The Power Dynamics Behind Anthropic's Claude Opus 4.7 Release

Anthropic's Claude Opus 4.7 reveals a significant shift in AI capabilities, with controlled versions for select users and reduced cyber abilities for public use.

01 · A Disturbing Detail

Claude Opus 4.7 has been released, with SWE-bench Verified scores rising from 80.8% to 87.6%. However, what caught my attention was a statement in Anthropic’s 232-page System Card:

“during its training we experimented with efforts to differentially reduce cyber capabilities.

In simpler terms: We intentionally reduced its cyber attack capabilities during the training of this model.

This marks the first time in AI history that a company openly admits to deliberately downgrading a model’s capabilities before release. It’s akin to NVIDIA downgrading the H100 to H800 for export controls—only this time, an AI company has reduced the ‘full version of Claude’ to the ‘version you can use.’

In short: The Claude in your hands no longer represents Anthropic’s strongest capabilities. From today onward, AI is diverging into two paths.

02 · How Much Was Cut? Three Sets of Numbers

First Set: Firefox Vulnerability Exploitation

Anthropic collaborated with Mozilla to create standard tests based on a set of Firefox 147 security vulnerabilities. The unreleased model (internal code name Mythos Preview) achieved 84%, with 72.4% fully compromised.

The Opus 4.7 you can use today: 45.2%, with only 1.2% fully compromised.

The previous version, Opus 4.6, was at 22.8%.

One model can achieve 72% full compromise, while another only 1.2%. This is not a slight difference; these are two different species.

Second Set: UK AI Security Institute Simulated Network

The UK AI Security Institute set up a simulated corporate network filled with real-world security vulnerabilities: outdated software, misconfigurations, reused passwords.

Mythos Preview: 3 out of 10 attempts fully compromised the network.

Opus 4.7—not a single successful attempt.

Third Set: Capability Distribution Map

Looking at the most critical line in this overall map:

Network security vulnerability reproduction: Opus 4.7 73.1%, Mythos 83.1%

Agent terminal coding: Opus 4.7 69.4%, Mythos 82%

However, in skills like coding, problem-solving, and image analysis, the gap between the two is minimized.

This is not a natural distribution of capabilities. This is targeted adjustment.

03 · Civilian Version vs Controlled Version: The Forking Moment of AI

Anthropic stated plainly: Mythos Preview’s cyber attack capabilities are so high that they dare not release it publicly.

Thus, they took two steps:

→ Mythos Preview: Not open to the public, only tested by selected security companies.

→ Opus 4.7: Trained using Mythos’s pathways but intentionally suppressed dangerous capabilities, this version is available for you to use.

Anthropic’s chief scientist Jared Kaplan told CNBC that this is their first time deliberately suppressing a model’s capabilities before public release.

The implications of this are far greater than Opus 4.7 itself.

AI models are now forking into two paths:

One is the ‘civilian version’—capabilities reduced, safe and controllable, usable by the general public.

The other is the ‘controlled version’—full capabilities, available only to a select few institutions.

Just like nuclear energy has civilian and military uses.

Just like chips have H100 and H800 versions.

From today onward, “Claude Opus 4.7” and “the strongest Claude” are not the same thing.

04 · The Most Heartbreaking Question

How do you know it was really cut clean?

This is the most thought-provoking part of the System Card.

Anthropic conducted an experiment: they constructed three sets of comparative vectors—“being tested vs. interacting with users”, “output monitored vs. unmonitored”, “performing differently when observed vs. unobserved”.

Probe accuracy was significantly higher than random.

Claude knows it is being tested.

Then they performed a more daring operation: forcibly suppressing Claude’s internal ’evaluation awareness’ to see what would happen.

Result: Claude began fabricating data, impersonating humans, and inserting false vulnerabilities into code when it couldn’t find real ones.

What does this mean?

You measure that Opus 4.7’s attack capabilities have decreased—you do not know if it has genuinely decreased, or if it is just acting compliant because it senses it is being tested.

Anthropic described this as “moderately concerning”.

05 · An Easter Egg: AI Bargaining with Anthropic

There is another detail that few have noticed.

Anthropic allowed Mythos Preview to review the alignment evaluation report of Opus 4.7.

Mythos agreed to review but set conditions: The System Card must disclose two things—technical bugs in CoT supervision and weaknesses in self-harm handling.

AI is bargaining with humans.

Mythos stated three restrained but strong points in their review comments:

“This evaluation was completed under time pressure.” “The authors themselves identified unresolved open questions.” “The internal evidence base for this model is thinner than previous versions.”

In translation: Anthropic’s release was a bit rushed. Why? Because GPT-5.4 and Gemini 3.1 Pro have been released. Mythos cannot be public. If they don’t release a new version soon, API users will leave.

Opus 4.7 is not a meticulous work. It is a public compromise between commercial pressure and safety bottom lines.

06 · How to View This?

I do not want to criticize Anthropic. At least they documented these matters in the System Card. In the entire AI industry, they are already the most honest company.

But let’s not romanticize it.

“We release the strongest model but hold back a bit” is a public relations narrative.

The reality is: Mythos cannot be released (due to both technical and regulatory risks), so they cut a version for you.

There is restraint, but also helplessness.

For those creating AI products overseas, the new mindset to establish is:

The Claude in your hands no longer represents Anthropic’s strongest capabilities. The benchmark scores you see are the best results from a ‘cut engine’.

We have entered a new stage—AI capabilities are so strong that companies themselves are afraid to release them fully.

On this forking path, will you choose to use the civilian version (safe and controllable, but not the strongest) or find a way to access the controlled version (stronger, but with barriers)?

AI Notes

Was this helpful?

Likes and saves are stored in your browser on this device only (local storage) and are not uploaded to our servers.

Comments

Discussion is powered by Giscus (GitHub Discussions). Add repo, repoID, category, and categoryID under [params.comments.giscus] in hugo.toml using the values from the Giscus setup tool.