This was a reset week on AI coding infrastructure - the kind that moves defaults, not just feature flags.

Tuesday May 6 was Code w/ Claude in San Francisco. Anthropic doubled Claude Code's 5-hour rate limit for Pro, Max, Team, and Enterprise, and removed the peak-hours penalty entirely. Opus 4.7 was confirmed generally available at the same pricing as 4.6. Managed Agents picked up multi-agent orchestration, outcome targets, and "Dreaming" - a cross-session memory loop where the model reviews finished sessions and writes new memories before the next one starts. The capacity story is bigger than the model story: Anthropic announced it is taking the entirety of SpaceX's Colossus 1 in Memphis, 300MW and roughly 220,000 NVIDIA GPUs, which is what funds the rate-limit doubling.

The same Tuesday AWS announced the AWS MCP Server going GA - free, IAM-gated, with sandboxed Python execution against any AWS API. MCP just crossed from research moment to default cloud primitive. The hygiene chapter showed up alongside it: CVE-2026-33032 (CVSS 9.8) lets unauthenticated attackers take over nginx-UI MCP endpoints, and a separate design flaw in the MCP STDIO transport allows arbitrary OS command execution with up to ~200,000 servers in scope.

From the Yaw blog

Code w/ Claude

  • Simon Willison's live blog - the primary-source roundup of the day; if you read one link from this section, this is it
  • Rate limits doubled - the Claude Code 5-hour limit doubles for Pro, Max, Team, and Enterprise, and the peak-hours penalty is gone; the most concretely useful announcement of the week
  • Opus 4.7 GA - same pricing as 4.6 ($5 input / $25 output per million tokens), stronger SWE-shaped tasks, higher-resolution vision
  • Managed Agents: Dreaming + multi-agent + outcome setting - "Dreaming" reviews finished sessions and writes new memories before the next one begins; multi-agent orchestration and explicit outcome metrics are now first-class primitives
  • SpaceX Colossus 1 - Anthropic takes the full ~300MW, ~220k-GPU footprint in Memphis; the announcement also floats orbital compute as a future direction
  • Claude Security public beta - Enterprise customers get vulnerability scanning plus Opus 4.7-generated fixes; complements the agent-side security framing this week
  • Financial-services agents + Microsoft 365 - 10 ready-to-run templates (pitchbooks, KYC, month-end close); Excel, PowerPoint, and Word add-ins live, Outlook coming

MCP becomes infrastructure

  • AWS MCP Server GA - free; IAM-gated access to any AWS API including file uploads and long-running ops; sandboxed Python execution for multi-step workflows; CloudWatch and CloudTrail observability built in
  • MCP security: nginx-UI takeover + STDIO design flaw - CVE-2026-33032 (CVSS 9.8) gives unauthenticated attackers full takeover of nginx-UI MCP endpoints; separately, a fundamental STDIO-transport design flaw allows arbitrary OS command execution with up to ~200k servers in scope
  • Red Hat MCP Gateway in tech preview - sits between AI agents and MCP servers for traffic control at the infra layer; the "MCP needs middleware" thesis becomes a Red Hat product

Across the field

  • Codex for Chrome - extension that uses your signed-in browser state across multiple tabs in parallel; specifically targets workflows where APIs aren't enough (LinkedIn, Salesforce, Gmail, internal SaaS); installed via the Codex Plugins menu
  • GPT-5.3-Codex-Spark research preview - real-time coding model on the Cerebras Wafer-Scale Engine at 1000+ tok/s, 128k context, text-only; rolling out to ChatGPT Pro in the Codex app, CLI, and VS Code extension
  • Codex CLI 0.129 + 0.130 - modal Vim editing in the composer, redesigned session management, plugin workspace sharing and discoverability controls, and a new codex remote-control command for headless app-server use