claude.com/docs/en/changelog
  2. https://www.anthropic.com/research/glasswing-initial-update
  3. https://blog.modelcontextprotocol.io/posts/2026-07-28-release-candidate/
  4. https://www.anthropic.com/news