CLAUDE·news
PTEN
0412026-05-23

Claude Report — 2026-05-23

🚀 Anthropic Official

Project Glasswing: Initial Update — May 22

  • ~50 partners (Cloudflare, Google, Microsoft, Apple, AWS, Cisco, NVIDIA, Palo Alto and others) used Claude Mythos Preview to autonomously discover 10,000+ high/critical-severity 0-days across major OSes, browsers, and critical libraries in one month.
  • CVE-2026-5194 (wolfSSL cert-forgery exploit) is among the notable discoveries; Cloudflare alone reported 2,000 bugs with a false-positive rate its security team rated better than human testers.
  • Claude Security (public beta, powered by Opus 4.7) has already patched 2,100+ enterprise vulnerabilities in three weeks; custom scanning tools, harnesses, and threat-modeling resources are now available to qualifying customers.
  • The bottleneck has shifted from finding vulnerabilities to the human capacity required for verification, disclosure, and patching — a structural challenge for the industry.
  • Mythos-class models will not be publicly released until stronger safeguards are developed, though Anthropic expects similar capabilities to emerge across the industry.

Claude Code v2.1.149 — May 22

Adds per-category cost breakdown in /usage (skills, subagents, plugins, MCP-server costs), keyboard scrolling in /diff detail view (arrows, j/k, PgUp/PgDn, Space, Home/End), native GFM task-list checkbox rendering, and an enterprise allowAllClaudeAiMcps managed setting. Fixes PowerShell permission bypass via built-in cd functions and git worktree sandbox write-allowlist issues.

claude-code-action v1.0.130–v1.0.133 — May 21–23

Adds Workload Identity Federation (OIDC) support for keyless Claude authentication in GitHub Actions CI workflows, eliminating the need to store long-lived API credentials as repository secrets.

🔌 Claude Code Plugins

None of the top 10 updated in window.

Unchanged in window: frontend-design, superpowers, context7, code-review, code-simplifier, github, skill-creator, playwright, feature-dev, claude-md-management

🛠️ Skills

None of the top 5 updated in window.

Unchanged in window: brainstorming, systematic-debugging, test-driven-development, subagent-driven-development, writing-plans

🤖 Agents & Subagents

None of the top 5 updated in window.

Unchanged in window: VoltAgent/awesome-claude-code-subagents, wshobson/agents, anthropics/claude-plugins-official agents, milisp/awesome-chatgpt-claude-agents, rahulvrane/awesome-claude-agents

🔗 MCPs & Integrations

MCP 2026-07-28 Specification Release Candidate — May 21

The largest MCP protocol revision since launch is now locked as an RC (final spec publishes July 28, 2026, with a ten-week window for Tier 1 SDKs to ship support). Key changes: stateless core removes the initialize handshake and Mcp-Session-Id header, allowing servers to run behind plain round-robin load balancers without sticky sessions; MCP Apps (SEP-1865) lets servers ship interactive HTML interfaces in sandboxed iframes; the Tasks extension graduates from experimental; OAuth/OIDC authorization hardening adds mandatory iss parameter validation per RFC 9207; full JSON Schema 2020-12 support and a formal 12-month deprecation policy.

Unchanged in window: modelcontextprotocol/servers, steipete/claude-code-mcp, mcp-server-filesystem, mcp-server-puppeteer, anthropic-mcp-connector

💡 Community — Workflows & Ideas

No relevant community posts today.

📰 Quick Mentions

Relevant items that don't warrant a full section:

← back to archiveend of edition № 041