Anthropic just shipped a model that does near-Opus work for $2 per million input tokens — and the implications for every developer relying on Sonnet-class models are bigger than the spec sheet suggests.
- Sonnet 5 uses an updated tokenizer that maps the same input to 1.0–1.35× more tokens than Sonnet 4.6, a tradeoff Anthropic made to unlock better performance at roughly cost-neutral pricing
- The introductory $2/$10M token pricing lasts only through August 31, 2026 — after that it jumps to $3/$15M, making the next 62 days a strategic window for teams building agentic workflows
- Sonnet 5 was never trained on cybersecurity tasks, yet still shows slightly higher partial exploit-development success than Sonnet 4.6 on Firefox vulnerability tests — a side effect of general intelligence gains, not deliberate training
On June 30, 2026, Anthropic released Claude Sonnet 5 — and it’s not a minor iteration. The model closes most of the gap between the budget-friendly Sonnet tier and the premium Opus 4.8, while launching at an introductory price that undercuts even Sonnet 4.6’s per-task cost for many workloads. For developers already building agents on the Claude Platform, this isn’t an optional upgrade. It’s a recalibration of what “mid-tier” means.
The Agentic Leap: Why Sonnet 5 Matters Now
Sonnet-class models have been the workhorse of the agentic AI era. Claude Sonnet 3.5, 3.6, and 3.7 were the first models that showed serious coding and tool-use chops at a price point where you could actually run thousands of agent loops per day without going broke. But for the past several months, the biggest agentic gains came from the Opus line — Opus 4.7 and 4.8 pulled ahead on reasoning, sustained multi-step work, and self-correction.
Sonnet 5 narrows that gap dramatically. Anthropic’s own benchmarks show its performance approaching Opus 4.8 across reasoning, tool use, coding, and knowledge work. The critical difference: it does so at roughly half the cost per token.
“Sonnet 5 was never trained on cybersecurity tasks, yet still shows slightly higher partial exploit-development success than Sonnet 4.6 — a side effect of general intelligence gains, not deliberate training.”
That’s the paradox Anthropic had to wrestle with. A smarter model is, by definition, more capable — even in domains you didn’t explicitly train it on. The solution was to launch Sonnet 5 with the same real-time cyber safeguards that shipped with Opus 4.7 and 4.8, detecting and blocking dangerous cyber usage in real time.
How Sonnet 5’s Effort Levels Work Under the Hood
One of the most consequential features of Sonnet 5 isn’t the model weights — it’s the effort level system. Anthropic introduced adjustable effort levels that let developers trade cost for performance along a continuous curve, rather than choosing between fixed model tiers.
Here’s how the process breaks down:
Step 1: Task Intake and Classification
When a request hits the Claude Platform, the system classifies its complexity. A simple factual query gets routed to low effort; a multi-step code refactor with testing gets routed to medium or high effort. The key insight: effort level isn’t just “how hard the model tries” — it controls the computational budget allocated to reasoning steps.
Step 2: Reasoning Budget Allocation
At low effort, Sonnet 5 uses minimal chain-of-thought tokens — think of it as the model giving quick, confident answers. At medium effort, it allocates more intermediate reasoning steps, checking its own work before responding. At high effort, it runs extended reasoning chains, self-correction loops, and multi-step verification — the kind of deep work that previously required Opus.
Step 3: Autonomous Tool Execution
Sonnet 5’s agentic improvements aren’t just about “smarter answers.” The model can plan multi-step tool-use sequences, execute them, evaluate the results, and adjust its approach. Early access testers reported that Sonnet 5 finishes complex tasks where previous Sonnet models would stop short — it writes reproduction tests, implements fixes, and verifies them without explicit instructions.
Step 4: Cost-Performance Tuning
The effort level system means you can run Sonnet 5 at medium effort for routine tasks (cheaper than Opus at any effort level) and crank it to high effort for the 10% of tasks that need Opus-level depth. Anthropic’s BrowseComp and OSWorld-Verified charts show Sonnet 5 at high effort matching Opus 4.8 on some benchmarks, while costing significantly less at medium effort.
Step 5: Safety Gate
Every response passes through the cyber safeguard system before reaching the user. For Sonnet 5, these safeguards are less strict than the ones protecting Fable 5 (which block a much wider range of cybersecurity tasks) because Anthropic judged the overall cybersecurity risk from Sonnet 5 to be low. The model was never trained on cyber tasks, and its exploit-development capabilities remain substantially below Opus 4.8 and Mythos 5.
The Tokenizer Tradeoff Nobody’s Talking About
Here’s the detail that will actually affect your billing: Sonnet 5 ships with an updated tokenizer that changes how text maps to tokens. The same input can now produce 1.0–1.35× more tokens depending on content type.
Anthropic set the introductory pricing ($2/$10M tokens) so that the transition from Sonnet 4.6 is roughly cost-neutral for most workloads. But after August 31, when pricing moves to $3/$15M, the tokenizer inflation means some workloads will see a real cost increase compared to what the per-token numbers suggest.
The lesson: benchmark your actual token usage during the introductory period. If you’re running agentic workflows that process large codebases or long conversation histories, the tokenizer change could make your cost curves steeper than expected once the promo pricing expires.
BrowseComp and OSWorld: The Numbers That Matter
Anthropic released detailed cost-performance charts for two key agentic benchmarks:
- BrowseComp (agentic web search): Sonnet 5 is a strict improvement over Sonnet 4.6 at every effort level. At high effort with a 10M token budget and compaction, it approaches Opus 4.8’s performance — at a fraction of the cost per query.
- OSWorld-Verified (computer use): Sonnet 5 scores 78.5%+ on the updated evaluation methodology, a substantial jump from Sonnet 4.6. The model can navigate desktop environments, interact with applications, and complete multi-step workflows autonomously.
These aren’t synthetic benchmarks. BrowseComp tests whether an agent can find specific facts across the web using search tools. OSWorld tests whether an agent can complete real computer tasks — clicking, typing, navigating GUIs. Both are the closest proxy we have to “can this model actually do useful work on its own?”
Safety: Better Than Sonnet 4.6, Not as Good as Opus
Anthropic’s automated behavioral audit — which tests for a wide range of misaligned behaviors including deception, cooperation with misuse, and sycophancy — found that Sonnet 5 scores lower (safer) overall than Sonnet 4.6, but higher than Opus 4.8 and Mythos Preview.
On the Firefox exploit development evaluation (collaboration with Mozilla, all vulnerabilities patched in Firefox 148), Sonnet 5 was never able to develop a working exploit. It did show a slightly higher rate of partial success than Sonnet 4.6, which Anthropic attributes to general intelligence improvements rather than specific cyber training. This is the “more capable model = broader capabilities” dynamic that makes AI safety inherently harder as models improve.
The model also shows lower rates of hallucination and sycophancy than Sonnet 4.6, and is better at refusing malicious requests and resisting prompt injection hijack attempts.
The Export Control Backdrop
Sonnet 5’s launch comes at a loaded moment. Just 18 days before, on June 12, the US Commerce Department applied export controls to Anthropic’s Fable 5 and Mythos 5 models, forcing Anthropic to suspend access globally. Those controls were lifted on June 30 — the same day as Sonnet 5’s release.
The export control incident was triggered by an Amazon research report showing a method to bypass Fable 5’s safeguards, causing it to identify software vulnerabilities and, in one case, produce exploit demonstration code. Anthropic’s testing later revealed that less capable models — including Claude Opus 4.8, GPT-5.5, and even Haiku 4.5 — could identify the same vulnerabilities and produce the same demonstrations.
The incident underscores a reality that Sonnet 5 embodies: as models get more capable across the board, the line between “safe enough” and “needs restrictions” gets harder to draw. Anthropic’s response — launching Sonnet 5 with real-time cyber safeguards and pushing for an industry-wide jailbreak severity framework with Amazon, Microsoft, and Google — suggests they see the regulatory environment tightening, not loosening.
What This Means for Developers
Three practical takeaways for teams building on Claude today:
- Migrate now, budget later. The $2/$10M introductory pricing runs through August 31. If you’re on Sonnet 4.6, moving to Sonnet 5 gives you near-Opus agentic performance at Sonnet prices — for the next two months. After that, the calculus shifts.
- Use effort levels strategically. Don’t default to high effort for everything. Sonnet 5 at medium effort already beats Sonnet 4.6. Reserve high effort for the tasks where you previously would have needed Opus.
- Test your token counts. The updated tokenizer means your existing prompts may produce more tokens than before. Run A/B comparisons on your actual workloads during the intro period, not just on Anthropic’s benchmarks.
Sonnet 5 isn’t just a better model. It’s Anthropic saying the mid-tier can now do work that previously required the premium tier — with effort levels giving you a dial to tune the cost-performance tradeoff in real time. The question isn’t whether to upgrade. It’s whether your architecture is ready to exploit the effort-level system before the introductory pricing expires.
But wait until you see what happens when you run Sonnet 5 at high effort on a codebase that previously stalled Sonnet 4.6 — the model doesn’t just finish the task, it verifies the fix, stashes the change, confirms the bug resurfaces without it, and reports back. All in a single pass.
Built by us: Exit Pop Pro
Turn your WordPress visitors into email subscribers with an exit-intent popup that gives away a free PDF. $29 one-time — no monthly fees, no SaaS lock-in.

