Anthropic acquires Stainless to harden agent web‑API security
What happened
- Anthropic said on May 18 it acquired Stainless, bringing its longtime SDK and MCP tooling partner in-house as it pushes deeper into agent infrastructure. - Anthropic’s security-guidance plugin for Claude Code scans edits for about 25 risky patterns, while Mythos work with roughly 50 partners found 10,000-plus severe flaws. - Anthropic’s May 22 Glasswing update said Mythos remains in preview, and Stainless said existing customers’ services and support will continue.
Why it matters
Anthropic said on May 18 that it had acquired Stainless, a startup whose software generates language-specific SDKs and Model Context Protocol server tooling from API specifications. Anthropic said Stainless had powered every official Anthropic SDK “since the earliest days” of its API and would now join the company as it builds tools for AI agents that need to call external systems. The move landed alongside a broader Anthropic push into developer-facing security. Anthropic’s Security Guidance plugin for Claude Code warns on potentially dangerous edits before they are written, and the company said on May 22 that Claude Mythos Preview had helped uncover more than 10,000 high- or critical-severity vulnerabilities with about 50 partners. Those announcements put SDK generation, tool access and security checks closer to the same workflow. (anthropic.com) Anthropic did not disclose financial terms in its announcement, though outside reports have described the Stainless deal as being worth about $300 million. ### Why did Anthropic buy a company that makes SDKs? Anthropic said Stainless turns standard API specifications into “production-ready, language-native SDKs” and MCP server tooling, which are the pieces developers use to connect applications and agents to outside services. (claude.com) The company said better tool access matters because “agents are only as useful as what they can connect to.” Katelyn Lesse, Anthropic’s head of platform engineering, said in the company announcement that Stainless had already shaped “how developers experience the Claude API since the start.” Stainless said in a separate note that its products and team would continue inside Anthropic and that customer services and support would remain in place. (anthropic.com) ### What does the Claude Code security plugin actually do? Anthropic’s Security Guidance plugin intercepts Write, Edit and MultiEdit operations in Claude Code and scans code for unsafe patterns before changes are applied, according to the plugin page. (anthropic.com) The GitHub repository says the tool uses instant pattern warnings for roughly 25 known-dangerous cases, including insecure deserialization, unsafe HTML insertion and hardcoded secrets. The repository also says the plugin adds an LLM-based diff review after a coding turn and can run a final check before commits. Anthropic lists the plugin in its marketplace as a verified install for Claude Code. ### Where does Mythos fit into this? Anthropic said on May 22 that Project Glasswing, its software security effort, had used Claude Mythos Preview with about 50 partners to find more than 10,000 high- or critical-severity vulnerabilities in widely used software. (claude.com) Anthropic described Glasswing as a collaborative effort to secure critical software before more capable AI systems can be misused against it. Anthropic has not said that all of those findings were confirmed or patched. (claude.com) Outside coverage has reported that confirmed flaws are a smaller subset of total findings, but Anthropic’s own update frames the 10,000-plus number as vulnerabilities surfaced during the preview period. ### Why are these pieces being announced together? Anthropic’s May product and research updates show the company working on both sides of the same problem: how developers connect agents to real systems, and how they catch risky behavior before deployment. (anthropic.com) Stainless handles the access layer through SDKs and MCP tooling, while the Claude Code plugin and Mythos effort focus on earlier security checks and vulnerability discovery. Anthropic’s next public milestones are already on its news page. The company listed the Stainless acquisition on May 18 and the Glasswing update on May 22, while the Security Guidance plugin is live in the Claude marketplace and GitHub repository for developers using Claude Code. (anthropic.com 1) (anthropic.com 2)
Key numbers
- Anthropic said on May 18 it acquired Stainless, bringing its longtime SDK and MCP tooling partner in-house as it pushes deeper into agent infrastructure.
- Anthropic’s security-guidance plugin for Claude Code scans edits for about 25 risky patterns, while Mythos work with roughly 50 partners found 10,000-plus severe flaws.
- Anthropic’s May 22 Glasswing update said Mythos remains in preview, and Stainless said existing customers’ services and support will continue.
- Anthropic said on May 18 that it had acquired Stainless, a startup whose software generates language-specific SDKs and Model Context Protocol server tooling from API specifications.
What happens next
- Anthropic said on May 18 that it had acquired Stainless, a startup whose software generates language-specific SDKs and Model Context Protocol server tooling from API specifications.
- Anthropic said on May 22 that Project Glasswing, its software security effort, had used Claude Mythos Preview with about 50 partners to find more than 10,000 high- or critical-severity vulnerabilities in widely used software.
- Anthropic’s May product and research updates show the company working on both sides of the same problem: how developers connect agents to real systems, and how they catch risky behavior before deployment.
Quick answers
What happened in Anthropic acquires Stainless to harden agent web‑API security?
Anthropic said on May 18 it acquired Stainless, bringing its longtime SDK and MCP tooling partner in-house as it pushes deeper into agent infrastructure. Anthropic’s security-guidance plugin for Claude Code scans edits for about 25 risky patterns, while Mythos work with roughly 50 partners found 10,000-plus severe flaws. Anthropic’s May 22 Glasswing update said Mythos remains in preview, and Stainless said existing customers’ services and support will continue.
Why does Anthropic acquires Stainless to harden agent web‑API security matter?
Anthropic said on May 18 that it had acquired Stainless, a startup whose software generates language-specific SDKs and Model Context Protocol server tooling from API specifications. Anthropic said Stainless had powered every official Anthropic SDK “since the earliest days” of its API and would now join the company as it builds tools for AI agents that need to call external systems. The move landed alongside a broader Anthropic push into developer-facing security. Anthropic’s Security Guidance plugin for Claude Code warns on potentially dangerous edits before they are written, and the company said on May 22 that Claude Mythos Preview had helped uncover more than 10,000 high- or critical-severity vulnerabilities with about 50 partners. Those announcements put SDK generation, tool access and security checks closer to the same workflow. (anthropic.com) Anthropic did not disclose financial terms in its announcement, though outside reports have described the Stainless deal as being worth about $300 million. Why did Anthropic buy a company that makes SDKs? Anthropic said Stainless turns standard API specifications into “production-ready, language-native SDKs” and MCP server tooling, which are the pieces developers use to connect applications and agents to outside services. (claude.com) The company said better tool access matters because “agents are only as useful as what they can connect to.” Katelyn Lesse, Anthropic’s head of platform engineering, said in the company announcement that Stainless had already shaped “how developers experience the Claude API since the start.” Stainless said in a separate note that its products and team would continue inside Anthropic and that customer services and support would remain in place. (anthropic.com) What does the Claude Code security plugin actually do? Anthropic’s Security Guidance plugin intercepts Write, Edit and MultiEdit operations in Claude Code and scans code for unsafe patterns before changes are applied, according to the plugin page. (anthropic.com) The GitHub repository says the tool uses instant pattern warnings for roughly 25 known-dangerous cases, including insecure deserialization, unsafe HTML insertion and hardcoded secrets. The repository also says the plugin adds an LLM-based diff review after a coding turn and can run a final check before commits. Anthropic lists the plugin in its marketplace as a verified install for Claude Code. Where does Mythos fit into this? Anthropic said on May 22 that Project Glasswing, its software security effort, had used Claude Mythos Preview with about 50 partners to find more than 10,000 high- or critical-severity vulnerabilities in widely used software. (claude.com) Anthropic described Glasswing as a collaborative effort to secure critical software before more capable AI systems can be misused against it. Anthropic has not said that all of those findings were confirmed or patched. (claude.com) Outside coverage has reported that confirmed flaws are a smaller subset of total findings, but Anthropic’s own update frames the 10,000-plus number as vulnerabilities surfaced during the preview period. Why are these pieces being announced together? Anthropic’s May product and research updates show the company working on both sides of the same problem: how developers connect agents to real systems, and how they catch risky behavior before deployment. (anthropic.com) Stainless handles the access layer through SDKs and MCP tooling, while the Claude Code plugin and Mythos effort focus on earlier security checks and vulnerability discovery. Anthropic’s next public milestones are already on its news page. The company listed the Stainless acquisition on May 18 and the Glasswing update on May 22, while the Security Guidance plugin is live in the Claude marketplace and GitHub repository for developers using Claude Code. (anthropic.com 1) (anthropic.com 2)
