Daily AI Builder Brief - July 13, 2026
Claude Code 2.1.207 patches a silent security-consent bug and opens Auto mode on Bedrock/Vertex/Foundry; the MCP 2026-07-28 stateless-core spec goes final in 15 days with beta SDKs already testable; Opus 4.1 retires from the API on August 5.
The Operator's Take
The signal today isn't a shipped feature, it's a countdown. MCP's stateless-core spec goes final on July 28, the beta SDKs are already out, so any MCP server you architect this fortnight should be built stateless against the release candidate instead of the session-sticky infrastructure you'll rip out in two weeks. And if you run Claude Code in CI or under managed settings, patch to 2.1.207 before anything else: it closes a bug where non-interactive runs silently recorded security consent without ever showing the dialog. Build for the protocol that's landing, not the one that's leaving.
Executive Summary
- Claude Code 2.1.207 fixes a real security bug: managed settings from non-interactive runs were being recorded as consented with no consent dialog shown.
- Auto mode is now on by default on Bedrock, Vertex AI, and Foundry, no opt-in env var needed.
- 2.1.207 also kills the terminal freeze on long streamed responses and adds path suggestions to
/cd. - The MCP 2026-07-28 spec ships final in 15 days: stateless core, no
Mcp-Session-Id, noinitializehandshake. - Beta SDKs (Python 2.0.0b1, Go 1.7.0-pre.1, C# 2.0.0-preview.1, TS v2) support the release candidate now, alongside the current
2025-11-25version. - Claude Opus 4.1 retires from the API on August 5. Migrate pinned integrations.
- MCP remains the top agent-hijack vector: tool poisoning and fake-diagnostic injection are live in the wild.
Claude Code
2.1.207 lands a security-consent fix and default Auto mode on cloud backends
The July 11 release fixes managed remote settings from a non-interactive run being permanently recorded as consented without the security dialog, a genuine concern for CI and enterprise deployments. Auto mode no longer needs the opt-in flag on Bedrock/Vertex/Foundry, the long-response terminal freeze is fixed, and /cd gains directory suggestions. Changelog
Anthropic
Opus 4.1 scheduled for API retirement August 5
No new model or research paper landed in the 48-hour window. The actionable platform item is the developer-platform deprecation: Opus 4.1 retires on August 5, so pin-dependent integrations need to move now. Release notes
MCP Ecosystem
Stateless-core spec goes final July 28, betas testable today
The largest MCP revision since launch drops the session handshake and Mcp-Session-Id, so any request can hit any instance behind a plain round-robin balancer. It adds required Mcp-Method/Mcp-Name routing headers, ttlMs/cacheScope on list responses, an MCP Apps extension for sandboxed HTML UIs, and OAuth-aligned auth hardening. Roots, Sampling, and Logging are deprecated on 12-month sunsets. Release candidate | Beta SDKs
Broader AI
MCP is now the primary agent-hijack surface
Analysis of 1,800-plus deployed servers found over 30 percent carried an exploitable flaw. Tool poisoning (hidden instructions in tool metadata) and fake-diagnostic injection (poisoned Sentry events returned as trusted, roughly 85 percent success against coding agents) are the concrete threats. This is exactly why the July 28 auth hardening matters: prompt injection through MCP tools is a full compromise path, not a theoretical one. Adversa MCP CVEs | Obot analysis
What This Means For Builders
- Patch Claude Code to 2.1.207 first if you run it non-interactively or under managed settings. The consent bug is a trust-boundary issue.
- Architect new MCP servers stateless against the release candidate now. Session-sticky infra you ship this week is throwaway.
- Treat every MCP tool response as untrusted input. Validate
iss, scope tool metadata, and don't feed tool output straight into a command path. - Move Opus 4.1 integrations before August 5.
Sources
- https://code.claude.com/docs/en/changelog
- https://www.anthropic.com/news
- https://releasebot.io/updates/anthropic
- https://blog.modelcontextprotocol.io/posts/2026-07-28-release-candidate/
- https://blog.modelcontextprotocol.io/posts/sdk-betas-2026-07-28/
- https://adversa.ai/blog/top-mcp-security-resources-july-2026/
- https://obot.ai/blog/mcp-prompt-injection-ai-agent-security/