Claude Code June Security and Reliability Sprint (2.1.160–2.1.167)
Six releases between June 2 and June 6 deliver a concentrated round of enterprise hardening, security improvements, and agentic workflow refinements to Claude Code. Together they represent the most security-focused sprint since the tool reached general availability.
The highest-impact addition in 2.1.166 is the fallbackModel setting: developers and teams can now configure up to three fallback models that Claude Code tries in order when the primary model is overloaded or unavailable. The --fallback-model flag also applies to interactive sessions, giving high-volume engineering teams a self-healing path when rate limits hit. Cross-session messaging received important security hardening — messages relayed via SendMessage from other Claude sessions no longer carry user authority, and auto mode blocks relayed permission requests entirely, preventing escalation chains across session boundaries. Setting MAX_THINKING_TOKENS=0 or --thinking disabled now disables chain-of-thought on models that think by default via the Claude API, useful for cost-sensitive batch pipelines.
Version 2.1.163 adds enterprise version governance: requiredMinimumVersion and requiredMaximumVersion managed settings cause Claude Code to refuse to start if its installed version falls outside the approved range, surfacing a clear message pointing users to the sanctioned version. This addresses a common enterprise compliance requirement for pinned toolchain versions. The release also adds a /plugin list command with --enabled/--disabled filters for auditing loaded plugins, and Stop hooks can now return additionalContext to give Claude feedback without surfacing the hook response as an error, enabling richer custom workflow control.
Version 2.1.162 and 2.1.160 round out the sprint with a prompt before writing to shell startup files (.zshenv, .bash_login) and build-tool config files that can grant code execution — a safety gate for acceptEdits mode users who may not realise those files have execution semantics. The releases also fix background agent session stability issues, Windows path handling, JetBrains 2026.1+ terminal flickering, and Shift+non-ASCII character drops in Kitty-protocol terminals.
Read more — Claude Code Changelog
Windsurf Becomes Devin Desktop: ACP Protocol Reaches Critical Adoption
Windsurf rebranded as Devin Desktop on June 2, 2026, following Cognition's acquisition. The update arrived as an over-the-air push; users who restarted the editor found it open as Devin Desktop with their existing account, plan, extensions, and keybindings intact.
The technical headline is deeper than a name change. Cascade, Windsurf's flagship agentic engine, is deprecated as of July 1, replaced by Devin Local — a Rust-rewritten engine that is 30% more token-efficient, supports subagent delegation, and integrates more tightly with the new Agent Command Center. The Agent Command Center, previously an optional panel in Windsurf 2.0, is now the primary IDE interface: a Kanban view of every local and cloud agent session running across the machine.
The most significant shift for the wider ecosystem is Devin Desktop's first-class support for the Agent Client Protocol (ACP), an open-source protocol for connecting AI coding agents to code editors developed by Zed Industries and now adopted by JetBrains, Google, GitHub, and over 25 agents. At launch Devin Desktop ships five first-class ACP agents: Codex (OpenAI), Claude Agent (Anthropic), OpenCode, Junie (JetBrains), and Gemini CLI (Google). Given Windsurf's install base, this is the largest single adoption event in ACP's history, and effectively closes the gap between the protocol's promise and its reach. Developers choosing any ACP-compatible editor can now invoke agents from any ACP-registered provider without switching tools.
Read more — Devin
GitHub Copilot SDK Reaches GA with Rust and Java Support
GitHub Copilot SDK moved from public preview to general availability on June 2, adding Rust and Java to bring total language support to six: Node.js/TypeScript, Python, Go, .NET, Rust, and Java. The SDK gives developers "direct, programmatic access to the same agent runtime behind GitHub Copilot — planning, tool invocation, file edits, streaming, and multi-turn sessions."
For teams building internal tooling or customer-facing AI features on top of Copilot's infrastructure, the SDK removes the need to build an agent orchestration layer from scratch. Key capabilities include custom tool registration, Model Context Protocol server connections, editable system prompts (identity, tone, and safety sections), OpenTelemetry tracing with W3C context propagation, and flexible authentication covering GitHub OAuth, GitHub Apps, and bring-your-own-key options. A hook system allows intercepting agent behaviour at planning, tool-call, and result stages — useful for compliance filtering or custom audit logging.
The SDK is available to all GitHub Copilot subscribers including the free tier, and to others via BYOK. Since the preview launched, teams have used it to build CI/CD assistants, internal knowledge retrieval agents, and customer-facing coding features. The Java binding in particular opens the SDK to a segment of the enterprise market that was previously blocked by the Node.js-first preview.
Alongside the SDK GA, GitHub also put cloud and local sandboxes for Copilot into public preview on the same date. Local Sandboxes use Microsoft MXC technology and are enabled per session via /sandbox enable; Cloud Sandboxes are ephemeral Linux environments launched with copilot --cloud that support cross-device session continuity. Enterprise organisations can configure sandbox policies centrally via MDM platforms, addressing the security concern of agentic Copilot sessions executing commands and modifying files autonomously.
Read more — GitHub Changelog
Ollama 0.30: 20% NVIDIA Throughput Gain and Vulkan by Default
Ollama 0.30 ships significant performance improvements and GGUF ecosystem expansion via tighter llama.cpp integration, complementing the MLX engine on Apple Silicon that launched in preview in March.
On NVIDIA hardware, throughput increased by up to 20% in testing with Gemma 4 26B at Q4_K_M quantisation on an RTX 5090. The release also enables Vulkan by default, bringing GPU acceleration to AMD and Intel devices without vendor-specific libraries — previously those platforms required manual configuration or fell back to CPU inference. The GGUF model coverage expands to include LFM and Prism model families along with Unsloth fine-tunes, and developers can now load GGUF files directly from Hugging Face by writing a Modelfile pointing to the model file or directory on the Hub.
Tool-calling in supported GGUF models is verified for integration with Claude Code, Hermes Agent, and OpenClaw via the ollama show command. For teams running local coding agent workflows on mixed hardware, the Vulkan support is the most practically impactful change: an AMD developer now gets GPU inference from the same Ollama binary without a separate setup path.
Read more — Ollama Blog
IntelliJ IDEA 2026.1.3: Terminal, Markdown, and WSL Fixes
IntelliJ IDEA 2026.1.3, released June 4, is a maintenance update addressing four focused issues from the 2026.1 series. The terminal cursor is no longer rendered above the current line when running inside tmux, a rendering artefact that affected developers who drive JVM applications from within the IDE's embedded terminal via terminal multiplexers. The Markdown preview now correctly displays images when the referenced file lives outside the project directory, which matters for documentation-heavy projects that share assets across repository boundaries. Database tool window custom colours are now applied correctly across all UI components in the panel. Launching WSL via wsl.exe -d <distribution> no longer breaks shell integration and process detection in the IDE's WSL support.
The release is available via the Toolbox App, the in-IDE update prompt, Ubuntu snap, or direct download from JetBrains.
Read more — JetBrains Blog
Anthropic Files S-1 and Expands Project Glasswing to 200+ Partners
Anthropic filed a confidential draft Form S-1 registration statement with the SEC on June 1, 2026 — the formal step that gives the company the option to pursue a public offering after SEC review. The number of shares and offering price have not been set; timing remains contingent on market conditions. The filing comes less than two weeks after Anthropic closed a $65 billion Series H round led by Altimeter Capital, Dragoneer, Greenoaks, and Sequoia Capital at a $965 billion post-money valuation, and follows the company's run-rate revenue crossing $47 billion in May.
A day later, Anthropic announced the expansion of Project Glasswing — the cybersecurity initiative using Claude Mythos Preview — to approximately 150 additional organisations, reaching a total of roughly 200 partners across power, water, healthcare, communications, and hardware sectors. The initial cohort of ~50 partners deployed the model in April and discovered more than 10,000 high- or critical-severity security flaws across their codebases since then. The expanded programme extends access to sectors previously underrepresented in AI-assisted security work, particularly operational technology and hardware supply chains. Anthropic frames the programme as a proactive shift toward AI-assisted defence ahead of expected wider availability of powerful AI cyber-tools across the industry.
Read more — Anthropic
Links & Sources
- Claude Code Changelog
- Windsurf is now Devin Desktop
- Copilot SDK is now generally available
- Cloud and local sandboxes for GitHub Copilot now in public preview
- Ollama 0.30 — Improved performance and model support with GGUF
- IntelliJ IDEA 2026.1.3 Is Out!
- Anthropic confidentially submits draft S-1 to the SEC
- Expanding Project Glasswing
