Krypteia Sec
Back to AI Briefs
TLP:CLEARAI-2026-0603

Daily AI Builder Brief - June 3, 2026

June 3, 20263 min read
aiclaude-codeanthropicmcpbuilder-intel

Executive Summary

  • Claude Code shipped 2.1.160 and 2.1.161 on June 2, both maintenance-heavy with two changes builders will feel immediately.
  • acceptEdits now prompts before writing files that grant code execution (.npmrc, .yarnrc*, bunfig.toml, .bazelrc). Expect a confirmation when scaffolding.
  • claude mcp no longer prints secrets, and ${VAR} references are no longer expanded. That's a real leak fix: upgrade.
  • Anthropic expanded Project Glasswing to roughly 150 organizations across 15+ countries; partners have surfaced 10,000+ high/critical flaws via Claude Mythos.
  • Anthropic published a retrospective: "What we learned mapping a year's worth of AI-enabled cyber threats."
  • Anthropic confidentially filed a draft S-1 with the SEC (June 1).
  • MCP: no new releases in the window. The sessionless 2026-07-28 spec RC (from May 21) is still the active standards shift, final July 28.

Claude Code

v2.1.161 and v2.1.160 (June 2)

Edit no longer needs a separate Read after a single-file grep/egrep/fgrep. Parallel tool calls are tougher now: a failed Bash command no longer cancels the rest of the batch. New write-guard prompts cover shell startup and build-tool config files. The claude mcp secret-printing fix is the one to act on. Changelog

Anthropic

Expanding Project Glasswing (June 2)

Adds ~150 partners across power, water, healthcare, communications, and hardware. Partners must meet security requirements before gaining Mythos access. Post

Mapping a year of AI-enabled cyber threats (June 3)

A policy retrospective on AI-enabled attack patterns observed over the past year. Newsroom

Confidential S-1 (June 1)

Anthropic confidentially submitted a draft S-1 to the SEC, following a reported $65B round. Coverage

MCP Ecosystem

No new releases in the window

The most recent protocol news remains the 2026-07-28 Specification Release Candidate (published May 21): sessionless, stateless core, Mcp-Method header routing, cacheable tools/list, plus MCP Apps and Tasks extensions. Final spec July 28. RC post

Broader AI

Reported: starting June 15, programmatic Claude usage on subscription plans moves to a separate monthly credit pool. Confirm against your billing before then. Details

What This Means For Builders

  • Don't treat the new acceptEdits prompts as a bug. JS/Bazel scaffolding will now ask before touching execution-config files.
  • Upgrade to 2.1.161 if you pipe secrets through claude mcp. The old behavior could surface them in output.
  • Design new MCP servers for the sessionless model now: cache tools/list, drop sticky sessions, route on Mcp-Method. July 28 is close.
  • If you run Claude programmatically on a subscription, budget for the June 15 credit-pool split.

Sources

  1. https://code.claude.com/docs/en/changelog
  2. https://www.anthropic.com/news/expanding-project-glasswing
  3. https://www.anthropic.com/news
  4. https://www.cbsnews.com/news/anthropic-ipo-confidential-filing-claude-ai/
  5. https://blog.modelcontextprotocol.io/posts/2026-07-28-release-candidate/