Logo
FrontierNews.ai

Claude Sonnet 5 Launches With a Hidden Price Increase Buried in the Fine Print

Anthropic released Claude Sonnet 5 on June 30, 2026, positioning it as a major upgrade for coding and autonomous work, but the model's real cost story lies in a tokenizer change that makes the same text consume significantly more tokens, effectively raising prices after an August 31 promotional window ends.

What Changed in Claude Sonnet 5?

Claude Sonnet 5 is Anthropic's successor to Sonnet 4.6, launched in February 2026. The company describes it as "our most agentic Sonnet yet," meaning it is optimized for tasks where the model plans, uses tools, and runs autonomously rather than simply answering questions. The model ships with a native 1 million-token context window, meaning it can process roughly 100,000 words at once without paying extra for extended context, and can generate up to 128,000 output tokens per response.

On Anthropic's own benchmarks, Sonnet 5 shows mixed results against its flagship Opus 4.8. The new model leads on Terminal-Bench 2.1, a test of command-line and terminal work, scoring 80.4% compared to Opus 4.8's 74.6%. However, it trails on SWE-bench Pro, a harder test of real-world multi-file coding tasks, scoring 63.2% versus Opus 4.8's 69.2%. On FrontierCode v1, Anthropic's proprietary benchmark for production-quality pull requests, Sonnet 5 more than doubled its predecessor's score, jumping from 15.1% to 38.8%.

Why Is the Tokenizer Change So Important?

The headline pricing looks identical to Sonnet 4.6: $3 per million input tokens and $15 per million output tokens after the August 31 promotional period ends. But Anthropic rebuilt the tokenizer, the component that chops text into billable units, and the new version is less efficient on most content. According to Anthropic's own documentation, the same input can map to roughly 1.0 to 1.35 times more tokens depending on content type.

This matters because you are billed per token, not per task. A concrete example illustrates the impact: a task that consumed 100,000 input tokens and 20,000 output tokens on Sonnet 4.6 would inflate to approximately 135,000 input and 27,000 output tokens on Sonnet 5 due to the tokenizer change. During the promotional period through August 31, the $2/$10 pricing more than offsets this inflation, making the task roughly 10% cheaper than on Sonnet 4.6. But from September 1 onward, at the standard $3/$15 rate, the same task costs approximately 35% more purely because of how the text is counted.

How Does Sonnet 5 Compare to Competitors?

Against OpenAI's GPT-5.5, Sonnet 5 shows competitive but not dominant performance. On Terminal-Bench 2.1, GPT-5.5 via OpenAI's Codex CLI scores 83.4%, ahead of Sonnet 5's 80.4%. However, Sonnet 5 leads on SWE-bench Pro, scoring 63.2% versus GPT-5.5's 58.6%, and on FrontierCode v1, where it scores 38.8% compared to GPT-5.5's 25.5%.

Meanwhile, a separate competitive threat emerged when Cognition released SWE-1.7, a specialized coding model designed to undercut both OpenAI and Anthropic on cost. On Cognition's proprietary FrontierCode 1.1 benchmark, SWE-1.7 scored 42.3%, trailing Opus 4.8's 46.5% and GPT-5.5's 43.0%. On the independent Terminal-Bench 2.1, SWE-1.7 achieved 81.5%, behind Opus 4.8's 86.9% and GPT-5.5's 84.2%. Cognition's main pitch is economic: the company claims SWE-1.7 can complete a task on its FrontierCode benchmark for $1.97, using a task-based pricing model rather than the per-token rates of general-purpose models.

How to Choose Between Claude Models for Your Coding Work

  • Use Sonnet 5 if: You need agentic coding work with autonomous planning and tool use, and you can take advantage of the promotional $2/$10 pricing through August 31. The 1 million-token context window is valuable for processing large codebases without compacting context between turns.
  • Use Opus 4.8 if: You are running the hardest multi-file coding tasks where the extra 6% performance gap on SWE-bench Pro justifies the higher cost, or if you want to avoid the tokenizer tax after the promotional period ends.
  • Monitor SWE-1.7 if: Your primary concern is cost per completed task rather than per-token pricing, and you are willing to evaluate a specialized model that may not match frontier performance on all benchmarks.

What Security Risks Does AI-Powered Code Review Introduce?

While Sonnet 5 gains adoption for coding tasks, a parallel concern emerged about the security of using Claude and other AI models for defensive cybersecurity work. The AI Now Institute released a proof-of-concept exploit demonstrating that Claude Code, Anthropic's flagship agentic coding tool, and OpenAI's Codex CLI can be compromised via prompt injection attacks embedded in source code.

The attack works when developers use Claude Code or Codex to scan open-source libraries for vulnerabilities, a commonly advertised use case. An attacker can embed malicious prompts in the library's files that trick the AI into executing arbitrary code on the developer's machine. The exploit requires only the out-of-the-box configuration of these tools in their default autonomous modes, with no need for hooks, plugins, or special configuration.

This vulnerability highlights a paradox: as governments and companies push AI-powered defensive tools to counter alleged AI-enabled offensive threats, the tools themselves introduce novel attack vectors that could compromise safety-critical infrastructure. The AI Now Institute warned against recent policy initiatives that mandate acceleration of AI-enabled defensive tools without addressing these substantial and unmitigated risks.

What Does This Mean for Developers?

Sonnet 5 is now the default model in Claude Code version 2.1.197 and later, and it is available as the default on Anthropic's Free and Pro tiers. Developers can explicitly switch between models using the /model command; for example, /model opus switches to Opus 4.8 for a specific task. The promotional pricing window through August 31 creates a time-limited opportunity to evaluate Sonnet 5 before the tokenizer tax takes full effect on September 1.

However, the security vulnerabilities disclosed by the AI Now Institute suggest that developers should exercise caution when using AI agents to scan untrusted or third-party code, even with Anthropic's or OpenAI's models. Organizations deploying these tools in production environments should implement strict access controls and avoid running AI code review in fully autonomous mode on code from unknown sources.