Anthropic is selling Claude Sonnet 5 partly by listing what it can't do.
The company released the new model on Tuesday as the default on its Claude Free and Pro tiers, with availability on Max, Team, and Enterprise plans. Pricing via Claude Code is $2 per million input tokens and $10 per million output tokens, under half what Anthropic charges for its flagship Claude Opus 4.8. On agentic benchmarks, the company says Sonnet 5 performs comparably to Opus 4.8: it can browse, use a terminal, plan multi-step tasks, and run with the kind of autonomy that previously required the larger and more expensive tier.
The pitch, however, is not just "cheaper agent." Anthropic's own announcement flags that Sonnet 5 shows "substantially poorer performance" on cybersecurity tasks than Opus 4.8 and the higher-end Mythos 5. That is an unusual disclosure to attach to a flagship product launch. Most labs prefer to talk about what their new model is better at.
The framing reads as deliberate. By putting the capability gap on the page itself, and naming the higher-end Mythos 5 as the model Sonnet 5 trails, Anthropic turns a limitation into a story about restraint. A buyer who might worry that the company is shipping dangerous capability by default gets, instead, a sentence reassuring them that the company is voluntarily holding something back. The fact that Anthropic has previously positioned Mythos 5 as a tier with elevated safety considerations also makes the downgrade legible as a category choice rather than a regression.
The timing matters. Earlier in June 2026, Anthropic pulled two of its more capable models offline without public explanation. The models in question, Mythos 5 and a model called Fable, were, by Anthropic's own description, the ones that could do the most. With them off the market, Sonnet 5 is what gets shipped at scale, and the company has an obvious interest in the public understanding that gap as a deliberate choice rather than a regulator-imposed ceiling.
That context makes the cybersecurity-downgrade disclosure look less like a confession and more like a market-segmentation move. The expensive, riskier tier stays nominally available in some form for safety-reviewed customers; the mass-market tier is positioned as the model you can buy without worrying about being handed a cyberweapon. The mid-tier price is then a feature, not a concession: you are paying less because the company has decided not to put its most capable cyber tooling in your hands.
Pricing pressure is also part of the picture. Anthropic and OpenAI are reportedly considering deeper price cuts as token-hungry AI agents proliferate and customers grow resistant to per-query costs. Sonnet 5's $2/$10 price point looks calibrated to hold that line while preserving a margin gap to Opus 4.8. A model that matches Opus 4.8 on the workloads enterprise customers care about most, including coding agents, browser agents, and multi-step workflows, and that the company has pre-emptively told you is held back on cybersecurity, is for many buyers the easier procurement story.
The benchmarks Anthropic points to are the usual agentic-evaluation suites: BrowseComp for web-browsing tasks and OSWorld-Verified from the XLANG Lab for desktop operating-system control. Sonnet 5's numbers there are reportedly close to Opus 4.8's. Independent benchmarks, such as the tracking maintained by MorphLLM, give a partial external view, though they cover older Claude variants more completely than Sonnet 5 at launch.
What to watch next: whether Anthropic publishes the exact benchmark deltas behind the cybersecurity downgrade, and whether any enterprise customer or independent safety researcher confirms or contests the framing. The other watch item is Mythos 5. Until the company says clearly what is and is not back on the market, every new Sonnet-tier release is implicitly a bet that buyers will accept the model they are given as the complete answer.