Default Effort Level Now Set to High
Claude Code's default effort level is now set to high for most users, joined by a new /team-onboarding command and interactive setup wizards for both Bedrock and Vertex AI. Elsewhere, Wired and the NYT cover Mythos's cybersecurity implications, and Bloomberg reports an Anthropic-CoreWeave compute deal.
Anthropic's Mythos Will Force a Cybersecurity Reckoning—Just Not the One You Think — Wired
Highlight
Default Effort Level Now Set to High for Most Users
If you use Claude Code with an API key, Bedrock, Vertex, Foundry, Team, or Enterprise plan, your default effort level has changed from medium to high. This means Claude will spend more tokens reasoning through complex tasks by default, which should improve output quality at the cost of higher token usage. You can still adjust this per-session with /effort.
Worth Knowing
New /team-onboarding Command Generates Ramp-Up Guides
You can now run /team-onboarding to generate a guide that helps new teammates get started with Claude Code based on your local usage patterns. If you're onboarding colleagues, this saves you from writing setup docs from scratch.
Amazon Bedrock Mantle Support and Vertex AI Setup Wizard
You can now connect to Amazon Bedrock powered by Mantle by setting CLAUDE_CODE_USE_MANTLE=1. Separately, if you use Google Vertex AI, a new interactive setup wizard on the login screen walks you through GCP authentication, project and region configuration, and model pinning -- no more manual config file editing. Last week's Bedrock wizard is now joined by a Vertex equivalent.
Enterprise TLS Proxies Now Work Without Extra Certificate Setup
Claude Code now trusts your OS certificate store by default, so if you're behind a corporate TLS-inspecting proxy, you no longer need to manually configure certificates. Set CLAUDE_CODE_CERT_STORE=bundled if you need to revert to only bundled CAs.
Focus Mode Gets a Dedicated Toggle and Smarter Summaries
If you use NO_FLICKER mode, you can now press Ctrl+O to toggle a focus view that strips output down to your prompt, a one-line tool summary with diff stats, and the final response. Claude also writes more self-contained summaries in focus mode, since it now knows you only see the final message.
Perforce Users Get Read-Only File Protection
If you work in a Perforce-managed codebase, setting CLAUDE_CODE_PERFORCE_MODE prevents Claude from silently overwriting read-only files. Instead, you'll get a p4 edit hint so you can check the file out first.
Under the Hood
Critical Bash permission bypass and command injection vulnerabilities patched
This release fixes several security-sensitive issues: a command injection in LSP binary detection, a Bash tool bypass where backslash-escaped flags led to arbitrary code execution, compound commands skipping forced permission prompts, and permissions.deny rules being overridden by hooks. If you use auto or bypass-permissions modes, update immediately.
Memory leaks fixed in long sessions, MCP connections, and flicker-free mode
Your long-running sessions should now use significantly less memory -- fixes address the virtual scroller retaining dozens of historical message copies, MCP SSE connections leaking ~50 MB/hr on reconnect, stale streaming state in NO_FLICKER mode, and /btw writing full conversation copies to disk on every invocation.
From Anthropic
In the News
Between the effort-level change, the Bash security fixes, and the Managed Agents launch, this is a week where updating promptly matters. If you run auto or bypass-permissions mode, the security patches alone warrant an immediate upgrade.