Anthropic Ships Opus 4.7 With Cyber Safeguards and a New Effort Level That Didn't Exist Yesterday

Anthropic released Claude Opus 4.7 today across its full product lineup, including the API, Amazon Bedrock, Google Cloud Vertex AI, and Microsoft Foundry. Pricing stays flat at $5 per million input tokens and $25 per million output tokens — the same as Opus 4.6. But the more consequential part of the announcement isn't the pricing or even the benchmark improvements. It's what Anthropic decided to leave out, and how it decided to leave it out.

The Cybersecurity Architecture Is the Real Story

Last week, Anthropic announced Project Glasswing and introduced Claude Mythos Preview — a model with substantially advanced cyber capabilities that the company has kept on a tight leash. Anthropic said at the time it would test new cyber safeguards on less capable models before broadening Mythos's access. Opus 4.7 is that test.

The model ships with automatic detection and blocking of requests that indicate prohibited or high-risk cybersecurity uses. More unusual: during Opus 4.7's training, Anthropic ran experiments to deliberately reduce its cyber capabilities relative to what the model might otherwise have learned. The company is calling this "differential capability reduction" — essentially trying to make one version of a model less dangerous in specific domains without compromising its general usefulness. That approach hasn't been standard practice in public AI releases. What Anthropic learns from deploying these safeguards in real-world traffic will feed directly into its eventual decision about when and how to release Mythos-class capabilities more broadly.

Security professionals who need full access to Opus 4.7 for legitimate work — vulnerability research, penetration testing, red-teaming — can apply through a new Cyber Verification Program. That creates a two-tier access model: general availability with automatic restrictions, and verified access with fewer constraints.

On the overall safety picture, Anthropic's alignment assessment concluded the model is "largely well-aligned and trustworthy, though not fully ideal in its behavior." Opus 4.7 improves on Opus 4.6 in honesty and resistance to prompt injection attacks. It performs modestly worse on harm-reduction advice for controlled substances — meaning it provides more detail than Anthropic would prefer. Mythos Preview remains Anthropic's best-performing model on alignment evaluations.

Coding and Agentic Work

The primary capability pitch for Opus 4.7 is its handling of difficult, long-running software engineering tasks. Anthropic's framing — drawn from early-access tester feedback — is that users can hand off the hardest coding work with less supervision than was possible with Opus 4.6. The model pays closer attention to instructions, thinks more rigorously at higher effort levels, and verifies its own outputs before reporting back.

That last point connects to a new effort level Anthropic is introducing alongside this model. The existing effort parameter had settings from low through max; Opus 4.7 adds "xhigh" between high and max, giving developers finer control over the tradeoff between reasoning depth and latency. In Claude Code specifically, Anthropic has raised the default effort to xhigh for all plans. The company recommends starting at high or xhigh when testing Opus 4.7 for coding and agentic use cases.

Opus 4.7 also gets a new /ultrareview command in Claude Code, which runs a dedicated review session designed to catch bugs and design issues the way a careful code reviewer would. Anthropic is giving Pro and Max users three free ultrareviews. Max users also get access to "auto mode," which lets Claude make operational decisions on your behalf during longer tasks — fewer interruptions, but with guardrails that reduce the risk of running unchecked through a complex codebase.

Benchmark results show Opus 4.7 at state-of-the-art on the Finance Agent evaluation and on GDPval-AA, which measures economically valuable knowledge work across finance and legal domains. On SWE-bench Verified, Pro, and Multilingual — the standard coding evaluations — the model's margin of improvement over Opus 4.6 holds after excluding any problems that show signs of memorization.

Vision and Memory

Opus 4.7 accepts images up to 2,576 pixels on the long edge, or roughly 3.75 megapixels. That's more than three times the resolution prior Claude models could process. This isn't an API parameter change — it's a model-level improvement, so images are simply processed at higher fidelity by default. The practical applications are substantial for computer-use agents reading dense screenshots, data extraction from complex diagrams, and any workflow that requires pixel-level detail.

On memory, the model performs better at using file system-based memory across multi-session work. It retains notes from earlier sessions and uses them to reduce the upfront context required when starting new tasks — a meaningful improvement for agentic workflows that run across days rather than single interactions.

Token Usage and Migration Considerations

Opus 4.7 uses an updated tokenizer. The same input can map to more tokens than it did in Opus 4.6 — roughly 1.0x to 1.35x depending on content type. At higher effort levels, particularly in later turns of agentic tasks, the model also produces more output tokens because it reasons more extensively. That's a deliberate design choice tied to the reliability improvements, but it has cost implications that developers should measure against real traffic before treating any benchmark comparison as representative.

Anthropic offers several ways to manage token usage: the effort parameter, task budgets (now in public beta on the API), and direct prompting for conciseness. The company's own testing on an internal coding evaluation shows the net effect is favorable — better scores per token spent across effort levels — but that result comes from a controlled environment. Real production workloads vary.

One other migration detail: Opus 4.7 follows instructions more literally than Opus 4.6 did. Earlier models sometimes interpreted instructions loosely or skipped sections. Opus 4.7 takes instructions at face value. Prompts and harnesses tuned for Opus 4.6 may produce unexpected results with Opus 4.7, and Anthropic recommends re-tuning accordingly.

What This Release Signals

The combination of differential capability reduction, a verified access tier for security professionals, and automatic request filtering represents a more deliberate capability management architecture than Anthropic has publicly deployed before. The cyber safeguards on Opus 4.7 aren't the destination — they're a test run for what eventually gets applied to Mythos Preview when Anthropic decides conditions are right for a broader release.

For enterprises running coding and knowledge-work workflows, the practical question is whether the token cost increase from the updated tokenizer and higher reasoning effort is offset by the reliability gains. Anthropic's internal data suggests it is, at least in agentic coding. Finance and legal teams will want to run their own evaluations against GDPval-AA workloads before committing. The /ultrareview command in Claude Code gives developer teams a concrete tool to audit output quality before that evaluation concludes.