Claude Report — 2026-07-03
- Anthropic details Fable 5's four-tier cyber classifier and a CJS-0→CJS-4 jailbreak severity scale with a HackerOne bounty (Jul 2)
- Claude Code ships v2.1.199 (Jul 2): stacked skill invocations, streaming/subagent reliability fixes, background-daemon crash fix
- Claude Enterprise adds beta model entitlements and spend alerts so admins can cap which models/effort levels users access (Jul 1)
- Anthropic tightens Claude access controls to block Chinese firms using Singapore subsidiaries and VPNs as offshore workarounds (Jul 3)
- Sonnet 5 backlash sharpens with concrete tokenizer math (27–42% more tokens) even as it nears Opus 4.8 on benchmarks
🚀 Anthropic Official
More details on Fable 5's cyber safeguards and our jailbreak framework (Jul 2)
Publishes the mechanics behind Fable 5's cybersecurity classifier, which sorts requests into four categories instead of blanket-blocking dual-use security work, with ransomware, wipers, cyber-physical sabotage, and C2 infrastructure development always blocked. Proposes a joint Claude Jailbreak Severity (CJS) scale with Amazon, Microsoft, Google, and other Glasswing partners running CJS-0 (informational) to CJS-4 (critical) on a logarithmic scale, and opens a HackerOne program for researchers to submit cyber jailbreaks.
Claude Enterprise adds model entitlements and admin analytics in beta (Jul 1)
Lets admins control which models and effort-level settings their users can access org-wide, paired with richer usage/cost/productivity analytics and spend alerts to avoid surprise overages.
Claude Code v2.1.199 (Jul 2)
Stacked slash-skill invocations (e.g. /skill-a /skill-b) now load up to 5 leading skills instead of just the first; SSL/TLS-proxy certificate errors now fail immediately with fix hints instead of burning retries; mid-stream server errors now preserve partial streamed output with an incomplete-response notice; subagents cut off by rate limits or errors now return partial work instead of silently failing; fixes a Linux background-agent daemon that killed itself and every running agent roughly every 50 seconds after an unclean shutdown; raises the transient-error retry ceiling via CLAUDE_CODE_RETRY_WATCHDOG.
anthropic-sdk-python v0.116.0 and anthropic-sdk-typescript v0.110.0 (Jul 2)
Both SDKs add support for the new agent-memory-2026-07-22 beta header, following the Managed Agents memory beta; v0.115.1 (Python, Jul 1) and the TypeScript sdk v0.109.1 (Jul 1) shipped cleanup releases removing nonfunctional types.
Anthropic tightens access controls on Chinese offshore workarounds (Jul 3)
Starts monitoring account signals like computer time zones and usage patterns to catch China-linked firms routing around export restrictions via Singapore subsidiaries, cloud platforms, and VPNs, after reports that Ant Group and ByteDance staff accessed Claude through such channels.
🔌 Claude Code Plugins
Plugin tracking skipped — ranking cache unavailable this cycle.
🛠️ Skills
Piebald-AI/claude-code-system-prompts
Tracks Claude Code's internal system prompt for v2.1.199, adding +25,167 tokens (Jul 3), continuing the release-by-release size tracking after v2.1.198's +53,384-token jump.
anthropics/skills
Updates the claude-api skill with Claude Sonnet 5 and Managed Agents July guidance (Jul 1).
Unchanged in window: alirezarezvani/claude-skills, glebis/claude-skills, ComposioHQ/awesome-claude-skills
🤖 Agents & Subagents
anthropics/claude-agent-sdk-typescript
Ships v0.3.199 (Jul 2) adding requestId to canUseTool options for correlating out-of-band permission responses, a blocked field on workflow_agent progress events flagging when the auto-mode safety classifier stops an agent, and mode: "mask" plus per-credential injectHosts for sandbox credential settings.
Unchanged in window: nicobailon/pi-subagents, anthropics/claude-plugins-official (agents), Chachamaru127/claude-code-harness, affaan-m/everything-claude-code
🔗 MCPs & Integrations
modelcontextprotocol/typescript-sdk
Ships v2.0.0-beta.2 across all packages (Jul 2) adding CommonJS builds alongside ESM output and fixing an HTTP 400 mis-dispatch for MissingRequiredClientCapabilityError.
awslabs/mcp
Releases 2026.07.20260702161703 (Jul 2) adding MSSQL and Oracle support to the RDS MCP server, closing read-only bypasses (CWE-184) in the MySQL server, requiring S3 Storage Lens queries to be read-only SELECTs, and migrating the Valkey server to GLIDE.
Unchanged in window: portainer/portainer-mcp, mcp-python-sdk (modelcontextprotocol/python-sdk), github-mcp-server
💡 Community — Workflows & Ideas
Fable 5's one-week trial exposes a coding-fallback quirk (Jul 2)
Paid users get Fable 5 for up to 50% of weekly limits through Jul 7, but the model routes flagged coding requests back to Opus 4.8, leading early reviewers to recommend using the window for planning and hard problems rather than implementation.
Sonnet 5 backlash sharpens with concrete tokenizer math (Jul 1)
A viral post calling it "a useless release, absolute flop of a model" spreads as analysis pins the new tokenizer's inflation at 27–42% for identical input, even though Sonnet 5 nears Opus 4.8 on benchmarks like SWE-bench Pro (63.2%) and GDPval-AA v2.
📰 Quick Mentions
- Claude Sonnet 5 reaches GA on Microsoft Foundry (Jul 2) — clears a procurement barrier for enterprises running Claude on Azure.
- US formally lifts export controls on Fable 5 and Mythos 5 (Jul 1) — the Commerce Department order that pulled the models offline on Jun 12 is rescinded, clearing the way for Anthropic's own restoration.