Krypteia Sec
Back to AI Briefs
TLP:CLEARAI-2026-0607

Daily AI Builder Brief - June 7, 2026

June 7, 20263 min read
aiclaude-codeanthropicmcpbuilder-intel

Executive Summary

  • Claude Code 2.1.166 adds fallbackModel (up to three models tried in order) so sessions degrade instead of hard-failing on overload.
  • --fallback-model now applies to interactive sessions, and /bg detached workers keep it too.
  • MCP deny rules gain glob support: "*" in the tool-name position denies all tools.
  • Cross-session security hardened: messages relayed via SendMessage no longer carry user authority.
  • Anthropic + MITRE mapped 832 banned accounts to ATT&CK: medium-or-higher-risk actors rose from 33% to 56% in a year.
  • AI use is shifting from initial access toward post-compromise orchestration, which ATT&CK has no IDs for yet.
  • MCP 2026-07-28 spec release candidate is in its validation window: stateless core, MCP Apps, Tasks extension.

Claude Code

2.1.166: fallback model chains and safer messaging

Configure fallbackModel with up to three models tried in order when the primary is overloaded. The flag now covers interactive sessions, and backgrounded workers keep degrading instead of failing. Thinking control improved: MAX_THINKING_TOKENS=0 and --thinking disabled now turn off thinking on models that think by default. Changelog

MCP glob deny rules

Deny rules accept glob patterns in the tool-name position, so "*" denies all tools. Allow rules reject non-MCP globs. Tighter default-deny posture for agent tool surfaces. Changelog

Anthropic

A year of AI-enabled cyber threats, mapped to MITRE ATT&CK

Anthropic analyzed 832 accounts banned March 2025 to March 2026. Highest-risk actors now use AI to orchestrate killchains, not just write tooling, and that autonomy has no ATT&CK ID yet. Read it as a threat-model input, not a headline. Anthropic

MCP Ecosystem

2026-07-28 spec release candidate

The largest revision since launch is in its SDK validation window: a stateless core that runs behind plain round-robin load balancing, server-rendered UIs via MCP Apps, long-running work via the Tasks extension, and OAuth/OIDC-aligned auth. Tier 1 SDKs ship support before the July 28 final. MCP Blog

Broader AI

Nothing today.

What This Means For Builders

  • Set fallbackModel now: overload-driven failures become silent degradations, so log which model actually ran.
  • Audit MCP deny rules: glob "*" gives you a real default-deny baseline before whitelisting specific tools.
  • If you maintain a remote MCP server, start testing against the stateless RC; sticky sessions stop being required.
  • Treat the MITRE mapping as a checklist: post-compromise AI activity is where your agent guardrails matter most.

Sources

  1. https://code.claude.com/docs/en/changelog
  2. https://www.anthropic.com/news/AI-enabled-cyber-threats-mitre-attack
  3. https://www.anthropic.com/news
  4. https://blog.modelcontextprotocol.io/posts/2026-07-28-release-candidate/
  5. https://www.helpnetsecurity.com/2026/06/05/anthropic-ai-cyber-activity-analysis/