General availability announcements are usually boring. This one has a footnote worth reading.
Anthropic announced Claude Opus 4.7’s GA transition on April 16, two days before this reporting window, and two days after TJS’s prior coverage of the model’s agentic API controls and developer workflow implications. The GA status itself isn’t new ground for this publication. What is new: Anthropic’s explicit disclosure that the production model’s offensive cyber-capabilities were intentionally reduced relative to the preview variant.
That’s not a standard element of a GA announcement.
What the GA transition actually changed
Per Anthropic’s announcement, Claude Opus 4.7 is now available via Anthropic’s direct API and, per AWS documentation, through Amazon Bedrock. The model features a one-million-token context window. These facts are consistent with the technical specifications covered in prior reporting.
The context window is significant for the audience most likely using this model. A million tokens is enough to hold the full codebase of a mid-size software project in a single context. That’s the operational reality behind the agentic engineering workflows Anthropic has been positioning this model for since the preview.
Pricing is unchanged from Claude 4.6, per available information.
The Project Glasswing disclosure
Here’s what’s new. Anthropic states that Opus 4.7 carries “differentially reduced” offensive cyber-capabilities compared to the Claude Mythos Preview variant. The production model was tuned, deliberately, to be less capable of certain offensive cyber operations than its restricted preview predecessor. Anthropic describes this as compliance with what it calls Project Glasswing safety protocols.
This claim comes from Anthropic’s own announcement materials. The primary source URL is broken, and this specific claim requires source hint resolution before it can be confirmed as accurately quoted. The framing here, “Anthropic states”, is deliberate.
What the disclosure represents, if confirmed, is something genuinely uncommon: a frontier lab publicly documenting that its production model has been intentionally capability-restricted in a specific domain, by name, with a named safety protocol attached. Most capability restriction decisions are invisible to developers and enterprise buyers. This one is described as a feature.
Enterprise security and compliance teams should read this carefully. A model that is explicitly constrained in offensive cyber-capability is a different compliance profile than a general-purpose model with undefined limits. Whether Project Glasswing becomes a named framework that other labs adopt, or remains a one-off Anthropic disclosure, is worth tracking.
The benchmarks: what you can and can’t conclude
Anthropic’s technical report cites 87.6% on SWE-bench Verified and 64.3% on SWE-bench Pro. These figures are from Anthropic’s own reporting. Independent evaluation from Epoch AI was cited by the Wire as accompanying these benchmarks, but the Epoch URL does not currently resolve, meaning those figures cannot be independently confirmed from available sources. The correct framing is: according to Anthropic’s technical report, these are the scores. Independent confirmation is pending.
Anthropic also reports 64.4% retrieval accuracy on its Finance Agent v1.1 internal benchmark. That’s a self-reported internal benchmark, not a standard third-party evaluation. It tells you something about the model’s retrieval capability in a specific Anthropic-designed scenario. It doesn’t generalize to your retrieval use case without testing.
What to watch
Two things matter from here. First: does the Epoch AI benchmark evaluation for Opus 4.7 become accessible? Independent evaluation changes the confidence level on those SWE-bench figures. Second: does Project Glasswing documentation become publicly available? If Anthropic has published a safety protocol framework, other frontier labs will face pressure to disclose comparable frameworks, or explain why they haven’t. That’s a governance story with legs.
TJS synthesis
The Claude Opus 4.7 GA story isn’t the capability numbers. Other outlets have the numbers. The story is what Anthropic chose to disclose alongside the numbers: that the production model was intentionally shaped to be less capable in a specific high-risk domain, and that a named protocol governed that decision. Developers and compliance teams who understand that distinction are reading a different announcement than those who stopped at the context window and the benchmark scores.