Claude Code Daily Briefing - 2026-05-09

Release Summary

Version	Date	Key Changes
v2.1.137	5/9	Fix Windows extension activation failure
v2.1.136	5/8	`autoMode.hard_deny`, MCP OAuth refresh token loss fix, WSL2 image paste, login loop fix
v2.1.133	5/7	`worktree.baseRef`, effort level in Hooks, memory optimization

Full release notes

New Features & Practical Usage

v2.1.136 — autoMode.hard_deny, Major MCP Stability Improvements (5/8)

v2.1.136 brings important improvements to auto mode control and MCP stability.

settings.autoMode.hard_deny: You can now set unconditional blocking rules at the auto mode classifier level. Unlike denyRules which prompt for confirmation, hard_deny blocks tool calls outright at the classifier level — a significant safety upgrade for long-running autonomous agents.

MCP OAuth stability fixes: MCP servers configured in .mcp.json, plugins, and claude.ai connectors no longer disappear after /clear. Additionally, OAuth refresh token loss during concurrent server refreshes and login loops from concurrent credential writes have been fixed.

WSL2 image paste: Pasting images from Windows clipboard into WSL2 terminals now works via PowerShell fallback.

Extended thinking 400 error fix: API 400 errors when redacted thinking blocks appeared after tool calls have been resolved.

{
  "autoMode": {
    "hard_deny": [
      { "tool": "Bash", "pattern": "rm -rf /" }
    ]
  }
}

GitHub v2.1.136

Anthropic Signs $1.8B, 7-Year Compute Deal with Akamai (5/8)

Anthropic has signed a $1.8 billion, 7-year cloud computing contract with Akamai Technologies — the largest single deal in Akamai’s history.

CEO Dario Amodei disclosed 80x growth in annualized revenue and usage in Q1, stating the company is “working as quickly as possible” to secure compute resources. Akamai shares surged 28% on the announcement.

This expands Anthropic’s infrastructure portfolio to:

SpaceX Colossus (300MW, 220K+ GPUs) — announced 5/6
Akamai ($1.8B, 7 years) — announced 5/8
Google Cloud ($200B, 5 years)
Amazon (5GW)
Microsoft/NVIDIA ($30B Azure)
Fluidstack ($50B US AI infrastructure)

Bloomberg | Yahoo Finance | Boston Globe

Developer Workflow Tips

Five Agentic Workflow Patterns for Claude Code

MindStudio has published a practical breakdown of five Claude Code workflow patterns gaining traction among practitioners:

Sequential Flow: Step-by-step execution. Best for simple, linear tasks
Operator: One orchestrator delegates subtasks to workers, collects results. Best for complex single tasks
Split-and-Merge: Independent tasks split in parallel, results merged. Best for code review, multi-file analysis
Agent Teams: Specialized agents collaborate persistently with distinct roles. Best for long-running projects
Headless: Unattended execution in CI/CD or cron. Best for automated verification and deployment

The key design principle: sub-agents receive only their task prompt, not the parent’s full conversation. This context isolation is what allows Claude Code to handle large codebases without context window overflow.

MindStudio

Building Safety Nets with autoMode.hard_deny

The new autoMode.hard_deny in v2.1.136 complements existing denyRules. While denyRules require user confirmation, hard_deny blocks unconditionally at the classifier level. When running agents autonomously for extended periods, register commands that must never execute here.

{
  "autoMode": {
    "hard_deny": [
      { "tool": "Bash", "pattern": "git push.*--force" },
      { "tool": "Bash", "pattern": "DROP TABLE" }
    ]
  }
}

Security & Limitations

React/Next.js: 12 Security Vulnerabilities Disclosed — Immediate Patching Required (5/8)

React and Vercel simultaneously disclosed 12 security vulnerabilities spanning React Server Components and Next.js.

Severity: 6 High, 4 Moderate, 2 Low

Attack vectors: DoS, middleware bypass, SSRF, XSS, cache poisoning

Patch versions: React 19.0.6/19.1.7/19.2.6, Next.js 15.5.16/16.2.5

Many vulnerabilities cannot be safely blocked at the WAF level, making application code patching essential. If you’re managing Next.js projects with Claude Code, update dependencies immediately.

# Update Next.js
npm install next@latest react@latest react-dom@latest

GeekNews

Ecosystem & Plugins

EPAM Partners with Anthropic — Training 10,000 Claude-Certified Architects

EPAM Systems has signed a multi-year strategic partnership with Anthropic. The centerpiece is a CEO-mandated program to train 10,000+ Claude-certified architects.

Current progress:

20,000+ employees completed Anthropic training
1,300 certified (current)
5,000 target by end of Q3 2026
250 specialized Forward-Deployed Engineer “Black Belts”

The goal is moving enterprises from “AI experimentation” to “safe, large-scale applied AI” using Claude, Claude Code, and Claude Agent SDK.

EPAM | PR Newswire

Anthropic Reports 80x Revenue Growth — Infrastructure Expansion Accelerates

Dario Amodei disclosed 80x growth in annualized revenue and usage during Q1 when announcing the Akamai deal. Signing SpaceX (5/6) and Akamai (5/8) deals within the same week reflects the urgency of meeting explosive demand. The jump from 17x API traffic growth (announced at Code with Claude SF) to 80x suggests post-conference demand surged dramatically.

Community News

“Programming Still Sucks” — It’s Greed, Not AI: A 2026 sequel to Peter Welch’s 2014 viral essay argues that management short-termism, not AI automation, is destroying the tech industry. The elimination of junior-to-senior growth pipelines, loss of unmeasurable operational knowledge, and “greed wearing an AI mask” are the core issues. 21 points, 6 comments. GeekNews
OpenAI Codex vs Claude Code Real-World Comparison: The New Stack tested OpenAI’s new Codex features on a real Python codebase and called it “the strongest Claude Code rival yet.” The agentic coding tool competition is heating up. The New Stack
Code with Claude London (5/19) Registration Open: After the SF main event and Extended wrap-up, next stops are London (5/19) and Tokyo (6/10). Livestream available. Code with Claude

Minor Changes

CLAUDE_CODE_ENABLE_FEEDBACK_SURVEY_FOR_OTEL: New env var for session quality surveys via OpenTelemetry (v2.1.136)
--resume/--continue path fix: Sessions with underscores in project paths were not found (v2.1.136)
Plan mode file write security fix: File writes matching Edit(...) allow rules were incorrectly permitted in plan mode (v2.1.136)
Slash command dialog UI consistency: Visual consistency improvements across colors, diffs, scrolling, and terminal output (v2.1.136)
Extended thinking redacted block fix: API 400 errors from redacted thinking blocks after tool calls resolved (v2.1.136)

Interesting Projects & Tools

Vault Terminal — Run Claude Code/Codex Inside Obsidian: An Obsidian plugin that embeds a terminal in the right sidebar, letting you run Claude Code and Codex alongside your project docs and design notes. Supports PowerShell, zsh, and bash on Windows/macOS. Beta stage. 9 points, 4 comments. GeekNews | GitHub
Blinder — Auto-Mask Secrets Before Sharing Projects with AI Agents: A CLI tool that detects hardcoded API keys and passwords, extracts them to .env files, and replaces them with environment variable references. Two modes: blinder blind (buildable code) and blinder mask (read-only for AI agents). Supports iOS, Android, Flutter, Node.js, React, Spring Boot, Ruby. GeekNews | GitHub