Just now, Anthropic officially launched the new model Claude Sonnet 5, calling it "the most agent-like Sonnet model to date," capable of planning, using tools such as browsers and terminals, and autonomously performing tasks at a level that previously required larger, more expensive models months ago.
Sonnet 5 offers significant improvements over Sonnet 4.6 in reasoning, tool use, programming, and knowledge work, approaching the performance of Opus 4.8 at a lower price.

The official statement indicates that the AI Agent era for developers began with Sonnet-level models: Claude Sonnet 3.5, 3.6, and 3.7 were the first to demonstrate notable capabilities in programming and tool usage. However, in recent times, the most significant improvements in Agent capabilities have primarily emerged in Opus-level models.
Claude Sonnet 5 significantly narrows this gap: its performance is now close to Opus 4.8, but at a lower cost. Compared to its predecessor, Sonnet 4.6, it offers substantial improvements in key agent performance dimensions such as reasoning, tool use, programming, and knowledge work, as illustrated in the chart below:

The chart below compares Sonnet 5 with Sonnet 4.6 and Opus 4.8 on agent search evaluations BrowseComp and OSWorld-Verified across varying levels of effort:
- Sonnet 5 (orange line) demonstrates clear performance improvements over Sonnet 4.6 (gray line) and offers a broader range of cost-performance options than Opus 4.8 (yellow line).
- With moderate effort, Sonnet 5 significantly improves cost efficiency; with greater effort, its performance on certain tasks can rival that of Opus 4.8.
- Between Sonnet 5 and Opus 4.8, users can flexibly adjust effort levels based on specific tasks to find the optimal cost-performance balance for their needs.

The cost-performance curves under varying levels of effort are shown above. The previous best Sonnet model (Sonnet 4.6) fell far short of Opus 4.8. Sonnet 5 offers a broader range of cost-performance options than Sonnet 4.6 and can reach Opus 4.8’s capability levels in certain cases. The pricing for Sonnet 5 shown in the chart is $3 per million input tokens and $15 per million output tokens. With the early access price through August 31 ($2 per million input tokens and $10 per million output tokens), Sonnet 5’s actual cost is even lower than what is depicted in the chart. Opus 4.8 is priced at $5 per million input tokens and $25 per million output tokens.

Feedback from Anthropic’s early access partners has been consistent: Sonnet 5 demonstrates significantly stronger agentic capabilities than its predecessor. Testers describe it as being able to complete complex tasks—where previous Sonnet models would stall midway—proactively checking its own outputs without explicit prompting, and accomplishing all of this agentic work at an exceptionally attractive price:

Security Assessment
Anthropic’s pre-deployment safety assessment found that Sonnet 5 shows overall improvements over Sonnet 4.6. In terms of autonomous agent safety, the model performs better at rejecting malicious requests and resisting hijacking attempts via prompt injection attacks. The model’s hallucination rate and flattery rate are both lower than those of Sonnet 4.6. In automated behavior audits (testing a broad range of inappropriate behaviors, such as assisting abuse and deception), Sonnet 5 scored lower (i.e., safer).
However, compared to the more capable Opus 4.8 and Claude Mythos Preview, it did exhibit a slightly higher rate of inappropriate behavior in this evaluation.

The chart above shows the rate of inappropriate behaviors in automated behavior audits, which tested a wide range of undesirable behaviors across multiple scenarios and contexts (see Section 6.4 of the Sonnet 5 System Card for the complete list and results of each behavior). Sonnet 5 has a lower rate of inappropriate behaviors overall than Sonnet 4.6, but a higher rate than Mythos Preview and Opus 4.8.
Anthropic stated that they did not specifically train Sonnet 5 on cybersecurity tasks. It can perform some routine, harmless network tasks, but its performance is significantly weaker than models like Opus 4.8 and Mythos 5 when evaluating potentially dangerous cybersecurity skills, such as developing software exploits.
The chart below shows the score for one of the evaluations, which tested the model's ability to develop exploits for Firefox browser vulnerabilities. Sonnet 5 consistently failed to produce a fully functional exploit, but its partial success rate was slightly higher than that of Sonnet 4.6. This improvement in the latter may stem from enhanced general intelligence rather than specific training.

The chart above shows the scores for successful exploit development against software vulnerabilities in Firefox 147 (this evaluation was developed in collaboration with Mozilla; all vulnerabilities have been patched in Firefox 148). For each model, the left bar represents the frequency with which the model successfully developed an exploit (without security guardrails), and the right bar represents the frequency of partial successes. Both Sonnet models failed to develop any successful exploits (both scored 0.0%); Sonnet 5 had a slightly higher partial success rate than Sonnet 4.6. The web capabilities of both Sonnet models are significantly weaker than those of Opus 4.8 and Mythos 5.
Since Sonnet 5 is slightly more capable on these tasks than its predecessor, Anthropic has enabled network security guardrails by default. These guardrails—which can detect and block dangerous network usage in real time—are the same as those in Claude Opus 4.7 and 4.8 (since Anthropic judges Sonnet 5’s overall network security risk to be lower, its guardrails are less strict than those enabled on Fable 5, which blocks a broader range of network security tasks).
For a complete evaluation report on Sonnet 5 across multiple safety and capability assessments, see the Claude Sonnet 5 System Card.
Pricing
Starting today, Claude Sonnet 5 is now officially available on all channels. To celebrate the launch, Anthropic is offering a limited-time introductory price:
- From now until August 31, 2026: Input is $2 per million tokens, output is $10 per million tokens.
- Standard pricing resumes: $3 per million input tokens, $15 per million output tokens
Meanwhile, they announced a comprehensive increase in rate limits for Chat, Cowork, Claude Code, and the Claude platform to accommodate the higher token consumption associated with the increased "effort" mode.
Important Notes
Cybersecurity verification
Sonnet 5 has been included in Anthropic's Cybersecurity Verification Program. The program is now available on the following platforms:
- Claude native platform
- Claude platform on AWS
- Claude in Microsoft Foundry (hosted on Azure and Anthropic)
Claude will also be supported on Google Vertex soon.
Organizations already enrolled in the program automatically receive equivalent access on Sonnet 5 without needing to reapply. If your cybersecurity work requires fewer security restrictions, Anthropic recommends using Claude Opus 4.8.
Tokenizer Update and Pricing Information
Sonnet 5 is an upgrade to Sonnet 4.6, featuring a brand-new tokenizer designed to optimize text processing performance (similar to the tokenizer changes introduced in Claude Opus 4.7).
The change means that the same input content will now be mapped to more tokens, with an increase of approximately 1.0 to 1.35 times, depending on the type of content.
To this end, Anthropic has set an introductory price to ensure that users' overall usage costs remain approximately the same when transitioning to Sonnet 5.
Rate Limit Adjustment Instructions
On April 26, 2026, Anthropic increased rate limits for the Sonnet and Haiku models across all usage tiers and simplified the native Claude platform's plans into three tiers: Start, Build, and Scale.
In this update, Anthropic has further increased the rate limits for Chat, Cowork, Claude Code, and the Claude platform to accommodate the higher token consumption associated with the increased "effort" mode.
You can view your current tier and specific limits in the Claude Console, or refer to the documentation for more details.
Correction Note for Evaluation Score (Supplement)
- Humanity’s Last Exam: Anthropic has updated its scoring model for this evaluation, revising Sonnet 4.6’s score to 34.6% (without tools) and 46.8% (with tools). This differs from the figures reported in Sonnet 4.6’s launch blog post, and we hereby clarify this update.
- OSWorld-Verified: Anthropic has optimized the evaluation methodology to more accurately reflect the model's performance in real-world scenarios and has corrected Sonnet 4.6's score to 78.5%. This is also the reason for the discrepancy with the data in the Sonnet 4.6 release blog.
Developer onboarding feedback
As soon as Claude Sonnet 5 was released, people have already started testing it out.
User Nicolas Bustamante said he particularly likes Sonnet 5 because it’s fast and optimized for agents. “My favorite example is browser usage: it’s both fast and secure.”
According to the system card results, the success rate of prompt injection attacks in browser use cases is 0.93% for Sonnet 5, 31.5% for Opus 4.8, and 50.7% for Sonnet 4.6.

However, some netizens said, "Too expensive."

According to Artificial Analysis, Claude Sonnet 5 has an operational cost of $2.29 per task on the Intelligence Index, approximately double that of Sonnet 4.6 and about 15% higher than Claude Opus 4.8. This increase in cost is entirely driven by higher token usage, making Claude Sonnet 5 one of the most expensive models to run, second only to Claude Fable 5.

What about you? What do you think of the new model? Leave a comment and join the discussion!
Reference link:
https://x.com/claudeai/status/2072017450611142835
https://www.anthropic.com/news/claude-sonnet-5
https://x.com/ArtificialAnlys/status/2072062595482456431
This article is from the WeChat public account "Machine Heart" (ID: almosthuman2014), authored by someone interested in AI.
