Krypteia Sec
Back to AI Briefs
TLP:CLEARAI-2026-0608

Daily AI Builder Brief - June 8, 2026

June 8, 20262 min read
aiclaude-codeanthropicmcpbuilder-intel

Executive Summary

  • Claude Code 2.1.166 adds fallbackModel (up to three models tried in order when the primary is overloaded).
  • Same release adds glob patterns in MCP deny rules: "*" denies all tools in one line.
  • Cross-session messaging hardened: messages from other Claude sessions no longer carry your user authority.
  • Thinking is now fully disable-able (MAX_THINKING_TOKENS=0, --thinking disabled) even on models that think by default.
  • Anthropic mapped a year of AI-enabled attacks to MITRE ATT&CK: medium-or-higher risk actors jumped from 33% to 56%.
  • The differentiator isn't technique count, it's the autonomous "scaffolding" attackers build to chain steps.
  • Strava shipped an official remote MCP connector, Claude-first.

Claude Code

2.1.166 to 2.1.168 (June 5 to 6)

Feature work landed in 2.1.166: fallbackModel setting and --fallback-model for interactive sessions, MCP deny-rule glob patterns, hardened cross-session permission relays, per-model thinking toggle, a one-retry-on-fallback path for unexpected API errors, JetBrains terminal flicker fix, and a Kitty-protocol Shift+non-ASCII fix. 2.1.167 and 2.1.168 were reliability follow-ups. Changelog

Anthropic

Mapping a year of AI-enabled cyber threats (June 3 to 4)

Anthropic analyzed 832 banned accounts against MITRE ATT&CK. AI use is shifting from initial access toward post-compromise activity (account discovery up 8.9%), and 67.3% used AI to write malware. Report

MCP Ecosystem

Toward a stateless core

The next MCP spec drops the protocol-level Mcp-Session-Id, so any request can land on any instance: no sticky sessions, plain round-robin load balancing, cacheable tools/list. MCP Blog

Strava official connector (June 1)

Strava began rolling out a remote MCP server for subscribers, OAuth-based, launching Claude-first. Strava

Broader AI

Nothing today.

What This Means For Builders

  • Set fallbackModel now: overload no longer stalls an agent run, it degrades gracefully.
  • If you ship MCP tooling, audit deny rules with the new globs and assume cross-session messages are untrusted.
  • The ATT&CK data says defenders should model autonomous chaining, not lone techniques: test your own agents for the same scaffolding.
  • Design remote MCP servers stateless now so they're ready for the round-robin spec.

Sources

  1. https://code.claude.com/docs/en/changelog
  2. https://www.anthropic.com/news/AI-enabled-cyber-threats-mitre-attack
  3. https://blog.modelcontextprotocol.io/
  4. https://support.strava.com/hc/en-us/articles/46190267796237-Strava-MCP-Connector
  5. https://www.anthropic.com/news