Anthropic SDK tooling and GovCloud key exposure #23

TaeyoungPark

May 20, 2026 — 2 min read

Today's Letter

Anthropic acquires Stainless for SDK and MCP tooling
CISA contractor exposed GovCloud keys on GitHub

Anthropic acquires Stainless for SDK and MCP tooling

Anthropic said it has acquired Stainless, a company focused on SDK generation and MCP server tooling.
Stainless has generated every official Anthropic SDK since the early Claude API releases, according to Anthropic.
Anthropic said hundreds of companies use Stainless to generate SDKs, CLIs, and MCP servers from API specifications.
The generated libraries cover TypeScript, Python, Go, Java, Kotlin, and other languages, with a focus on native language ergonomics.
Stainless was founded in 2022 by Alex Rattray, who said the team will continue its SDK and developer tooling work inside Anthropic.
Anthropic linked the deal to its broader agent platform strategy, arguing that agent usefulness depends on reliable access to external tools and data.
The company also tied the acquisition to MCP, the protocol it introduced for agent connectivity on the Claude Platform.

Source: anthropic.com
More: vincentschmalbach.com · digitaltoday.co.kr · opentools.ai

CISA contractor exposed GovCloud keys on GitHub

A public GitHub repository tied to a CISA contractor exposed AWS GovCloud credentials and internal CISA system data.
GitGuardian flagged the repository on May 15 after finding cloud keys, tokens, plaintext passwords, logs, and deployment files.
Seralys said the leaked credentials authenticated to three AWS GovCloud accounts with high privilege access.
Exposed files also included plaintext credentials for internal systems and CISA's artifactory package repository.
Commit history showed GitHub secret detection had been disabled before sensitive data was pushed publicly.
The repository appears to have been created on Nov. 13, 2025 and was taken offline after CISA was notified.
Seralys said the AWS keys remained valid for about 48 hours after the exposure was reported.
CISA said it is investigating and stated there is currently no indication that sensitive data was compromised.

Source: krebsonsecurity.com
More: cyberpress.org

Jocoletter curates AI, software, and product trends for developers and builders.

#Anthropic #CISA

Subscribe to Jocoletter

Anthropic results and NVIDIA training guide #55

Today's Letter 1. Anthropic, Project Fetch Phase Two results published 2. NVIDIA, Low-Precision Transformer Training Guide Anthropic, Project Fetch Phase Two results published * Anthropic published Phase Two results for Project Fetch on June 18, 2026, testing Claude Opus 4.7 on robodog setup and autonomy tasks first run

Agent Infrastructure and Copilot Metrics #54

Today's Letter 1. GitHub adds per-user AI credit metrics to Copilot API 2. AWS, Web Search for Bedrock AgentCore GA GitHub adds per-user AI credit metrics to Copilot API * GitHub added an `ai_credits_used` field to the Copilot usage metrics API for per-user AI credit consumption tracking

Agent deployment, Copilot model shifts, enterprise controls #53

Today's Letter 1. Cloudflare, temporary accounts for agent deployments 2. GitHub Copilot, Opus 4.6 (fast) retirement set for June 29 3. AWS, SageMaker inference metrics on CloudWatch 4. OpenAI adds ChatGPT Enterprise usage analytics and spend controls Cloudflare, temporary accounts for agent deployments * Cloudflare introduced Temporary Cloudflare

Agent Stack, Copilot, and Async Inference #52

Today's Letter 1. GitHub Copilot, context handling and Auto routing update 2. AWS, SageMaker Async Inference adds inline payloads 3. Vercel, Agent Stack and eve unveiled 4. Hugging Face, agentic tooling benchmark for open models published GitHub Copilot, context handling and Auto routing update * GitHub published a June