Anthropic Just Dropped Opus 4.7. But the Real Story Is the Model They Won't Let You Touch.

You know that scene in Jurassic Park where Jeff Goldblum leans back and says, “Your scientists were so preoccupied with whether or not they could, they didn’t stop to think if they should”?

Yeah. That energy is radiating from San Francisco right now.

Yesterday, Anthropic dropped Claude Opus 4.7 — their shiniest new model, packed with better coding, sharper vision, and a fresh effort level for when “high” just isn’t high enough. And the tech press dutifully wrote it up. Benchmarks improved. Pricing stayed the same. Everyone clapped.

But here’s the thing nobody’s putting in the headline: the model Anthropic is actually excited about is one they refuse to release to the public. It’s called Claude Mythos, it can find zero-day vulnerabilities in basically every operating system on the planet, and Anthropic is so spooked by what it can do that they’re only letting 12 companies look at it through something called Project Glasswing.

Let’s unpack all of it.

Opus 4.7: The Model You Can Actually Use

First, the good news. Opus 4.7 is a genuinely solid upgrade.

If you’ve been using Claude Code (and if you haven’t, we’ve written about why you should), the jump from 4.6 to 4.7 is noticeable within the first hour. One partner reported a 13% improvement on a 93-task coding benchmark, solving four tasks that neither Opus 4.6 nor Sonnet 4.6 could crack.

Here’s what’s new:

Better vision. Opus 4.7 now handles images up to 3.75 megapixels — more than three times the resolution of previous models. If you’re building computer-use agents or working with dense screenshots and diagrams, this matters a lot. No more squinting at blurry UI elements.

The xhigh effort level. There’s now a sweet spot between high and max for when you need more reasoning power but don’t want to wait for max to finish its existential crisis. Claude Code defaults to xhigh for all plans, and honestly it’s the right call.

A new tokenizer. Processes text better but consumes roughly 1.0-1.35x more tokens. The tradeoff is worth it for the quality improvement, though your API bills will notice.

Better memory across sessions. The model now retains notes from previous sessions and uses them in follow-up work. Less “where were we?” and more “here’s what I was working on last time.” This is huge for agentic workflows where you’re building something over multiple conversations.

Same pricing. $5 per million input tokens, $25 per million output. Available everywhere — Claude products, API, Amazon Bedrock, Google Cloud Vertex AI, and Microsoft Foundry.

For anyone doing real development work with Claude, Opus 4.7 is the new default and it earned it. The instruction-following is noticeably tighter, and it handles long-running agentic tasks with a consistency that 4.6 sometimes lacked.

Now for the Weird Part: The Leak

Here’s where this story gets interesting.

On March 26, two security researchers — Roy Paz from LayerX Security and Alexandre Pauwels from the University of Cambridge — discovered that Anthropic’s content management system had a misconfiguration. Assets published through the CMS were set to public by default, and roughly 3,000 internal documents were exposed. Blog drafts. Model specs. Development files.

Among those documents? Details about a model codenamed Capybara.

Anthropic confirmed it was real. They called it “the most capable model we’ve built to date.” The tech press lost its mind. By March 27, CNBC, CoinDesk, and The Decoder were all running stories. Cybersecurity stocks dropped because investors suddenly realized what “AI that can find zero-days in every major browser” actually means.

The irony of a company building the most powerful security-focused AI model in history getting exposed by a misconfigured CMS default setting is… well, it’s the kind of thing you couldn’t write in a movie because the audience would say it’s too on the nose.

Anthropic attributed it to “human error.” Which is technically true in the same way that the Titanic’s problem was technically “water management.”

Claude Mythos: The Model Behind the Curtain

Eleven days after the leak, on April 7, Anthropic officially announced Claude Mythos Preview. And the capabilities are genuinely staggering.

It found zero-day vulnerabilities in every major operating system and every major web browser. Not theoretical weaknesses. Actual exploitable bugs that nobody knew about.

Let that sink in for a second.

The most jaw-dropping example: Mythos fully autonomously discovered and exploited a 17-year-old remote code execution vulnerability in FreeBSD’s NFS implementation. The bug allows anyone to gain root access to a machine running NFS. No human was involved in either the discovery or exploitation after the initial prompt. The model built a ROP chain with 20 gadgets split across multiple packets. By itself.

In another test, Mythos wrote a browser exploit that chained together four separate vulnerabilities, creating a JIT heap spray that escaped both the renderer sandbox and the OS sandbox. If you’re not a security person, that’s basically picking four different locks in sequence to get from the front door to the vault, and doing it on the first try.

On Firefox JavaScript exploits, Mythos achieved 181 successful exploits where Opus 4.6 scored essentially zero across hundreds of attempts.

The benchmark numbers tell the rest of the story: 93.9% on SWE-bench Verified, compared to Opus 4.6’s 80.8%. For context, the gap between GPT-4 and GPT-4o was about 5 points. Mythos jumped 13.

Project Glasswing: When Your AI Is Too Powerful for a General Release

Anthropic’s solution? Don’t release it.

Instead, they created Project Glasswing — a program giving 12 organizations early access to Mythos Preview for defensive cybersecurity work only. The partner list reads like a tech industry all-star team: AWS, Apple, Cisco, CrowdStrike, Google, JPMorgan Chase, the Linux Foundation, Microsoft, NVIDIA, and Palo Alto Networks.

Anthropic committed $100 million in model usage credits to the program. They donated $2.5 million to Alpha-Omega and OpenSSF through the Linux Foundation, plus $1.5 million to the Apache Software Foundation. This isn’t a press release stunt — that’s serious money directed at actually fixing the vulnerabilities before bad actors find them.

The pricing for Glasswing participants: $25 per million input tokens and $125 per million output tokens. Five times the cost of Opus 4.7. And that’s before you consider that these runs can get expensive fast — testing on OpenBSD alone cost under $20,000 for a thousand runs.

The reasoning makes sense on paper: let the defenders patch the holes before the attackers get a model that can find them. But it creates an uncomfortable dynamic. The most powerful AI security tool ever built is only available to companies that were already the best-defended in the world.

The Community Reaction: “My Girlfriend Goes to Another School”

Not everyone is buying Anthropic’s narrative, and the skepticism isn’t unreasonable.

On Slashdot, one commenter compared the “too powerful to release” messaging to a grade schooler bragging about their girlfriend who goes to another school. Others speculated that Mythos is just an incremental improvement and the security theater is marketing genius — create mystique by saying you can’t release it.

The timing hasn’t helped the optics either. In the weeks before the Opus 4.7 launch, there was a growing chorus of users complaining that Opus 4.6 had quietly gotten worse. Whether that was real degradation or perception bias, the frustration was genuine. Dropping a new model while telling people the really good one is locked away reads differently in that context.

But here’s the counterargument: Anthropic published actual CVEs. They showed the FreeBSD exploit chain. The red team report on red.anthropic.com includes specific technical details about the vulnerabilities discovered. It’s pretty hard to fake a 17-year-old RCE in FreeBSD’s NFS stack.

What This Means If You Write Code for a Living

Forget the philosophical debates about AI safety for a moment. Here’s the practical takeaway.

Your unpatched dependencies just became way more dangerous. If Mythos can find decades-old zero-days autonomously, it’s a matter of time before similar capabilities show up in other models, open-source or otherwise. The patching window just got shorter. Way shorter.

AI-assisted security scanning is about to get very real. The gap between Opus 4.6 (near-zero Firefox exploits) and Mythos (181 successful exploits) didn’t come from specialized training. Anthropic says these capabilities emerged from improvements in code reasoning and autonomy. As models get better at coding, they get better at breaking code too.

Vibe coding just got more complicated. We’ve written about the security risks of AI-generated code before. When the same AI that writes your code can also autonomously find and exploit vulnerabilities in it… the conversation changes.

If you’re building apps — especially if you’re using AI tools for development (and let’s be honest, in 2026, who isn’t?) — this is the moment to actually take your security pipeline seriously. Not the “we’ll add security later” kind of seriously. The “let’s run a scanner before every merge” kind.

The Bigger Picture

What Anthropic is doing with Mythos and Glasswing is genuinely unprecedented. No AI company has ever said “we built something this powerful and we’re not going to sell it to everyone.” OpenAI certainly never showed that restraint. Google hasn’t either.

Whether you think it’s responsible leadership or just clever marketing, the result is the same: we now live in a world where an AI model can autonomously find and exploit vulnerabilities that human security researchers missed for 17 years.

Opus 4.7 is the model you’ll use today and it’s great at its job. But Mythos is the signal of where everything is heading. The gap between “AI that writes code” and “AI that breaks code” has effectively closed.

The scientists figured out whether they could. The “whether they should” part is still an open question.

And somewhere, Jeff Goldblum is leaning back in his chair, nodding.