Krypteia Sec
Back to AI Briefs
TLP:CLEARAI-2026-0609

Daily AI Builder Brief - June 9, 2026

June 9, 20263 min read
aiclaude-codeanthropicmcpbuilder-intel

Executive Summary

  • Claude Code 2.1.169 (June 8) adds --safe-mode to disable all customizations for troubleshooting and /cd to switch directories without breaking the prompt cache.
  • 2.1.169 also fixes enterprise MCP policy enforcement on reconnect and stops background agents ignoring project-level env vars.
  • 2.1.166 (June 6) introduced fallbackModel (up to three models tried in order) and glob support in deny rules, so "*" now denies all tools.
  • Dynamic workflows in Claude Code went to research preview: Claude writes JavaScript orchestration scripts running tens to hundreds (up to 1,000) of parallel subagents in one session.
  • The MCP 2026-07-28 release candidate is out: it removes the protocol-level session and Mcp-Session-Id header, so remote servers run behind a plain round-robin load balancer.
  • A fresh MCP CVE wave landed: VIPER-MCP swept ~40,000 repos for 67 CVEs, Akamai disclosed three database-MCP flaws (one unpatched), and the NSA published MCP hardening guidance.

Claude Code

2.1.169: safe-mode, /cd, and enterprise MCP fixes (June 8)

--safe-mode strips CLAUDE.md, plugins, skills, hooks, and MCP servers for clean troubleshooting. /cd changes working directory mid-session without a cache flush. Background agents now respect project env vars, and enterprise MCP policy enforces correctly on reconnect. Changelog

2.1.166: fallbackModel and glob deny rules (June 6)

Set up to three fallbackModel entries for automatic failover. Deny rules now take globs, so "*" blocks every tool. MAX_THINKING_TOKENS=0 disables thinking on default-thinking models. Changelog

Dynamic workflows hit research preview

Claude plans a task, writes an orchestration script, and fans work across parallel subagents with results checked before merge. Aimed at migrations, broad bug hunts, and security audits. Max, Team, and Enterprise plans. Announcement / Docs

Anthropic

Nothing new on the official newsroom inside the 48-hour window; latest post is June 3. The week's builder-relevant shift is the dynamic workflows preview above.

MCP Ecosystem

2026-07-28 release candidate: stateless core

The largest revision since launch. Drops the session layer, lets clients cache tools/list per ttlMs, and aligns auth with OAuth/OpenID Connect. Ten-week validation window before the final spec. MCP blog

Broader AI

New MCP vulnerability wave

VIPER-MCP produced 67 CVEs across ~40,000 server repos, Akamai disclosed three database-MCP flaws, and the NSA shipped design guidance. Roughly 40% of remote servers still expose tools with no auth. Adversa roundup

What This Means For Builders

  • If you run remote MCP servers, start planning for the stateless RC now: you can drop sticky sessions and shared session stores, but you've got a ten-week window to validate.
  • Audit your MCP servers this week. With 67 fresh CVEs and ~40% of remote servers unauthenticated, assume your dependencies are in scope.
  • Use fallbackModel to harden agent pipelines against single-model rate limits or outages.
  • Reach for dynamic workflows on migrations and audits that don't fit one context, but keep them on Max/Team/Enterprise and verify the merged output.

Sources

  1. https://code.claude.com/docs/en/changelog
  2. https://claude.com/blog/introducing-dynamic-workflows-in-claude-code
  3. https://code.claude.com/docs/en/workflows
  4. https://blog.modelcontextprotocol.io/posts/2026-07-28-release-candidate/
  5. https://adversa.ai/blog/top-mcp-security-resources-june-2026/
  6. https://www.anthropic.com/news