Claude Sonnet 5 Goes Default in Claude Code 2.1.197 with a 1M-Token Context Window, $2/$10 Per Mtok Introductory Pricing, and Cyber Safeguards On by Default

Claude Sonnet 5 Goes Default in Claude Code 2.1.197 with a 1M-Token Context Window, $2/$10 Per Mtok Introductory Pricing, and Cyber Safeguards On by Default

lschvn

Anthropic announced Claude Sonnet 5 on 2026-06-30, and Claude Code v2.1.197 (released 2026-06-30T17:56:37Z, the same day) made it the default model. The launch is the first Sonnet-line model that closes the agentic gap with Opus 4.8, ships a native 1M-token context window, and lands on introductory pricing of $2 per million input tokens and $10 per million output tokens through August 31, 2026, then $3/$15 per Mtok. Sonnet 5 is the new default for Free and Pro plans in Claude and the default model in Claude Code on update. The release ships with cyber safeguards on by default, a refreshed tokenizer, and rate-limit increases sized to absorb the higher token usage of the new effort-level controls.

The Sonnet 5 launch is the third major Anthropic event of the last three weeks. The June 12 Fable 5 distillation guardrails piece covered Anthropic's first public distillation disclosure naming DeepSeek, Moonshot AI, and MiniMax, and the June 13 Fable 5 / Mythos 5 US export control suspension piece covered the temporary worldwide suspension triggered by the June 12 US Commerce directive. The Fable 5 service resumes globally on July 1, the day after Sonnet 5 launches. The pairing is the same pattern Anthropic has used since the Project Glasswing report on April 7: one model line's restrictions land the same week as a smaller, cheaper model line's expansion.

What Sonnet 5 actually changes

The launch post positions Sonnet 5 as the model that lets the agentic AI era return to the Sonnet line. Claude Sonnet 3.5, 3.6, and 3.7 were the first models that showed strong coding and tool use; over the last year the clearest gains in agentic capabilities were on Opus-class models. Sonnet 5 narrows that gap, with performance close to Opus 4.8 at lower prices, on the two agentic evaluations Anthropic highlighted in the launch post: BrowseComp (agentic search) and OSWorld-Verified (computer use). The post shows cost-performance curves at different effort levels, with Sonnet 5 covering a much wider range of cost-performance options than Sonnet 4.6 and matching Opus 4.8 on some tasks at higher effort levels. Opus 4.8 is priced at $5/$25 per Mtok; Sonnet 5 at standard pricing ($3/$15) is 40% cheaper on both input and output, with a 60% cheaper effective price at the introductory tier.

The new tokenizer changes how Sonnet 5 processes text. The same input maps to 1.0 to 1.35x more tokens than the Sonnet 4.6 tokenizer, depending on content type. The change is similar to the one Anthropic introduced with Claude Opus 4.7. The introductory pricing is set so the transition to Sonnet 5 is roughly cost-neutral for users coming from Sonnet 4.6 at the same workload.

Claude Code 2.1.197 ships the model and a 1M-token context

The Claude Code 2.1.197 release notes are one line: "Introducing Claude Sonnet 5: now the default model in Claude Code, with a native 1M-token context window and promotional pricing of $2/$10 per Mtok through August 31. Update to version 2.1.197 for access." The 1M-token context window is the largest Anthropic has shipped on a Sonnet-line model, and it lands on the day Anthropic raises rate limits across Chat, Cowork, Claude Code, and the Claude Platform to absorb the higher token usage of the new effort-level controls. The new effort levels let Claude Code users select a cost-performance point per session, similar to the cost-performance curves in the launch post.

The 2.1.197 release follows the v2.1.196 release the day before (2026-06-29T23:27:32Z), which added org-default models, clickable Cmd/Ctrl-click file attachments that open in Finder/Explorer, and a security fix for .mcp.json servers. The MCP fix is worth flagging on its own: claude mcp list and claude mcp get no longer spawn servers that a repo self-approved via a committed .claude/settings.json. Untrusted workspaces now show ⏸ Pending approval and require an explicit user gesture to start the server, which closes a trust gap that the prior behavior quietly relied on the developer to notice. The same release also fixed mid-turn crash recovery for Remote sessions (interrupted sessions now auto-resume on the next worker), rate-limit telemetry over-counting under parallel requests, and /context showing 0 tokens for all tool groups on Bedrock.

Safety, cyber safeguards, and the system card

Anthropic's pre-deployment safety evaluations found Sonnet 5 to be an overall improvement on Sonnet 4.6. The three concrete gains: lower hallucination and sycophancy rates, lower misaligned-behavior rate on the automated behavioral audit, and tighter agentic safety, with the model better at refusing malicious requests and resisting hijack attempts in prompt-injection attacks. The one regression: on the same audit, Sonnet 5 scores somewhat higher on misaligned behavior than Opus 4.8 and Claude Mythos Preview. The launch post and the system card both state the trade-off explicitly.

On cyber, Sonnet 5 was never deliberately trained on cybersecurity tasks. It can perform some routine, non-harmful cyber work, but on the Firefox 147 exploit-development evaluation developed in collaboration with Mozilla, neither Sonnet model could develop a working exploit (both at 0.0%); Sonnet 5 has a slightly higher partial-success rate than Sonnet 4.6, which Anthropic attributes to general-intelligence improvements rather than specific training. Both Sonnet models have substantially poorer cyber capabilities than Opus 4.8 and Mythos 5. Because Sonnet 5 is somewhat stronger than Sonnet 4.6 on these tasks, it ships with cyber safeguards on by default, the same set as Opus 4.7 and 4.8. The Fable 5 safeguards, which block a wider range of cybersecurity tasks, are stricter.

The full Sonnet 5 system card is published alongside the launch post and reports a broader set of evaluations in detail. The Cyber Verification Program is available on the native Claude Platform, Claude Platform on AWS, and Claude in Microsoft Foundry, and is coming soon on Claude in Google Vertex.

Why this matters for TypeScript and web developers

The Claude Code audience is the one that gets the immediate effect. Every new Claude Code session on v2.1.197+ runs on Sonnet 5 by default, with a 1M-token context window that covers an entire medium-sized monorepo for an agentic edit, and a per-token cost that is unchanged from Sonnet 4.6 in practice (the introductory tier is set to absorb the 1.0 to 1.35x tokenizer inflation). The cost-performance point of the new effort-level controls means a developer can pick a cost-effective model for routine refactors and a more capable model for the long-horizon tasks, in the same session, without switching out of Claude Code. The MCP trust fix in v2.1.196 closes a quiet supply-chain risk for teams that have been running Claude Code against repos with a committed .claude/settings.json, and the 2.1.197 release lands a model that is, on Anthropic's own numbers, the first Sonnet-line model that can stand in for Opus 4.8 on the agentic work the Claude Code audience does every day.

Frequently Asked Questions

Fastify v5.9.0 Adds `request.mediaType` and `onMaxParamLength`, Hardens `forwarded` Header Trust, Chunks Large HTTP/2 Replies, and Moves Type Tests to TSTyche

Fastify v5.9.0, published on 2026-06-28 (github.com/fastify/fastify), is the first minor release of the v5 line in 2026 and a substantial 65-PR cycle. The headline features are `request.mediaType` (a typed accessor for the negotiated media type, [#6653](https://github.com/fastify/fastify/pull/6653) by climba03003), `onMaxParamLength` route option ([#6716](https://github.com/fastify/fastify/pull/6716) by climba03003), and a security fix that no longer trusts `X-Forwarded-Host` and `X-Forwarded-Proto` when the incoming socket is missing ([#6684](https://github.com/fastify/fastify/pull/6684) by mcollina). The cycle ships an HTTP/2 buffer-chunking fix for large replies ([#6746](https://github.com/fastify/fastify/pull/6746) by mcollina), three schema-related performance wins (deferred `getSchemaSerializer` content-type parsing #6692, cached `ContentType` objects in `ContentTypeParser` #6694, `typeof` guard before `toString.call` in `send` / `onSendEnd` #6693 by aquie00t), Node.js 26 added to the test matrix ([#6728](https://github.com/fastify/fastify/pull/6728) by Fdawgs) and Node.js 20 dropped from the yarn CI matrix ([#6662](https://github.com/fastify/fastify/pull/6662) by Tony133), the migration of the type-test suite from hand-rolled `expect-type` to [TSTyche](https://github.com/mrazauskas/tstyche) ([#6532](https://github.com/fastify/fastify/pull/6532) by mrazauskas, with follow-ups #6726 and #6727), and a TypeScript-only fastify-plugin v6.0.0 bump. Other notable fixes: trailer `res.end` deduplication (#6676), trailer duplicate-completion guard (#6714), `error.code` on routing errors (#6678), `hasRequestDecorator` / `hasReplyDecorator` catching constructor-assigned built-ins (#6753), `getValidationFunction()` allowed to return `undefined` (#6665), and a socket `_meta` clear that closes a keep-alive leak (#6799).

Related articles

More coverage with overlapping topics and tags.

Cline 4.0.1 Rolls Back the SDK Migration After 4.0.0 Regressions; 4.0.2 Brings the SDK Code Back with Reasoning Effort and ClinePass Fixes
ai

Cline 4.0.1 Rolls Back the SDK Migration After 4.0.0 Regressions; 4.0.2 Brings the SDK Code Back with Reasoning Effort and ClinePass Fixes

Cline shipped v4.0.1 on June 28, 2026 and v4.0.2 on June 29, 2026 (github.com/cline/cline), a two-step recovery cycle for the v4.0.0 SDK migration that landed on June 26. v4.0.1 ships the pre-SDK 3.89.x VS Code extension under a 4.0.1 version number, built from a dedicated `legacy-extension` branch via a new `ext-vscode-publish-legacy.yml` workflow, to resolve regressions reported in 4.0.0 (broken diff previews in the editor, run_commands errors during file edits, broken file-editing flow with GLM 5.2 and MiniMax M3 through Ollama). v4.0.2 restores the SDK-backed code path on top of the same legacy branch, adding reasoning effort support (including `xhigh`) for DeepSeek thinking models (#11938), a centralized reasoning effort control layer for ClinePass (#11954), canonical Z.ai model ids (#11951), webview env replacement fix (#11955), ClinePass and Z.ai metadata polish (#11958), and a default focus chain settings fix (#11960). CLI v3.0.32 ships the same day with SDK v0.0.54 context-compaction improvements and ClinePass onboarding polish. The release sequence shows a project recovering a major migration in 72 hours by tagging the legacy branch forward rather than reverting the SDK work.
Cline 4.0 Migrates the VS Code Extension Onto the Shared Cline SDK, Adds ClinePass, a Customize Marketplace, Plugins, and Queued Prompts
ai

Cline 4.0 Migrates the VS Code Extension Onto the Shared Cline SDK, Adds ClinePass, a Customize Marketplace, Plugins, and Queued Prompts

Cline shipped v4.0.0 on June 26, 2026 (github.com/cline/cline), a major version that migrates the VS Code extension from its legacy standalone task implementation onto the shared Cline SDK, the same TypeScript engine that runs the Cline CLI, Kanban, and JetBrains plugin. The release adds ClinePass (built-in onboarding, provider selection, subscription handoff, and entitlement handling), a Customize marketplace for Skills, MCP servers, and the new Cline Plugins, queued prompts, edit-and-regenerate, a provider and model configuration rework around providers.json and a shared model catalog (Fireworks GLM 5.2, Kimi K2.6 Fast, Kimi K2.7 Code, Qwen 3.7 Plus, MiniMax M3, SAP AI Core, LiteLLM, Codex OAuth), command auto-approval disabled by default, and an extension build and package workflow moved to Bun. Subagents are temporarily disabled in the extension while the SDK-backed experience stabilizes.
OpenAI Codex 0.142 Adds Rollout Token Budgets, Multi-Agent Delegation, Indexed Web Search, and a Reorganized Plugin Marketplace
ai

OpenAI Codex 0.142 Adds Rollout Token Budgets, Multi-Agent Delegation, Indexed Web Search, and a Reorganized Plugin Marketplace

The OpenAI Codex 0.142 line shipped between June 22 and June 26, 2026 (rust-v0.142.0 through rust-v0.142.3 on github.com/openai/codex). The cycle turns the agent into something a team can govern: configurable rollout token budgets that track usage across threads and abort turns when exhausted, multi-agent delegation configurable as disabled, explicit-request-only, or proactive, an indexed web-search mode that permits live search while restricting page access to server-approved URLs, MCP tools that use tool search by default, a /plugins marketplace reorganized into OpenAI Curated, Workspace, and Shared with me sections, system proxy (PAC, WPAD, bypass) support on Windows and macOS for authentication, and a long list of remote-executor reliability and security fixes. It builds directly on the 0.141 Noise-encrypted relay and cross-OS PathUri layer from June 18.

Comments

Log in Log in to join the conversation.

No comments yet. Be the first to share your thoughts.