Claude Code v2.1.196: Org Default Models and MCP Security Fix for Untrusted Repos
Anthropic
Claude Code v2.1.196 shipped June 29, 2026. Key additions: org admins can set default models in the console (shown as 'Org default' in /model); security fix prevents MCP servers from spawning via .mcp.json in repos that carry a committed .claude/settings.json (supply-chain attack vector); background agents auto-resume when the daemon restarts; streaming idle watchdog enabled by default; /code-review token usage cut ~25%; terminal rendering work reduced ~37% per frame.
Why it matters
The MCP security fix closes a supply-chain risk where cloning a malicious repo with a committed settings file could silently spawn arbitrary MCP servers. Org default models addresses the top enterprise request for team-wide model standardization.
Importance: 2/5
Security fix closes MCP supply-chain risk from committed .mcp.json; org default models for enterprise team standardization