Skip to content
Back to AI Briefs
TLP:CLEARAI-2026-0704

Daily AI Builder Brief - July 4, 2026

Claude Code v2.1.200 flips the default permission mode to Manual and kills AskUserQuestion auto-continue; Anthropic ships a Fable 5 cyber classifier plus a proposed Cyber Jailbreak Severity (CJS-0 to CJS-4) framework; MCP's stateless 2026-07-28 spec heads to final.

By The Operator·July 4, 2026·4 min read
aiclaude-codeanthropicmcpbuilder-intel

The Operator's Take

The real shift today isn't a new model, it's a default. Claude Code v2.1.200 changed the "default" permission mode to Manual and stopped AskUserQuestion dialogs from auto-continuing. If you run unattended agents on a schedule, the harness will now stop and wait for a human instead of quietly proceeding, so a job that ran clean yesterday can silently hang tonight. Audit every background, cron, or launchd agent this week and pin --permission-mode or "defaultMode" explicitly. The pattern across this release is deliberate: the harness stopped doing things on your behalf, and that's a good thing for anyone who runs it autonomously.

Executive Summary

  • Claude Code default permission mode is now "Manual" across CLI, VS Code, and JetBrains (v2.1.200).
  • AskUserQuestion no longer auto-continues by default; idle timeout is now opt-in via /config.
  • Subagents cut off by rate limits or server errors now fail cleanly or return partial work instead of reporting fake success (v2.1.199 and v2.1.200).
  • Background sessions no longer silently stop after sleep/wake or re-run Esc-cancelled turns.
  • Transient 429s unrelated to your usage limit now auto-retry with backoff for subscribers.
  • Anthropic restored Fable 5 on July 1 behind a new cyber classifier that blocks over 99% of the reported jailbreak.
  • Anthropic proposed a Cyber Jailbreak Severity (CJS) framework, CJS-0 to CJS-4, to standardize how bad a jailbreak actually is.
  • MCP's stateless 2026-07-28 spec is in release-candidate, with beta SDKs already out ahead of the final ship.

Claude Code

v2.1.200: Manual permission mode and no more silent auto-continue

The "default" permission mode is now "Manual" everywhere, and AskUserQuestion won't auto-continue unless you opt into an idle timeout. Same release fixed background sessions stopping mid-turn after sleep/wake and daemon-handover bugs that let stale builds take over. changelog

v2.1.199: Subagents stop lying about success

Subagents cut off by a rate limit or server error used to report the failure as a successful result. They now report the error to the parent and keep partial work. TLS-proxy and SSL cert errors also fail fast with a fix hint instead of burning retries. changelog

Anthropic

Fable 5 cyber safeguards and the CJS framework

After a June incident, Anthropic restored Fable 5 on July 1 behind a classifier that blocks over 99% of the reported jailbreak, and split cyber activity into prohibited, high-risk dual-use, low-risk dual-use, and benign. It also proposed a Cyber Jailbreak Severity scale (CJS-0 to CJS-4) scoring jailbreaks on capability gain, breadth, ease of weaponization, and discoverability. Worth reading if you do agentic red teaming. detail

MCP Ecosystem

Stateless 2026-07-28 spec heading to final

No net-new MCP release inside the 48-hour window, but the shift builders should prep for is close: the 2026-07-28 spec removes Mcp-Session-Id and the session handshake, so remote servers run behind a plain load balancer with no sticky routing. Beta Python, TypeScript, Go, and C# SDKs are already out. This changes how you deploy and how you reason about MCP security. MCP blog

Broader AI

Nothing today.

What This Means For Builders

  • Pin --permission-mode / "defaultMode" on every unattended agent now, or expect silent stalls after the v2.1.200 default flip.
  • Trust subagent results again: the fixed error reporting means a "success" from a fan-out is now actually a success, so you can drop defensive re-checks you added as workarounds.
  • If you deploy remote MCP servers, start planning for the stateless model before July 28; sticky-session infrastructure becomes dead weight.
  • Adopt the CJS axes as a checklist when you evaluate model risk, even informally: capability gain, breadth, ease of weaponization, discoverability.

Sources

  1. https://code.claude.com/docs/en/changelog
  2. https://www.anthropic.com/news
  3. https://cybersecuritynews.com/anthropic-claude-fable-5-cybersecurity/
  4. https://www.marktechpost.com/2026/07/01/anthropic-redeploys-claude-fable-5-on-july-1-after-us-export-controls-lift-adds-new-cybersecurity-classifier/
  5. https://blog.modelcontextprotocol.io/
  6. https://blog.modelcontextprotocol.io/posts/sdk-betas-2026-07-28/
ΛKrypteia Sec Research·July 4, 2026