№ 0522026-06-03

Claude Report — 2026-06-03

Anthropic publishes first systematic MITRE ATT&CK gap analysis for AI-enabled attackers (June 3), covering 832 banned accounts; identifies missing taxonomy for autonomous AI-orchestrated attack chains
Claude Code v2.1.161 (June 2) fixes a credential leak in `claude mcp`, adds OTEL metric dimension labels, and per-agent `done/total` progress counters
API (June 2): advisor tool gains a per-call `max_tokens` cap; requests returning zero-output refusals are no longer billed
Anthropic publishes a technical deep-dive on dynamic workflow harness design — `agent()`, `parallel()`, `pipeline()`, and resume semantics (June 2)
claude-agent-sdk-typescript v0.3.161 and claude-agent-sdk-python v0.2.88 ship idempotency and Trio/anyio fixes in parity with Claude Code v2.1.161

🚀 Anthropic Official

What we learned mapping a year's worth of AI-enabled cyber threats

Published June 3, 2026; analyzes 832 banned accounts across 12 months and finds medium-to-higher-risk actors climbed from 33% to 56% of the sample as attackers concentrate AI on post-compromise techniques rather than initial access. Identifies a concrete gap in MITRE ATT&CK: no taxonomy category exists for autonomous sequential AI-orchestrated attack chains, rendering traditional risk-scoring signals unreliable.

A harness for every task: dynamic workflows in Claude Code

Published June 2, 2026; explains how Claude writes JavaScript harnesses that spawn subagents with isolated context windows to eliminate agentic laziness and self-preferential bias in large task runs. Covers the agent(), parallel(), and pipeline() harness API, automatic checkpointing and resume semantics, and real-world workloads including codebase-wide migrations and adversarial verification tasks.

Claude Code v2.1.161 — Credential Leak Fix, Metric Labels, Agent Progress

Fixes a security regression where claude mcp was exposing secrets and credentials in output; OTEL_RESOURCE_ATTRIBUTES values are now attached as labels on metric datapoints, enabling custom-dimension slicing of usage data; claude agents rows display a done/total progress count when work fans out, with a peek showing the longest-running item; /mcp collapses unused claude.ai connectors behind a toggle; failed parallel Bash commands no longer cancel sibling calls in the same batch. Also fixes background subagent output corrupting claude -p stdout, managed-settings policies blocking third-party provider sessions, completed subagents stuck showing as running, EADDRINUSE socket errors, Windows bash invocation failures, and OpenTelemetry log events being dropped.

Claude API — Advisor Tool `max_tokens`; Zero-Cost Empty Refusals

The advisor tool gains a per-definition max_tokens field that caps its output per call, reducing latency and output-token cost for workloads that don't need full-length advisor responses (set tools[].max_tokens on the advisor tool definition). Requests returning stop_reason: "refusal" with zero generated content are now free — Anthropic no longer bills for empty refusal responses.

🔌 Claude Code Plugins

Plugin tracking skipped this execution (top-10 install cache not loaded).

🛠️ Skills

Piebald-AI/claude-code-system-prompts — Synced to v2.1.161

Updates within minutes of Claude Code v2.1.161 (June 2, 2026), expanding tracked built-in tool descriptions from 24 to 27; newly documented tools include CronCreate and DesignSync; sub-agent prompts (Plan/Explore/Task) and all utility prompts refreshed to match this release's prompt changes.

Unchanged in window: anthropics/knowledge-work-plugins, VILA-Lab/Dive-into-Claude-Code, ComposioHQ/awesome-claude-skills, anthropics/claude-cookbooks

🤖 Agents & Subagents

claude-agent-sdk-typescript v0.3.161 — Idempotent `initialize`, Live Agent Switching

The initialize control request is now idempotent — a duplicate call returns the existing session payload instead of an error; ControlResponse gains an optional pending_permission_requests field mirroring the error type; applyFlagSettings now live-applies agent changes, so the active agent can be swapped or reset to null mid-session without restarting the process.

claude-agent-sdk-python v0.2.88 — Trio/anyio Session Store Fix

Ports session_store code paths (TranscriptMirrorBatcher, session_resume, sessions) from raw asyncio primitives to anyio, fixing a crash (TypeError: trio.run received unrecognized yield message) when using session_store= under the trio backend; CI e2e jobs switch from static API keys to short-lived OIDC tokens via workload identity federation; bundles Claude CLI v2.1.161.

Unchanged in window: nicobailon/pi-subagents, Chachamaru127/claude-code-harness

🔗 MCPs & Integrations

No new commits in the window for the tracked servers. Last activity was May 30 (memory tool annotations + filesystem dollar-sign fix), already covered in the 2026-06-02 report.

Unchanged in window: modelcontextprotocol/servers (last activity May 30), github-mcp-server (last release May 29), awslabs/mcp (last release May 29), anthropics/claude-for-legal

💡 Community — Workflows & Ideas

No relevant news today.

📰 Quick Mentions

Relevant links that don't warrant a section of their own:

HN: Anthropic surpasses OpenAI to become most valuable AI startup — June 1 thread on the S-1 valuation milestone and $965B post-money figure
HN: Anthropic scales Claude Mythos to critical infrastructure in 15+ countries — June 2–3 thread continuing discussion of the Project Glasswing expansion
TechTimes: Anthropic ends subscription subsidy for agents June 15 — June 2 recap of separate credit-pool billing for Agent SDK, claude -p, and GitHub Actions ahead of the June 15 cutover

← back to archiveend of edition № 052