Introducing three notable classes of model sizes (Sonnet, Opus, above-Opus) is possibly the consequence of Anthropic needing to feed datacenters with three different classes of servers during the Claude 5 lifecycle: the smaller Nvidia 8-chip servers (H100/H200/B200), rack-scale Trainium 2, and TPUv7, each being able to serve larger models than the previous one efficiently. Meanwhile, OpenAI until very recently was stuck with mostly the 8-chip Nvidia servers and so had to use smaller models (they couldn’t serve their own Opus-class model efficiently), and only now they’re getting enough GB200/GB300 Oberon racks to offer an Opus-class flagship model soon. Though the Blackwell Oberon racks are better than Trainium 2, so there’s some advantage to what OpenAI will be able to serve compared to Opus 4, all else equal. And based on GPT-5.4 (which is likely in Sonnet’s weight class), currently OpenAI might be better at RLVRing capabilities than Anthropic for models of the same size, so OpenAI’s new Opus-class model might end up notably better than Opus 4. But by that time or a bit later Opus 5 will be released, so even if these considerations are on point, it’s still unclear which of them wins in the Opus weight class during late 2026.
Based on hardware considerations, I expect the prices per token for the above-Opus class of Anthropic model will start out high, maybe 4x the price of Opus 5 (which probably won’t change much compared to Opus 4), because they’d need to serve it on suboptimal hardware initially. And then the prices go down to maybe 2x the price of Opus 5 at the end of the year once the TPUv7 datacenters go online. This is what happened with Opus 4 over 2025, as Trainium 2 datacenters came online later in the year.
It seems like more of the same progress as we’ve been having so far, except it’s gotten sufficiently good at hacking (or: sufficiently smart to be very good at hacking) that [something something unprecedented cybersec danger].
If it’s the next level of pretraining compared to Opus 4 and Gemini 3 Pro, there’s potential for novel observations about what that does to the texture of capabilities. It’s the kind of thing that will predictably scale further soon without requiring algorithmic breakthroughs, and it’s not even clear that RLVR can be expected to deliver more phase changes in capabilities in the near future due to pure scaling than pretraining (even if it’s less than 1 phase change for either in expectation, until 2032 or so).
My biggest take is that this supports a recent shift I’ve had in my thinking: in the short run, I now worry more about AI causing severe disruption in cybersecurity, and somewhat less about biorisk. (Obviously, biorisk remains the more catastrophic danger, and we aren’t far from the point where that becomes critical).
Recent SOTA models including Opus 4.6 are right on the cusp of being able to cause major cyber disruptions, and it sounds like Mythos / Capybara is well into dangerous territory.
I think the cyber concern is legitimate but the framing is still very capabilities-centric. The more interesting thing about the Mythos situation is that Anthropic’s mitigation strategy is entirely structural, they’ll give defenders early access so they get a head start. Instead of them orchestrating an alignment intervention or capabilities restriction, they’re sequencing Mythos’s deployment. Who gets access, when, under what conditions. The model itself is dual-use by nature; the same capability that finds vulnerabilities for defenders finds them for attackers. What determines whether this net-positive or net-negative isn’t a property of the model, I believe it’s a property of the institutional context it’s deployed into.
Which makes the leak itself the most informative data point here. A company building what it describes as an AI model with unprecedented cybersecurity capabilities exposed the existence of that model through a CMS misconfiguration. That is an institutional failure (although perhaps failure is a strong word here). It’s the kind of thing that doesn’t show up in model evaluations at all. If the worry is that cyber offense will outpace defense, the bottleneck probably isn’t the single model’s capability curve. I believe that the real bottleneck lies in whether the organizations deploying these models can maintain the operational discipline the deployment strategy assumes.
I personally find it quite ironic that a company whose model represents “unprecedented cybersecurity risks” exposed the model’s existence via a basic CMS misconfiguration, lol. In any case, I imagine the per-token cost to be way higher than Opus 4.6, I wonder how usage windows will change after it gets deployed to the public
Why no one here is talking about Claude Mythos? I don’t have any takes, but I want to hear yours.
Introducing three notable classes of model sizes (Sonnet, Opus, above-Opus) is possibly the consequence of Anthropic needing to feed datacenters with three different classes of servers during the Claude 5 lifecycle: the smaller Nvidia 8-chip servers (H100/H200/B200), rack-scale Trainium 2, and TPUv7, each being able to serve larger models than the previous one efficiently. Meanwhile, OpenAI until very recently was stuck with mostly the 8-chip Nvidia servers and so had to use smaller models (they couldn’t serve their own Opus-class model efficiently), and only now they’re getting enough GB200/GB300 Oberon racks to offer an Opus-class flagship model soon. Though the Blackwell Oberon racks are better than Trainium 2, so there’s some advantage to what OpenAI will be able to serve compared to Opus 4, all else equal. And based on GPT-5.4 (which is likely in Sonnet’s weight class), currently OpenAI might be better at RLVRing capabilities than Anthropic for models of the same size, so OpenAI’s new Opus-class model might end up notably better than Opus 4. But by that time or a bit later Opus 5 will be released, so even if these considerations are on point, it’s still unclear which of them wins in the Opus weight class during late 2026.
Based on hardware considerations, I expect the prices per token for the above-Opus class of Anthropic model will start out high, maybe 4x the price of Opus 5 (which probably won’t change much compared to Opus 4), because they’d need to serve it on suboptimal hardware initially. And then the prices go down to maybe 2x the price of Opus 5 at the end of the year once the TPUv7 datacenters go online. This is what happened with Opus 4 over 2025, as Trainium 2 datacenters came online later in the year.
It seems like more of the same progress as we’ve been having so far, except it’s gotten sufficiently good at hacking (or: sufficiently smart to be very good at hacking) that [something something unprecedented cybersec danger].
If it’s the next level of pretraining compared to Opus 4 and Gemini 3 Pro, there’s potential for novel observations about what that does to the texture of capabilities. It’s the kind of thing that will predictably scale further soon without requiring algorithmic breakthroughs, and it’s not even clear that RLVR can be expected to deliver more phase changes in capabilities in the near future due to pure scaling than pretraining (even if it’s less than 1 phase change for either in expectation, until 2032 or so).
My biggest take is that this supports a recent shift I’ve had in my thinking: in the short run, I now worry more about AI causing severe disruption in cybersecurity, and somewhat less about biorisk. (Obviously, biorisk remains the more catastrophic danger, and we aren’t far from the point where that becomes critical).
Recent SOTA models including Opus 4.6 are right on the cusp of being able to cause major cyber disruptions, and it sounds like Mythos / Capybara is well into dangerous territory.
I think the cyber concern is legitimate but the framing is still very capabilities-centric. The more interesting thing about the Mythos situation is that Anthropic’s mitigation strategy is entirely structural, they’ll give defenders early access so they get a head start. Instead of them orchestrating an alignment intervention or capabilities restriction, they’re sequencing Mythos’s deployment. Who gets access, when, under what conditions. The model itself is dual-use by nature; the same capability that finds vulnerabilities for defenders finds them for attackers. What determines whether this net-positive or net-negative isn’t a property of the model, I believe it’s a property of the institutional context it’s deployed into.
Which makes the leak itself the most informative data point here. A company building what it describes as an AI model with unprecedented cybersecurity capabilities exposed the existence of that model through a CMS misconfiguration. That is an institutional failure (although perhaps failure is a strong word here). It’s the kind of thing that doesn’t show up in model evaluations at all. If the worry is that cyber offense will outpace defense, the bottleneck probably isn’t the single model’s capability curve. I believe that the real bottleneck lies in whether the organizations deploying these models can maintain the operational discipline the deployment strategy assumes.
Me neither, but for anyone else who’s interested: https://m1astra-mythos.pages.dev/
I personally find it quite ironic that a company whose model represents “unprecedented cybersecurity risks” exposed the model’s existence via a basic CMS misconfiguration, lol.
In any case, I imagine the per-token cost to be way higher than Opus 4.6, I wonder how usage windows will change after it gets deployed to the public