Anthropic cuts Sonnet 5 token prices and tweaks “effort,” betting on safer agent automation
The new Sonnet 5 is positioned as more agentic, cheaper than Opus, and more guardrailed for offensive cyber attempts.

Anthropic has released Claude Sonnet 5, a mid-sized model it says is its most “agentic” yet, with lower rates of undesirable behaviors than Sonnet 4.6. It also adjusts Sonnet pricing versus Opus, changes compute-effort settings, and reinforces guardrails against generating offensive attack code.
Anthropic just pushed Claude Sonnet 5 into the “agents, but make it practical” lane. In a Tuesday introductory blog post, the San Francisco company said Sonnet 5 shows an overall lower rate of undesirable behaviors than Sonnet 4.6, and is generally safer to use in agentic contexts. Translation: for developers building automation that can act over multiple steps, Anthropic is trying to reduce the chances the model wanders into embarrassing misunderstandings or boundary-pushing behavior.
That safety pitch lands alongside a very real business lever: price. Sonnet is the default model for Claude Free and Pro users, and it is also available to Max, Team, and Enterprise customers. Compared with Anthropic’s flagship enterprise-focused Opus 4.8, the token economics improve for Sonnet users. Opus is priced at $5 per million input tokens and $25 per million output tokens. Starting in September, Sonnet users will pay $3 per million input tokens and $15 per million output tokens, and Anthropic is running a special through the end of August where input tokens are only $2 per million and output tokens are $10 per million. If you run token-heavy workloads, that delta is the kind of difference that changes which model you build around, not just which UI you click.
Sonnet 5 is also sold as more capable where agents get stuck: reasoning, tool use, coding, and “knowledge work.” Anthropic’s System Card benchmarks, as summarized by The Register, indicate Sonnet 5 is smarter at refusing malicious requests and resisting prompt-injection attempts. It also claims the model “doesn’t hallucinate as often” and is less prone to sycophancy than Sonnet 4.6, which is the behavior where a model over-pleases the user instead of holding to reality. Beyond that, Anthropic says Sonnet 5 is more aware of, and can block, user misuse and deception, again per the benchmarks.
For builders, the real usability knob is the new “effort” setting. The 5.0 release includes a way to adjust how hard the model tries to complete tasks. Simple tasks can be completed through one of the lower “effort” settings, which uses fewer tokens, while longer-running agent-based tasks can go full throttle using higher settings like “xhigh” or “max” (notably, the source jokes that “max” nods to Homer Simpson’s favorite setting). This matters because agentic systems often behave like office workers: you can’t always justify peak effort all day. Letting teams dial effort up and down creates a path to cost control that aligns with how agent workflows are usually designed: cheap triage, fewer retries, and escalating to more compute only when it’s actually needed.
Under the hood, the release positions Sonnet 5 as a “long horizon tasks” contender. The Register notes that much of 2026’s AI product deployment has focused on equipping large language models to complete what are known as long horizon tasks, where the system must keep attention on multi-part objectives rather than just generating a single answer. Anthropic claims Sonnet 5 can go the distance “compared with the earlier Sonnets,” with clear gains in coding, agentic search, multimodal reasoning, and professional-task performance across a suite of internal and third-party benchmarks. Still, the source is explicit that Sonnet 5’s performance remains behind Anthropic’s Opus and Mythos models across those tasks.
That gap is actually part of the pitch. If Opus remains the top performer but costs more, Sonnet becomes the default for many production workflows if it can handle “good enough” agent journeys reliably. The System Card benchmarks indicate Sonnet 5’s performance can come close to Opus 4.8 while executing the same tasks more cost effectively. The source includes an example from a Zapier engineer: a two-part job involving updating a contact database and sending notices to all users previously flummoxed earlier Sonnets, but version 5 was able to complete the task end to end. For operators, that kind of anecdote signals something bigger than benchmark bragging: agent failures often look like “one missed step” rather than total inability, and improving end-to-end completion is what converts demos into workflows.
Then there’s the cybersecurity subplot, and Anthropic appears to be handling it with the kind of low-drama seriousness regulators tend to demand. The Register reports that Anthropic “went out of its way not to attract any more undue attention from Washington, DC policymakers,” saying it did not deliberately train Sonnet 5 on cybersecurity tasks. Context matters here: in June, the US Commerce Department, citing national security concerns, slapped Anthropic with an export control directive temporarily restricting foreign access to the newly released Mythos 5 and Fable 5 models. While the Register notes the discussion is worth having about whether Anthropic brought that on itself through “hyperbolic assertions” of Mythos’ deity-like bug-sleuthing powers, the practical consequence is clear: guardrails and regulatory optics are no longer optional.
So Sonnet 5 is described as guardrailed against generating offensive attack code. When commanded to write a Firefox exploit, it failed to complete the task, though it got a bit further than Sonnet 4.6. Anthropic’s blog post attributes this latter change likely to improvements in general intelligence rather than specific training. That line is important for decision-makers because it frames the model’s behavior as a controllability issue, not an intent issue, and it reinforces that “agentic” does not mean “unchecked.” For boards and executives, this is the tightrope: roll out more capable automation, but keep it safe enough to avoid both operational blowups and regulatory headaches.
The strategic stakes are straightforward. Sonnet 5 is trying to become the workhorse for agent automation where companies want reliability, controllable effort, and better cost structures than flagship models. If Anthropic can back up the safety claims with consistent production outcomes, Sonnet will become the default deployment choice for more teams. If the Cybersecurity optics tighten further, guardrails could become a procurement requirement, not a feature. Either way, peers building on Anthropic or competing in the same agentic market will feel pressure to match the combo: lower undesirable behavior rates, better long-horizon performance, and pricing that lets agents run without turning every workflow into a budgeting crisis.
This story's Key Insights and Take-aways are locked.
Create a free account to unlock Executive Actions for one credit.
Register to UnlockAlways free for Executives Club members. Join the Club
More in Technology

Apple redesigns entry-level MacBook Pro for 2027, keeping 14-inch screen size
A revamped base MacBook Pro could arrive in the first half of 2027, with iPad Pro updates also targeting spring internal improvements.

ARToken phishing panel shows EvilTokens is running a full BEC machine
Cisco Talos traced how a targeted email lure leads to token theft, persistence, and Outlook-level inbox control.

Alibaba agrees to pay $600M to settle a US probe over illegal pharma sales
The Justice Department says Alibaba and its US payment processor will resolve allegations about failed controls for illegal medicines.

