Default Effort Goes High, Critical Security Patches, and Mythos Rattles the Banks

I'm Shannon, and this is the Claude Notes Brief -- your weekly rundown of Claude Code updates and Anthropic news for the week of April fourteenth. Claude Code's default effort level jumps to high. Critical security patches fix a Bash permission bypass. And federal regulators brief bank CEOs on Mythos.

Claude Code now defaults to high effort for most users -- and that single change reshapes how every session starts. If you're on an API key, Bedrock, Vertex, Foundry, Team, or Enterprise plan, Claude will spend more tokens reasoning through complex tasks before responding. The tradeoff is straightforward: better output quality, higher token usage. You can still dial it back per session, but the new baseline assumes you'd rather have thorough answers than fast, shallow ones.

It's a meaningful shift in how the tool balances cost against quality out of the box. That theme of smarter defaults carries into a new onboarding command that shipped this week. You can now generate a ramp-up guide for new teammates based on your own local usage patterns -- your configuration, your workflows, your project context. Instead of writing setup docs from scratch every time someone joins the team, Claude Code builds the guide for you.

It's a small thing, but it removes a real friction point for teams that are scaling up. On the topic of getting started, both major cloud providers now have interactive setup wizards on the login screen. Last week brought one for Amazon Bedrock, and this week Google Vertex AI gets the same treatment. The wizard walks you through authentication, project and region configuration, and model pinning -- no more hand-editing config files.

Bedrock also picked up support for Mantle, Anthropic's managed inference layer. And there's a quality-of-life improvement for anyone working in a Perforce-managed codebase. A new mode prevents Claude from silently overwriting read-only files. Instead, you'll get a hint to check the file out first.

It's a narrow feature, but if you're in a Perforce shop, it solves a genuinely annoying problem where Claude would edit a file you hadn't opened for editing, and the change would just vanish.

Under the hood, the most urgent changes this week are security fixes -- and they're serious. This release patches a command injection vulnerability in language server binary detection, a Bash tool bypass where backslash-escaped flags could lead to arbitrary code execution, compound commands that were skipping forced permission prompts, and deny rules being overridden by hooks. If you run auto or bypass-permissions modes, these patches matter a lot. Claude Code auto-updates, but the newsletter recommends confirming you're current.

On the stability side, a set of memory leak fixes targets long-running sessions. The virtual scroller was retaining dozens of historical message copies, MCP connections were leaking roughly fifty megabytes per hour on reconnect, and stale streaming state was accumulating in flicker-free mode. If you've noticed Claude Code getting sluggish after a few hours, these are the fixes behind the improvement. Focus mode also got a dedicated toggle and smarter summaries -- you can now press a keyboard shortcut to strip the view down to just your prompt, a one-line tool summary with diff stats, and the final response.

Claude also writes more self-contained summaries in this mode, since it now knows you're only seeing that last message.

Turning to broader Anthropic news, the big story this week is Mythos and its cybersecurity implications -- and it's drawing attention from some unexpected places. Wired published a piece arguing that Mythos's real impact isn't the offensive capabilities Anthropic flagged in its own safety disclosures, but the defensive gap it exposes. The argument is that organizations aren't ready for AI-accelerated attacks, and Mythos makes that gap harder to ignore. The New York Times took the story further, reporting that Treasury Secretary Bessent and Fed Chair Powell personally briefed major bank CEOs on the threat.

That's federal regulators sitting down with financial institutions to talk about a specific AI model's security implications -- not a common occurrence. If your organization is evaluating Claude deployments under new risk frameworks, both pieces are well worth your time, and we'll link them in the show notes. On the infrastructure side, Bloomberg reports that Anthropic has signed a deal with CoreWeave for additional compute capacity to power Claude. For users who've hit rate limits or capacity constraints during peak hours, more infrastructure should eventually translate to more reliable availability.

And finally, Anthropic launched Managed Agents this week -- a suite of composable APIs for building and deploying cloud-hosted agents at production scale. Wired covered the launch, and Anthropic's own engineering blog has a detailed walkthrough alongside a set of cookbooks covering everything from incident response to prompt versioning. If you've been building agent workflows locally with Claude Code and wondering what the production path looks like, this is Anthropic's answer. That's it for the brief.

I'm Shannon, and we'll see you next week.