US Government Blocks Anthropic’s Frontier Models, Slack Goes MCP-Native, and AWS Ships Real-Time Web Search for Agents
I recently got the chance to attend and speak at MCP Summit Mumbai 2026, and what a great experience it was! I will cover the major talks in the next issue. But first, let’s dive into this week’s MCP updates, because there is a lot to unpack.
In this blog, we cover a government move against Anthropic’s newest models, Slack as a full MCP hub, AWS live web search for agents, new Claude Code controls, Vercel’s agent infrastructure suite, and a new security layer for MCP servers from WitnessAI.
TL;DR
The US government ordered Anthropic to suspend Fable 5 and Mythos 5 for all foreign nationals over a reported jailbreak. Slack’s MCP client went generally available, connecting 20-plus enterprise tools inside Slackbot. AWS launched live web search for Bedrock AgentCore at $7 per 1,000 queries. Anthropic shipped enterprise-managed authorization for MCP connectors, live artifacts in Claude Code, and a seven-method steering guide for Claude Code.
Vercel released Agent Stack, a full suite of production infrastructure for AI agents. WitnessAI launched Agentic Control, a single security control plane for all agents and MCP servers. OpenAI released LifeSciBench, a 750-task research benchmark built by 173 PhD scientists. GitGuardian and Coralogix both shipped MCP servers for secret security and observability. Brink Commerce brought natural language agent control to e-commerce operations, and AWS released an open-source MCP server for its Price List API.
Major Updates of the Week
Anthropic: Fable 5 and Mythos 5 Suspended
I was looking forward to trying Claude Fable 5. Then, before I even got the chance to log in, Anthropic suspended all access to Fable 5 and Mythos 5. An export control directive banned foreign nationals, including Anthropic’s own employees abroad, from using the models. The order cited a jailbreak where prompting the model to read and fix code could expose vulnerabilities.
Anthropic ran its own evaluation, found the exploit minor and already present in GPT-5.5, and called the action unfair. All other Anthropic models remain available. The company is working to restore access but warned this sets a risky precedent for the whole industry.
Slack: Slackbot MCP Client Now Generally Available
Slack launched general availability of its MCP client for Slackbot, turning the assistant into a central connection point for enterprise tools. The launch includes 20-plus partner apps: Atlassian, Canva, Box, Docusign, Linear, Notion, and Zoom among them. Teams pull live data, fill forms, and interact with dashboards inside Slack threads without switching tabs. Admins get a single console to manage and audit access.
AWS: Web Search on Bedrock AgentCore Now Generally Available
AWS made Web Search on Bedrock AgentCore generally available, giving agents live access to the web without leaving the AWS environment. The tool runs through the Bedrock AgentCore Gateway using MCP, pulls from Amazon’s web index and the Amazon Knowledge Graph, and returns snippets, URLs, and publication dates. User queries stay inside the customer’s AWS environment.
Claude Updates
| Vendor / Product | Key Action / Feature | Significance |
| Claude Code: Steering Methods | Seven ways to control Claude Code behavior: CLAUDE.md files, rules, skills, subagents, hooks, output styles, and system prompt appending. Each has different token costs and persistence. | Teams match the right method to each use case, balancing instruction weight against context used. |
| Claude Code: Enterprise-Managed Authorization | IT admins provision MCP connector access centrally through identity providers, starting with Okta. Employees get zero-touch setup on first login. Covers Asana, Atlassian, Canva, Figma, Linear, and Supabase. | No more per-user OAuth approvals. Offboarding is instant and personal account linking is blocked. |
| Claude Code: Artifacts | Claude Code sessions publish live web pages from session context including codebases and conversations. Updates go to the same URL automatically. Beta for Team and Enterprise plans. | Teams get a live view of agent work without screenshots or manual updates. |
Vercel: Agent Stack
Vercel launched Agent Stack, a suite of tools for building and running agents in production. It includes an AI Gateway for routing across model providers, a Workflow SDK that checkpoints each step so failed tasks restart where they stopped, Vercel Sandboxes that isolate agent-written code inside microVMs, and Vercel Connect for short-lived database permissions. A Chat SDK deploys one agent across Slack, Linear, and WhatsApp from a single codebase. Vercel also released the public beta of eve, an open-source framework for organizing agent instructions, tools, and subagents.
WitnessAI: Agentic Control
WitnessAI launched Agentic Control, a security control plane that sits where agents interact with tools and MCP servers. Security teams set one allow or block list that applies across every IDE, chat interface, and internal agent in the organization. A new MCP Catalog scores discovered servers against OWASP and CVE risk categories before anything connects. The system intercepts prompt injections, masks personal data in real time, and logs every blocked action. It works with Claude Code, Codex, and GitHub Copilot.
Other Updates
| Vendor / Product | Key Action / Feature | Significance |
| OpenAI LifeSciBench | 750-task benchmark for AI on life science research, built by 173 PhD scientists. GPT-Rosalind scores 36.1%, up from 25.7% for GPT-5.5. Models still struggle with multi-modal documents. | Credible way to measure AI progress in drug discovery, where current benchmarks fall short. |
| GitGuardian MCP Server | Scans files for hardcoded secrets before release, deploys honeytokens, and flags leaked credentials inside Cursor and Windsurf. Read-only by design. Covers 450-plus secret types. | Security checks that used to take hours now run inside the IDE as code is written. |
| Coralogix MCP Server | Streams live logs, metrics, traces, and real user monitoring data to AI agents. Integrates with Cursor and other AI code editors. Available to all Coralogix customers. | Agents diagnose production issues without an engineer pulling data from a separate dashboard. |
| Brink Commerce MCP | MCP server for Merchant Portal lets operations teams manage orders, inventory, and campaigns through natural language. Actions are scoped to the user’s role permissions. | E-commerce teams automate back-office tasks without writing API code. Agents cannot exceed the human user’s permissions. |
| AWS MCP Server for Price List | Open-source MCP server giving agents real-time access to AWS product data, pricing, and availability across regions. Works with Amazon Q Developer CLI and Claude Desktop. | Teams compare AWS service costs across regions in plain language instead of reading pricing pages manually. |
My Thoughts: AI Access Is No Longer Guaranteed?
The suspension of Fable 5 and Mythos 5 shows how quickly external decisions can reshape the landscape. Whether the government’s concerns prove justified is almost secondary. The more important takeaway is that model availability is no longer solely a commercial decision made by vendors. Regulatory and geopolitical forces are becoming part of the equation. Teams that depend on a single model provider should be thinking seriously about fallback options, portability, and multi-model architectures.
At the same time, Slack and AWS highlight where the industry is heading. Neither announcement was about launching a better model. Both were about embedding MCP into products enterprises already use every day. Slack is turning itself into an orchestration layer for business applications, while AWS is making live information retrieval a native capability inside agent workflows. These are infrastructure investments designed to make agents easier to deploy, govern, and scale.
Taken together, the week’s announcements point to a broader shift. Competitive advantage is moving away from raw model performance and toward the surrounding ecosystem: access, governance, integrations, security controls, and operational reliability. The model still matters, but increasingly the infrastructure around it determines what organizations can actually build.
