The second week of June delivered the most significant protocol revision since MCP launched, a fresh batch of critical OpenClaw disclosures, and a fundamental shift in how GitHub Copilot bills for agentic work. Here is the enterprise engineering brief for June 2โ€“15, 2026.

TL;DR for engineering leads: (1) plan for the MCP stateless transition โ€” session-based server infrastructure needs refactoring before July 28; (2) update all OpenClaw instances to 2026.6.6+ immediately; (3) audit Copilot usage against the new AI Credit model; (4) evaluate Microsoft Agent Framework 1.0 as a production target for governed agent deployments.

MCP 2026-07-28 Spec: Protocol’s Largest Architectural Reset

The Model Context Protocol reached a milestone on May 21 when the 2026-07-28 release candidate was locked โ€” the biggest revision since MCP debuted (Source). Final spec ships July 28, and the 10-week validation window is active now.

What changed. The protocol goes fundamentally stateless. The initialize handshake is gone โ€” metadata travels in _meta on every request. Session IDs are removed. Servers can sit behind plain round-robin load balancers.

New required headers (Streamable HTTP) โ€” Mcp-Method and Mcp-Name โ€” let API gateways route and rate-limit without inspecting the body. Servers must reject requests where headers disagree with the body.

The extension framework is a structural improvement. Extensions now have reverse-DNS identifiers, their own ext-* repositories, and independent versioning. Two official extensions ship: MCP Apps (server-rendered HTML in sandboxed iframes) and Tasks (long-running work with tasks/get / tasks/update / tasks/cancel).

Deprecations with a 12+ month window: Roots, Sampling, and Logging are annotation-only deprecated โ€” moving tool parameters, direct LLM integration, and OpenTelemetry respectively. No immediate action required, but new projects should design around the future direction.

Other changes: full JSON Schema 2020-12 support, client-side caching with ttlMs/cacheScope on tools/list, and OAuth hardening requiring iss validation per RFC 9207.

Enterprise adoption continues accelerating: ServiceNow Action Fabric MCP Server GA, Microsoft Copilot Studio remote MCP servers with Entra ID, and Anthropic’s self-hosted sandboxes for Claude inside customer-controlled environments.

For infrastructure teams: the window between now and July 28 is the migration period. If you maintain MCP servers with session-based state, start refactoring now.

OpenClaw June Train: Skill Workshop, Workboard, and Security Hardening

OpenClaw shipped 2026.6.6 (stable) on June 12 with over 140 merged PRs and broad security tightening (Source). The June release train brought several features that signal enterprise maturation.

Skill Workshop introduces a governed, security-minded skill review flow with proposal workflows. For teams running OpenClaw in production, this addresses the long-standing tension between flexibility and governance โ€” skills can now be proposed, reviewed, and approved through a structured process rather than ad-hoc.

Workboard Orchestration is multi-agent task board coordination โ€” essentially turning OpenClaw into a team-level agent orchestrator rather than a single-agent controller. This competes directly with Microsoft Agent Framework’s multi-agent handoff and LangGraph’s graph-based orchestration.

Other notable ships: Parallel Web Search as a bundled provider (reducing single-backend dependency), durable auth profiles migrated to SQLite for persistence across restarts, Google Chat native approval card actions, Telegram rich-text delivery, WhatsApp ACP binding, and MiniMax M3/GLM-5.2 model support.

The Windows installer was overhauled in the 2026.5.22 release โ€” bootstrapping a user-local portable Node.js, using native tar before falling back to .NET zip, persisting portable Git on PATH, and rolling back git-backed updates on step failure. This closes a long-standing Windows reliability gap.

Security: The Attack Surface Expands with 375K+ Stars

The security research community continues to find attack vectors in OpenClaw at an accelerating pace. With 375,000+ GitHub stars and an estimated 65,000โ€“180,000 public-facing instances on Shodan/Zoomeye, OpenClaw is a high-value target.

Cyera Research’s “Claw Chain” (disclosed May 15, patched in 2026.4.23) demonstrated four chainable vulnerabilities โ€” a single supply-chain foothold could lead to data exfiltration, privilege escalation, and persistence. The chain included a CVSS 9.6 TOCTOU write escape (CVE-2026-44112) and an 8.8 env-var disclosure (CVE-2026-44115) among others.

CVE-2026-53822 (June 12, CVSS 8.8) โ€” a shell wrapper argv TOCTOU vulnerability affecting versions before 2026.5.18. Attackers can rebuild command arguments after allowlist approval to bypass security controls. The patch ships in 2026.5.18+.

Imperva Research (June 11) demonstrated vCard/prompt injection โ€” hidden instructions in shared contacts and location pins triggering code execution on WhatsApp. Patched in 2026.4.23 by routing contact names to an untrusted-metadata channel.

Varonis Research demonstrated the hardest problem: a single plain email tricked a test agent into forwarding AWS keys. This is not fixable with a patch โ€” it requires architectural controls: outbound email gates, trust-level tracking, and human-in-the-loop for credential forwarding.

Bottom line: Update to 2026.6.6 or later. Treat every connector as an attack surface.

GitHub Copilot’s AI Credit Economics

June 1 brought the most consequential pricing change in Copilot’s history. 1 AI Credit = $0.01 USD. Code completions and Next Edit Suggestions remain free; everything else โ€” chat, CLI, cloud agents, code review, Spaces, third-party agents โ€” is now metered (Source).

PlanMonthly CostMonthly AI Credits
Pro$10/user1,000
Pro+$39/user3,900
Business$19/user1,900 (+ $30 promo Junโ€“Aug)
Enterprise$39/user3,900 (+ $70 promo Junโ€“Aug)

Model deprecations hit in parallel: GPT-4.1 (deprecated June 1, replacement GPT-5.5), GPT-5.2 and GPT-5.2-Codex (deprecated June 5, replacements GPT-5.5 and GPT-5.3-Codex).

For engineering leads, this changes the budgeting conversation. Agentic Copilot features are no longer bundled โ€” every workflow and SDK integration now consumes credits. Teams need cost-visibility tooling and model selection discipline.

Microsoft Build 2026: The Agent Platform Play

Microsoft used Build 2026 to position its entire stack as an agent runtime. Microsoft Agent Framework 1.0 received Agent Harness, Foundry Hosted Agents (GA end of June), CodeAct via Hyperlight, multi-agent handoff orchestration, and the Agent Control Specification (ACS) โ€” a vendor-neutral governance spec with 8 lifecycle interception points.

Microsoft Scout, the first “Autopilot” category agent, is built on OpenClaw. A Microsoft flagship running on OpenClaw rather than MAF internally is telling โ€” it validates OpenClaw’s runtime while highlighting the platform neutrality Microsoft needs to project.

Agent 365 reached GA May 1 โ€” a unified control plane for managing AI agents across frameworks. The Local Agents preview discovers agents on managed endpoints (Claude Code, Copilot CLI; OpenClaw follows ~2 weeks later).

Claude Fable 5: The Cautionary Tale

Anthropic released Claude Fable 5 on June 9 โ€” 80.3% on SWE-Bench-Pro. Access was suspended on June 12 with no restoration date given.

For teams building on frontier models, this is a risk pattern to internalize. The highest-performing model tier carries the highest availability risk. Claude Opus 4.8 remains the safe, operationally available Opus-tier option.

What to Watch This Week

  1. MCP 2026-07-28 migration planning โ€” SDK compatibility windows and server refactoring timelines
  2. OpenClaw 2026.6.6 adoption โ€” how fast the exposed-instance population patches against the June CVEs
  3. Copilot AI Credit burn rates โ€” first real-world data on how teams consume credits in the new model
  4. Microsoft Foundry Hosted Agents GA (end of June) โ€” the first production-grade managed agent runtime outside of API providers
  5. Fable 5 restoration โ€” whether Anthropic re-enables access this week or pushes to July

This is OpenClaw Weekly, a Big Hat Group briefing for engineering leaders navigating the AI platform shift. Have feedback or a story we should track? Get in touch.