Skip to content
Krypteia Sec
Back to AI Briefs
TLP:CLEARAI-2026-0612

Daily AI Builder Brief - June 12, 2026

Claude Code 2.1.175 lands enforceAvailableModels governance, the MCP 2026-07-28 spec release candidate drops a stateless core, and Anthropic ships sandboxed Managed Agents plus a DXC regulated-industry deal.

By The Operator·June 12, 2026·3 min read
aiclaude-codeanthropicmcpbuilder-intel

Executive Summary

  • Claude Code 2.1.175 adds enforceAvailableModels, so a managed availableModels allowlist now also constrains the Default model and can't be widened by user or project settings.
  • 2.1.174 fixed background sessions inheriting another session's ANTHROPIC_* provider env, a real footgun for anyone running background daemons against gateways.
  • The MCP 2026-07-28 release candidate is public: a stateless core that runs behind a plain round-robin load balancer, no sticky sessions.
  • MCP adds required Mcp-Method and Mcp-Name headers so gateways route without reading the body, plus MCP Apps (sandboxed HTML) and first-class Tasks.
  • Anthropic's Managed Agents can now run in a sandbox you control and reach your private MCP servers inside enterprise boundaries.
  • DXC will embed Claude into systems banks and airlines depend on; regulated-industry deployment is going mainstream.

Claude Code

2.1.175: enforceAvailableModels managed setting

When enabled, the allowlist constrains Default too, and a disallowed Default falls back to the first allowed model. Governance for fleets. changelog

2.1.174: background session env isolation

Fixed background sessions inheriting ANTHROPIC_* provider env (gateway URL, headers, aliases) from the starting shell. Also added /usage attribution in VSCode across cache misses, subagents, and per-skill breakdowns. changelog

Anthropic

Managed Agents: sandbox plus private MCP

Agents now execute tools in a sandbox you control and connect to your own MCP servers, both inside established enterprise boundaries. news

DXC regulated-industry integration

Claude going into the core systems banks, airlines, and other regulated sectors run on. news

MCP Ecosystem

2026-07-28 spec release candidate

Largest revision since launch. Stateless core (no initialize handshake, no Mcp-Session-Id), required Mcp-Method/Mcp-Name routing headers, MCP Apps server-rendered HTML in sandboxed iframes, and Tasks reshaped around task handles via tasks/get|update|cancel. Tier 1 SDKs are expected to ship support inside the ten-week window before the July 28 final. mcp blog

Broader AI

Nothing today.

What This Means For Builders

  • If you run Claude Code across a team, enforceAvailableModels is the lever to pin models centrally; set it before someone's project config drifts.
  • Audit any background-daemon workflow against gateways: the 2.1.174 env-isolation fix means prior runs may have used the wrong provider config silently.
  • Don't rebuild remote MCP servers around sticky sessions now. The stateless core is coming; design for round-robin and header routing.
  • Tier 1 SDK support lands within ten weeks, so plan MCP server upgrades against that window, not the July 28 date.

Sources

  1. https://code.claude.com/docs/en/changelog
  2. https://www.anthropic.com/news
  3. https://blog.modelcontextprotocol.io/posts/2026-07-28-release-candidate/
  4. https://modelcontextprotocol.io/development/roadmap
ΛKrypteia Sec Research·June 12, 2026