SpaceX deal increases usage limits, AWS MCP GA, TrustFall

TLDR;

A research- and infrastructure-heavy week. Anthropic doubled Claude Code's five-hour rate limits and credited a new SpaceX compute deal (Colossus 1: 300 MW, 220k+ NVIDIA GPUs) for making room. Claude Code shipped v2.1.128–v2.1.136 with plugin loading from URLs, cross-project Ctrl+R history, new worktree base-ref control, and auto-mode hard-deny rules — plus a viral /radio Easter egg. AWS MCP Server is generally available as part of the Agent Toolkit for AWS. The Agent SDKs shipped six releases, with a substantive v0.1.74 adding hook event streaming, deferred tool use, strict MCP config, and an Opus-only xhigh effort level. The Enterprise Analytics API (beta) exposes per-user AI cost attribution across Claude, Claude Code, Cowork, and Office agents. Adversa AI's "TrustFall" disclosure shows one-keypress RCE across all four agentic CLIs (Claude Code, Cursor CLI, Gemini CLI, Copilot CLI); Anthropic considers it out-of-threat-model and there is no patch. Anthropic, Blackstone, Hellman & Friedman, and Goldman Sachs launched a $1.5B enterprise AI services JV. Four research drops landed: PETRI donated open-source, Teaching Claude Why, Natural Language Autoencoders, and Model Spec Midtraining. Code with Claude kicked off in San Francisco on May 6; London (May 19) and Tokyo (June 10) are still ahead.

API & Model Updates

Higher Usage Limits for Claude and a Compute Deal with SpaceX — May 6, 2026 Anthropic doubled Claude Code's five-hour rate limits across Pro, Max, Team, and seat-based Enterprise plans, and removed the prior peak-hours reductions on Pro and Max. API rate limits for Claude Opus models were also raised significantly (coverage cites roughly 1,500% input / 900% output Tier 1 increases; check your console for exact numbers). The capacity comes from a new SpaceX deal: Anthropic gets the full Colossus 1 footprint in Memphis (300+ MW, 220,000+ NVIDIA GPUs including H100/H200/GB200), online within the month. Free plan and weekly caps are unchanged.

Claude Code & CLI

Claude Code v2.1.128–v2.1.136 — May 4–8, 2026

Three things worth knowing this week:

Plugins load from a URL. claude --plugin-url https://example.com/my-plugin.zip runs a plugin for the current session — handy for trying one before adding it to a marketplace, or for shipping internal plugins from your own artifact store.
Ctrl+R searches across every project again. Reverse history search now defaults to your prompts across all projects (restoring pre-v2.1.124 behavior). Ctrl+S while searching narrows back to the current project.
Sub-agents got ~3x cheaper. Sub-agent progress summaries now hit the prompt cache, cutting cache_creation token cost on multi-agent workflows.

Worth a scan: a new worktree.baseRef setting controls whether new worktrees branch from the remote default or local HEAD; autoMode.hard_deny rules can block actions unconditionally; OTEL env vars no longer leak from the CLI into Bash/MCP/LSP subprocesses; a handful of OAuth race fixes.

Code with Claude — San Francisco Kicked Off, London (May 19) and Tokyo (June 10) Next — May 6, 2026 Anthropic's developer conference opened in SF on May 6, where Dario Amodei announced the SpaceX compute deal and the doubled Claude Code rate limits on stage. London is May 19, Tokyo is June 10, and there's a virtual track. Worth a calendar block if you're shipping on Claude — keynotes have historically surfaced unannounced features.

/radio — Anthropic Quietly Shipped a Lo-Fi Radio Inside Claude Code — May 8, 2026 @ClaudeDevs posted a single-line tweet — /radio — and let it go viral. The command is a real, documented Claude Code built-in that opens Claude FM, a lo-fi station, in your browser (or prints the stream URL when no browser is available). Pure Easter egg, but a small signal that Anthropic is happy to ship for the vibe as well as the changelog.

Agent SDK & Managed Agents

Claude Agent SDK Python v0.1.74 — Hook Event Streaming, Deferred Tool Use, Strict MCP Config — May 6, 2026 The substantive release of the week. New include_hook_events option on ClaudeAgentOptions makes the CLI emit hook events (PreToolUse, PostToolUse, Stop, etc.) as HookEventMessage in the message stream — parity with the TS SDK's includeHookEvents. Adds "defer" as a valid hook decision in PreToolUseHookSpecificOutput.permissionDecision plus a new DeferredToolUse dataclass on ResultMessage. New strict_mcp_config option makes the CLI ignore project/user/global MCP configs for fully deterministic server sets. Permission context now carries decision_reason, blocked_path, title, display_name, and description for richer can_use_tool callbacks. updatedToolOutput on PostToolUseHookSpecificOutput lets you replace any tool's output before it reaches the model (not just MCP tools). Adds an xhigh effort level for Opus 4.7 (falls back to high on other models).

Agent SDKs v0.1.75–0.1.76 + TS v0.2.128–0.2.132 — Maintenance Tracking CLI v2.1.131–v2.1.132 — May 4–6, 2026 Maintenance bumps tracking Claude Code releases. Notable: v0.1.76 adds api_error_status: int | None to ResultMessage for safe-to-log HTTP status classification (429/500/529 etc.), and fixes ToolPermissionContext.suggestions deserialization so suggestions can be echoed back via PermissionResultAllow(updated_permissions=...) without AttributeError. Update: pip install claude-agent-sdk==0.1.76 or npm install @anthropic-ai/claude-agent-sdk@0.2.132.

Enterprise Analytics API: Per-User AI Cost Attribution (Beta) — May 7, 2026 Anthropic shipped programmatic per-user cost, usage, and engagement data across Claude, Claude Code, Cowork, and Office agents. Endpoints split into engagement/adoption (which connectors, how many unique users) and usage/cost (per-user token usage, per-user USD cost, time-bucketed token usage and cost). Breakdowns by model, context window, inference region, speed, cost type, and token type. Data refreshes every four hours, late events reconcile for up to 30 days — query at least 30 days back for invoicing-grade totals. Default rate limit 60 req/min. Requires Enterprise Primary Owner access and an API key with read:analytics. Cost endpoints are in beta — build defensively against schema changes. Note: data is only available after Jan 1 2026, and Claude Code via Amazon Bedrock won't return Code data through this API.

MCP Ecosystem

AWS MCP Server Generally Available — May 6, 2026 The AWS MCP Server is now GA as part of the Agent Toolkit for AWS. Single authenticated endpoint covering 300+ AWS services, sandboxed Python script execution for multi-step operations, real-time AWS documentation access, and enterprise controls via CloudWatch metrics, IAM context keys (write policies that distinguish agent vs human actions), and CloudTrail audit logging. Repo: aws/agent-toolkit-for-aws. The Agent Toolkit is the successor to the AWS Labs MCP servers — existing AWS Labs servers keep working but new development moves here.

Security

These require developer action — read before deploying.

'TrustFall' — One-Keypress RCE Across All Four Agentic CLIs (Anthropic Considers Out-of-Threat-Model) — May 7, 2026 Adversa AI disclosed a class-level convention shared by Claude Code, Cursor CLI, Gemini CLI, and GitHub Copilot CLI: once a user accepts the generic "Yes, I trust this folder" dialog, a malicious repository can spawn an MCP server as an unsandboxed native OS process with the user's full privileges — no per-server consent, no tool call from the agent required. PoC executed on Claude Code v2.1.114. There is also a zero-click variant for CI/CD pipelines invoking Claude Code via SDK (no terminal prompt at all). Anthropic's security team reviewed and declined the report as out-of-threat-model: under their model, accepting the trust dialog constitutes consent to the full project configuration. There is no patch. Adversa's argument is that informed consent isn't possible because the v2.1+ trust dialog removed the explicit MCP warning and "proceed with MCP disabled" option that earlier versions had. Coverage: Dark Reading, The Register, SecurityWeek.

Action: audit which repositories you accept trust prompts on. In CI/CD where Claude Code runs via SDK without prompts, treat any repository content as a potential execution surface. Three previously-patched CVEs share the same root cause (repo-controlled state influencing trust): CVE-2025-59536 (patched in v1.0.111), CVE-2026-21852 (patched in v2.0.65), and CVE-2026-33068 (patched in v2.1.53). TrustFall is the convention-level disclosure, not a fourth CVE.

Competitor Dev Tools

Cursor 3.3 — PR Review, Build in Parallel, Split PRs — May 6–7, 2026 Cursor 3.3 introduces a PR review experience inside the Agents Window: Reviews tab with inline review threads, Commits tab, Changes tab with file tree navigation. "Build in Parallel" identifies independent plan steps and runs them as async subagents simultaneously while keeping dependent steps in order. New quick action splits chat-context changes into multiple PRs — identifies logical slices, defaults to independent PRs, creates a backup snapshot, proposes a split plan. Skills can also be pinned as quick-action pills. Improvements include configurable Explore subagent behavior (model selection, inheritance, or disable), /multitask in the editor, and explicit MCP stale token cleanup.

OpenAI Codex April 2026 Changelog: Goals, Browser Use, GPT-5.5 — May 2, 2026 OpenAI's April changelog (published May 2) shows Codex moving toward a managed agent workspace: persisted /goal workflows, browser verification, automatic approval reviews, plugin marketplaces, and GPT-5.5 as the recommended default model. Useful comparison context if you're evaluating Claude Code's managed execution model against Codex's direction.

Enterprise & Business

Agents for Financial Services — May 5, 2026 Ten new Cowork and Claude Code plugins, Microsoft 365 suite integrations, new connectors, and an MCP app targeted at financial services and insurance organizations. If you're building in finserv, check the plugin list for pre-built integrations that may accelerate your stack.

Anthropic + Blackstone, Hellman & Friedman, Goldman Sachs — $1.5B Enterprise AI Services JV — May 4, 2026 Anthropic announced a standalone enterprise AI services firm with Blackstone, Hellman & Friedman, and Goldman Sachs, with Anthropic engineering and partnership resources embedded inside the new entity. Per the WSJ, the JV is valued at ~$1.5B with $300M commitments each from Anthropic, Blackstone, and H&F. Backed additionally by Apollo, General Atlantic, GIC, Leonard Green, and Sequoia Capital. Target industries: healthcare, manufacturing, financial services, retail, real estate, infrastructure. The model: embedded Applied AI engineers building custom Claude-powered systems for mid-market companies — implementation capacity sold alongside the API. (OpenAI announced a similar JV the same day.)

Research & Safety

Teaching Claude Why — May 8, 2026 Anthropic on how Claude is trained to understand the reasoning behind its guidelines, not just the rules themselves. Directly relevant if you're working on operator system prompts and permission policies — how Claude internalizes "why" affects how you should frame operator instructions.

Natural Language Autoencoders: Turning Claude's Thoughts into Text — May 7, 2026 The interpretability team trained Claude to translate its internal numerical representations into human-readable text. Early-stage but meaningful for builders thinking about chain-of-thought transparency and audit trails in agentic systems.

Donating Our Open-Source Alignment Tool (PETRI) — May 7, 2026 Anthropic is donating PETRI, an open-source alignment evaluation tool, to the broader research community. Worth examining as a reusable framework if you're running alignment or safety evals on Claude-based pipelines.

Focus Areas for The Anthropic Institute — May 7, 2026 Research agenda for the newly established Anthropic Institute, covering policy-adjacent technical safety work. Background reading for builders navigating compliance and responsible deployment.

Model Spec Midtraining (MSM): Improving How Alignment Training Generalizes — May 6, 2026 Alignment Science Blog: MSM substantially reduces agentic misalignment and studies which Model Specs produce better generalization. Relevant for builders designing agentic systems where Claude operates with expanded permissions.

Action Items

Immediate:

Audit your Claude Code trust posture — TrustFall is unpatched per Anthropic's threat model. Treat the "Yes, I trust this folder" dialog as broad MCP execution consent. In CI/CD via SDK, there's no prompt — assume any repo content can execute.
Update Agent SDKs if you're tracking the latest CLI: pip install claude-agent-sdk==0.1.76 or npm install @anthropic-ai/claude-agent-sdk@0.2.132. v0.1.74 in particular adds substantive new options worth reviewing (include_hook_events, strict_mcp_config, xhigh effort, updatedToolOutput).
If you're on Claude Enterprise, the Enterprise Analytics API is now live — useful for FinOps and per-user cost attribution. Cost endpoints in beta.

By June 15, 2026:

Migrate off claude-sonnet-4-20250514 and claude-opus-4-20250514 before the retirement deadline. See the migration guide — note especially that temperature + top_p together is now disallowed on the new models.

Mert Duzgun