This week in Claude — May 03, 2026

TLDR;

A builder-heavy week: Claude Security entered public beta for Enterprise — a dedicated codebase vulnerability scanner powered by Opus 4.7; Claude Code shipped v2.1.122 through v2.1.126 with claude project purge, a gateway-aware /model picker, an ANTHROPIC_BEDROCK_SERVICE_TIER env var, and an OAuth retry-loop fix (50+ stability fixes across the last four releases per @ClaudeDevs); the 1M-token context window beta is now retired for Sonnet 4 and Sonnet 4.5 (migrate to 4.6+ if you depend on long contexts); Anthropic shipped Claude for Creative Work with nine new MCP connectors covering Adobe CC, Blender, Ableton, Splice, SketchUp, and more; Meta opened its ad platform to AI assistants via an official MCP server; and Code with Claude (the Anthropic dev conference) is back next week with an open livestream.

Heads up: we're opening sponsorship for this newsletter — details at the bottom.

API & Model Updates

1M-Token Context Window Beta Retired for Sonnet 4 and Sonnet 4.5 — April 30, 2026 The context-1m-2025-08-07 beta header is now a no-op for claude-sonnet-4-20250514 and claude-sonnet-4-5-20250929; requests exceeding 200k tokens on those models return an error. Migrate to Claude Sonnet 4.6 or Opus 4.6, where 1M context is GA at standard pricing with no beta header required.

Claude API Outage — April 28 and April 30 Incidents — April 28 & 30, 2026 An elevated error rate hit the Anthropic API and Claude.ai (including Claude Code login flows) from approximately 17:34–18:52 UTC on April 28; a second outage on April 30 also affected all platforms. Both are resolved; check the status page if you saw unexplained 5xx errors in those windows.

Claude Security

Claude Security — Public Beta for Enterprise — April 30, 2026 Anthropic moved Claude Security (formerly Claude Code Security, in private preview since February) into public beta for Claude Enterprise customers. Powered by Opus 4.7, it scans full enterprise repositories for vulnerabilities, validates findings to cut false positives, and generates proposed fixes — with an integrated handoff into Claude Code to apply patches. Adds scheduled scans, directory targeting, CSV / Markdown exports, and webhook notifications. Available on the Claude Platform or through partner integrations.

Claude Code & CLI

Claude Code Stability Push — 50+ Fixes Across the Last Four Releases — April 28, 2026 @ClaudeDevs (the official Claude Code dev account) summed up the recent release cadence: 50+ stability and performance fixes shipped across v2.1.120–v2.1.123 — faster /resume, stable auth, lower memory, fewer hangs. 584K views and 3.1K likes — the community noticed. If you've been holding back on auto-update, v2.1.126 is the version to land on.

v2.1.126 — Project Purge, Gateway Model Picker, Skip-Permissions Expansion — May 1, 2026 New claude project purge [path] deletes all Claude Code state for a project (transcripts, tasks, file history, config) with --dry-run, --yes, and --interactive flags. The /model picker now lists models from your gateway's /v1/models when ANTHROPIC_BASE_URL points at a compatible gateway. --dangerously-skip-permissions now bypasses prompts for .claude/, .git/, .vscode/, and shell config files (catastrophic removal commands still prompt). OAuth login now accepts a pasted code when the browser callback can't reach localhost (WSL2, SSH, containers).

v2.1.122–v2.1.123 — Bedrock Service Tier, PR URL in /resume, OAuth Fix — April 28–29, 2026 v2.1.122 adds ANTHROPIC_BEDROCK_SERVICE_TIER env var (default / flex / priority) sent as X-Amzn-Bedrock-Service-Tier; pasting a PR URL into /resume search now finds the session that created it across GitHub, GitHub Enterprise, GitLab, and Bitbucket. v2.1.123 fixes an OAuth 401 retry loop when CLAUDE_CODE_DISABLE_EXPERIMENTAL_BETAS=1 is set.

Two undocumented Claude Code knobs from Thariq Surfaced by Thariq (@trq212, Claude Code team) on X. /tui fullscreen (Apr 29) enables a new no-flicker renderer that pins the message box always-visible — slated to become default. CLAUDE_CODE_SIMPLE=1 claude (May 2) launches an experimental "simplest harness" minimal mode. Both are undocumented but worth knowing if you're hitting redraw issues or want a barebones run.

Agent SDK & Managed Agents

Claude Agent SDK Python v0.1.72 — Bundles Claude Code CLI v2.1.126 — May 1, 2026 Latest Python SDK release tracks the CLI; also ships bug fixes from v0.1.67–v0.1.70 including: Trio compatibility restored (v0.1.67), mcp dependency floor bumped to >=1.19.0 to fix silently lost in-process MCP tool results (v0.1.70), and a Trio nursery corruption fix on early cancellation (v0.1.70). Update: pip install claude-agent-sdk==0.1.72.

MCP Ecosystem

Claude for Creative Work — 9 New MCP Connectors: Adobe CC, Blender, Ableton & More — April 28, 2026 Anthropic shipped nine new MCP connectors for professional creative tools — Adobe Creative Cloud (50+ tools across Photoshop, Premiere, Lightroom, Illustrator, InDesign, Express), Blender, Ableton, Splice, Canva Affinity, SketchUp, and Resolume. Anthropic also joined the Blender Development Fund. Because these connectors are built on open MCP, several work with other LLMs too. Academic partners include RISD, Ringling College, and Goldsmiths.

Meta Ads AI Connectors — Official Meta MCP Server Now in Open Beta — April 29, 2026 Meta opened its ad platform to external AI assistants via an MCP server at mcp.facebook.com/ads plus a CLI. The server exposes 29 tools covering campaign building, catalog management, benchmark queries, and tracking signal diagnostics. OAuth authorization is all that's needed to connect a Claude session.

CVE MCP Server — 27 Security Intelligence Tools Across 21 APIs — April 30, 2026 A new open-source MCP server turns Claude into a security analyst with tools spanning CVE lookup, exploit intelligence, risk reporting, network intelligence, and threat feeds — all via natural language.

Developer Tools & Community

Code with Claude Conference — Returns Next Week, Livestream Open — May 1, 2026 Anthropic's developer conference returns the week of May 4. Livestream registration is open via the official @claudeai post. Worth a calendar block if you're actively building on Claude — talks usually surface roadmap signals and unannounced features.

Top 10 New Open Source Claude Code Tools — May 2026 (YouTube) — May 2, 2026 Chase AI's 15-minute video covers 10 new open-source Claude Code projects including caveman, graphify, claude-video, and open-design. Good quick-scan if you're looking for community tooling.

Competitor Dev Tools

Cursor Security Review — Now in Beta for Teams & Enterprise — April 30, 2026 Cursor added always-on Security Reviewer and Vulnerability Scanner agents on Team and Enterprise plans — relevant context for teams choosing a coding agent for security-sensitive codebases.

Windsurf 2.1.29 — Devin for Terminal, Multi-model CLI — April 28, 2026 Windsurf launched Devin for Terminal (CLI agent, included in existing subscriptions) with support for Opus 4.7, GPT-5.5, and SWE-1.6 in a single CLI. Claims up to 30% better token efficiency than their Cascade agent.

Enterprise & Business

Anthropic Opens Sydney Office, Names Theo Hourmouzis ANZ GM — April 27, 2026 The Sydney office launch comes with two new platform partnerships builders should know about: Canva is bringing its Design Engine and Visual Suite into Claude Design by Anthropic Labs, and a multi-year Xero collaboration puts Claude into Xero and pipes Xero's financial data and tools into Claude.ai. Hourmouzis joins from Snowflake; ANZ enterprise customers include Commonwealth Bank and Quantium.

Research & Safety

Evaluating Claude's Bioinformatics Research Capabilities with BioMysteryBench — April 29, 2026 Anthropic published a new evaluation framework for Claude's bioinformatics capabilities. Relevant if you're building life-sciences agents and need to understand current capability limits and how Anthropic is testing them.

How People Ask Claude for Personal Guidance — April 30, 2026 Societal Impacts research on how users seek personal advice from Claude — useful context for builders designing consumer-facing products to understand where Claude is being deployed and what guardrails are empirically needed.

RSP Version 3.2 — LTBT Granted External Review Authority — April 29, 2026 Anthropic's Responsible Scaling Policy was updated to v3.2, giving the Long-Term Benefit Trust authority to request external review of Risk Reports and approve selection of external reviewers. Governance-level change; no immediate developer action required, but relevant context for enterprise compliance teams.

Action Items

Immediate:

Update Claude Code to v2.1.126 (claude update) — current stable; ships project purge, gateway-aware /model picker, and expanded skip-permissions guards. Also ensures you're past the v2.1.64 patch for last week's CVE-2026-39861 sandbox escape.
If you set CLAUDE_CODE_DISABLE_EXPERIMENTAL_BETAS=1, update to v2.1.123+ — earlier versions hit a 401 OAuth retry loop with that flag.
If you use --dangerously-skip-permissions, review the expanded paths it now bypasses (.claude/, .git/, .vscode/, shell configs) — behavior changed in v2.1.126.
If you're on Claude Enterprise, request access to Claude Security public beta — Opus 4.7-powered codebase vulnerability scanning with Claude Code patch handoff.

By now (already passed — verify you're unblocked):

1M context window beta (context-1m-2025-08-07) is retired for Sonnet 4 and Sonnet 4.5 (deadline was April 30). Requests over 200k tokens now return errors on those models. Migrate to Claude Sonnet 4.6 or Opus 4.6.

By June 15, 2026:

Migrate off claude-sonnet-4-20250514 and claude-opus-4-20250514 — both were deprecated April 14 and retire June 15. See the migration guide for Sonnet 4.5 and Opus 4.7 paths.
Migrate from @anthropic-ai/claude-code SDK to @anthropic-ai/claude-agent-sdk if you haven't — the old package is the deprecated SDK; follow the migration guide.

All resources

Sponsor "This Week in Claude"

If you sell to Claude builders, this is the first newsletter built explicitly for them — and we're opening sponsorship.

One sponsor per issue. No banner crowding, no competitor placement, no scroll past three other ads to reach the news.

Who's reading (verified in Kit, May 2026):

1,300+ subscribers — Claude Code builders, Anthropic API customers, agent dev founders, MCP authors
~50% open rate over the last 21 days, about 2x the dev-newsletter average and in Pragmatic Engineer territory
Growing 1k+ subs every month through the claudemarketplaces.com funnel

If you sell evals, observability, agent infra, an MCP server, deployment tooling, security, or dev tools for the Claude ecosystem — this is the audience already writing the code your product is meant for.

Trial sponsor rate: $1,000/mo for 4 issues, locked while we're under 2k subs. Standard rate $1,500/mo after.

Reply to this email with what you're building. One sentence is enough.

(Know someone this fits? Forward — biggest favor you can do.)

Mert Duzgun

This week in Claude: Claude Security beta, Adobe MCP, and 50+ Code fixes