---
title: "Claude Sonnet 5 Goes Default in Claude Code 2.1.197 with a 1M-Token Context Window, $2/$10 Per Mtok Introductory Pricing, and Cyber Safeguards On by Default"
description: "Anthropic announced Claude Sonnet 5 on 2026-06-30 ([Introducing Claude Sonnet 5](https://www.anthropic.com/news/claude-sonnet-5)), and Claude Code [v2.1.197](https://github.com/anthropics/claude-code/releases/tag/v2.1.197) (released the same day) made it the default model. The launch is the first Sonnet-line model that closes the agentic gap with Opus 4.8, ships a native 1M-token context window, and lands on introductory pricing of $2 per million input tokens and $10 per million output tokens through August 31, 2026 (then $3/$15 per Mtok). Sonnet 5 is the new default for Free and Pro plans in Claude and is the default model in Claude Code, available immediately on update. The release ships with cyber safeguards enabled by default (the same safeguards as Opus 4.7 and 4.8, less strict than the Fable 5 set), a refreshed tokenizer that inflates token counts 1.0 to 1.35x, and rate-limit increases across Chat, Cowork, Claude Code, and the Claude Platform to absorb the higher token usage of the new effort-level controls. The Anthropic system card and the Claude Code release notes both ship the same day, so the Claude Code audience gets the new model the same day it is announced."
date: 2026-07-01
image: "/images/heroes/2026-07-01--claude-sonnet-5-default-model-claude-code-1m-context.png"
author: lschvn
tags: ["ai", "tooling"]
tldr:
  - "[Anthropic announced Claude Sonnet 5](https://www.anthropic.com/news/claude-sonnet-5) on 2026-06-30 as a substantial step up from Sonnet 4.6 on agentic performance (planning, tool use, sustained coding) and the first Sonnet-line model that gets close to Opus 4.8 on the cost-performance curve. The launch post includes cost-performance charts on the agentic search evaluation BrowseComp and the computer use evaluation OSWorld-Verified, with Sonnet 5 priced at $3 per Mtok in / $15 per Mtok out (and a $2/$10 introductory tier through August 31, 2026). Opus 4.8 is priced at $5/$25 per Mtok. Sonnet 5 uses an updated tokenizer that maps the same input to 1.0 to 1.35x more tokens than the Sonnet 4.6 tokenizer."
  - "Claude Code [v2.1.197](https://github.com/anthropics/claude-code/releases/tag/v2.1.197) (released 2026-06-30T17:56:37Z) makes Sonnet 5 the default model. The release notes are one line: 'Introducing Claude Sonnet 5: now the default model in Claude Code, with a native 1M-token context window and promotional pricing of $2/$10 per Mtok through August 31. Update to version 2.1.197 for access.' The 1M-token context window is the largest native context Anthropic has shipped on a Sonnet-line model and lands one day after the v2.1.196 release, which shipped org-default models, clickable file attachments, and an MCP trust fix for repos that self-approved `.mcp.json` servers."
  - "The release ships with cyber safeguards on by default, the same set as Opus 4.7 and 4.8 (less strict than the Fable 5 set). The Sonnet 5 system card reports Sonnet 5 scoring 0.0% on a working exploit for Firefox 147 vulnerabilities (in collaboration with Mozilla) and a partial-success rate slightly above Sonnet 4.6, well below Opus 4.8 and Mythos 5. Safety improvements: lower hallucination and sycophancy rates than Sonnet 4.6, lower misaligned-behavior rate on the automated behavioral audit than Sonnet 4.6 (but higher than Opus 4.8 and Claude Mythos Preview), and tighter agentic safety (better at refusing malicious requests and resisting prompt-injection hijacks). The full system card and the related 'Redeploying Fable 5' post (Fable 5 returns globally July 1) land the same week."
faq:
  - question: "What is Claude Sonnet 5?"
    answer: "Claude Sonnet 5 is Anthropic's new Sonnet-line model, announced on 2026-06-30. Anthropic describes it as the most agentic Sonnet yet: a model that makes plans, uses tools like browsers and terminals, and runs autonomously at a level that 'just a few months ago, required larger and more expensive models.' On the cost-performance curve for the agentic search evaluation BrowseComp and the computer use evaluation OSWorld-Verified, Sonnet 5 is a strict improvement over Sonnet 4.6 and matches Opus 4.8 in some configurations. It is the first Sonnet-line model that closes the agentic gap with the Opus line without paying the Opus price."
  - question: "Why is the Claude Code 2.1.197 release important?"
    answer: "Claude Code 2.1.197 (released 2026-06-30T17:56:37Z) makes Sonnet 5 the default model. For Claude Code users, the practical change is that every new session runs on Sonnet 5 by default unless they pick another model in `/model`. The release notes also confirm a 1M-token native context window and the $2/$10 per Mtok introductory pricing. The day before, v2.1.196 added org-default models (admins set the default in the org console; users see 'Org default' or 'Role default' in `/model`), clickable Cmd/Ctrl-click file attachments that open in Finder/Explorer, and a security fix that prevents `claude mcp list`/`get` from spawning `.mcp.json` servers that a repo self-approved via a committed `.claude/settings.json` (untrusted workspaces now show `⏸ Pending approval`)."
  - question: "How much does Sonnet 5 cost and when does introductory pricing end?"
    answer: "Introductory pricing is $2 per million input tokens and $10 per million output tokens through August 31, 2026. After that, standard pricing is $3 per Mtok in and $15 per Mtok out. The $3/$15 price point is the one shown on Anthropic's cost-performance charts. Opus 4.8 is priced at $5 per Mtok in and $25 per Mtok out, so Sonnet 5 at standard pricing is 40% cheaper on input and 40% cheaper on output than Opus 4.8, with matching capability on some tasks at higher effort levels. The intro tier is set so the transition from Sonnet 4.6 is roughly cost-neutral despite the tokenizer change that maps the same input to 1.0 to 1.35x more tokens."
  - question: "What is the 1M-token context window used for in practice?"
    answer: "The 1M-token native context window is the largest Anthropic has shipped on a Sonnet-line model. In Claude Code, a 1M-token window means a session can hold roughly 700,000 to 1,000,000 lines of source code in active context (depending on language), which covers an entire medium-sized monorepo's worth of files for an agentic edit, a single-task context for a 6 to 12 file refactor with full test suite output retained in memory, or a long-running debugging session that has to keep the full transcript in scope. The window is native (not a workaround that requires the API to chunk and rejoin), so the model sees the full context on every call."
  - question: "What safety improvements does Sonnet 5 ship with?"
    answer: "Three concrete improvements over Sonnet 4.6: lower hallucination and sycophancy rates, lower misaligned-behavior rate on Anthropic's automated behavioral audit (which tests cooperation with misuse, deception, and other misaligned behaviors), and tighter agentic safety, where Sonnet 5 is better at refusing malicious requests and resisting hijack attempts in prompt-injection attacks. The one regression: on the same audit, Sonnet 5 scores somewhat higher on misaligned behavior than Opus 4.8 and Claude Mythos Preview, both of which are more capable models. The system card and the launch post state this trade-off explicitly rather than burying it."
  - question: "Why are cyber safeguards on by default for Sonnet 5?"
    answer: "Sonnet 5 is somewhat stronger than Sonnet 4.6 on routine cyber tasks (a small uptick in partial-success rate on the Firefox 147 exploit-development evaluation, which Anthropic developed with Mozilla), even though it was never deliberately trained on cybersecurity. Because the overall level of cyber risk from Sonnet 5 is judged low, the safeguards shipped with Sonnet 5 are the same as the ones on Claude Opus 4.7 and 4.8, which detect and block dangerous cyber usage in real time. The Fable 5 safeguards, which block a much wider range of cybersecurity tasks, are stricter than the Sonnet 5 set. Organizations enrolled in Anthropic's Cyber Verification Program get the same Sonnet 5 access automatically, with no reapplication, on the native Claude Platform, Claude Platform on AWS, Claude in Microsoft Foundry, and (coming soon) Claude in Google Vertex."
  - question: "How does Sonnet 5 change Claude Code's rate limits?"
    answer: "Anthropic raised rate limits across Chat, Cowork, Claude Code, and the Claude Platform to accommodate the higher token usage of the new effort-level controls. Users can select whichever level makes sense for their project. On the native Claude Platform the tier model was simplified in April (Start, Build, Scale) and the limit raises are tuned for Sonnet 5's higher token throughput. For Claude Code users the practical change is that a Sonnet 5 session that uses the full 1M-token context window costs more tokens per call than a Sonnet 4.6 session at the same workload, but the rate-limit increases are sized to keep the same per-session velocity as the Sonnet 4.6 default."
  - question: "Is Sonnet 5 safe to switch to today in Claude Code?"
    answer: "Yes. Update Claude Code to v2.1.197 (`claude update` or the in-app update prompt), and the next session runs on Sonnet 5 by default. For users who prefer Sonnet 4.6, `/model` still exposes it. The cyber safeguards are on by default and the new tokenizer is a per-token cost change, not a behavioral change, so application code that worked with Sonnet 4.6 continues to work with Sonnet 5 at the same prompt structure. The recommended transition is to update Claude Code first and re-run the most token-heavy workflows (large refactors, full-monorepo explorations) to verify the rate-limit increase is enough for the new context window."
---

[Anthropic announced Claude Sonnet 5](https://www.anthropic.com/news/claude-sonnet-5) on 2026-06-30, and Claude Code [v2.1.197](https://github.com/anthropics/claude-code/releases/tag/v2.1.197) (released 2026-06-30T17:56:37Z, the same day) made it the default model. The launch is the first Sonnet-line model that closes the agentic gap with Opus 4.8, ships a native 1M-token context window, and lands on introductory pricing of $2 per million input tokens and $10 per million output tokens through August 31, 2026, then $3/$15 per Mtok. Sonnet 5 is the new default for Free and Pro plans in Claude and the default model in Claude Code on update. The release ships with cyber safeguards on by default, a refreshed tokenizer, and rate-limit increases sized to absorb the higher token usage of the new effort-level controls.

The Sonnet 5 launch is the third major Anthropic event of the last three weeks. The [June 12 Fable 5 distillation guardrails piece](/articles/2026-06-12--fable-5-distillation-guardrails) covered Anthropic's first public distillation disclosure naming DeepSeek, Moonshot AI, and MiniMax, and the [June 13 Fable 5 / Mythos 5 US export control suspension piece](/articles/2026-06-13--anthropic-fable-mythos-suspended-us-government) covered the temporary worldwide suspension triggered by the June 12 US Commerce directive. The Fable 5 service resumes globally on July 1, the day after Sonnet 5 launches. The pairing is the same pattern Anthropic has used since the [Project Glasswing report on April 7](/articles/2026-04-07--anthropic-project-glasswing-ai-finds-zero-days-faster-than-humans): one model line's restrictions land the same week as a smaller, cheaper model line's expansion.

## What Sonnet 5 actually changes

The launch post positions Sonnet 5 as the model that lets the agentic AI era return to the Sonnet line. Claude Sonnet 3.5, 3.6, and 3.7 were the first models that showed strong coding and tool use; over the last year the clearest gains in agentic capabilities were on Opus-class models. Sonnet 5 narrows that gap, with performance close to Opus 4.8 at lower prices, on the two agentic evaluations Anthropic highlighted in the launch post: BrowseComp (agentic search) and OSWorld-Verified (computer use). The post shows cost-performance curves at different effort levels, with Sonnet 5 covering a much wider range of cost-performance options than Sonnet 4.6 and matching Opus 4.8 on some tasks at higher effort levels. Opus 4.8 is priced at $5/$25 per Mtok; Sonnet 5 at standard pricing ($3/$15) is 40% cheaper on both input and output, with a 60% cheaper effective price at the introductory tier.

The new tokenizer changes how Sonnet 5 processes text. The same input maps to 1.0 to 1.35x more tokens than the Sonnet 4.6 tokenizer, depending on content type. The change is similar to the one Anthropic introduced with Claude Opus 4.7. The introductory pricing is set so the transition to Sonnet 5 is roughly cost-neutral for users coming from Sonnet 4.6 at the same workload.

## Claude Code 2.1.197 ships the model and a 1M-token context

The Claude Code 2.1.197 release notes are one line: "Introducing Claude Sonnet 5: now the default model in Claude Code, with a native 1M-token context window and promotional pricing of $2/$10 per Mtok through August 31. Update to version 2.1.197 for access." The 1M-token context window is the largest Anthropic has shipped on a Sonnet-line model, and it lands on the day Anthropic raises rate limits across Chat, Cowork, Claude Code, and the Claude Platform to absorb the higher token usage of the new effort-level controls. The new effort levels let Claude Code users select a cost-performance point per session, similar to the cost-performance curves in the launch post.

The 2.1.197 release follows the v2.1.196 release the day before (2026-06-29T23:27:32Z), which added org-default models, clickable Cmd/Ctrl-click file attachments that open in Finder/Explorer, and a security fix for `.mcp.json` servers. The MCP fix is worth flagging on its own: `claude mcp list` and `claude mcp get` no longer spawn servers that a repo self-approved via a committed `.claude/settings.json`. Untrusted workspaces now show `⏸ Pending approval` and require an explicit user gesture to start the server, which closes a trust gap that the prior behavior quietly relied on the developer to notice. The same release also fixed mid-turn crash recovery for Remote sessions (interrupted sessions now auto-resume on the next worker), rate-limit telemetry over-counting under parallel requests, and `/context` showing 0 tokens for all tool groups on Bedrock.

## Safety, cyber safeguards, and the system card

Anthropic's pre-deployment safety evaluations found Sonnet 5 to be an overall improvement on Sonnet 4.6. The three concrete gains: lower hallucination and sycophancy rates, lower misaligned-behavior rate on the automated behavioral audit, and tighter agentic safety, with the model better at refusing malicious requests and resisting hijack attempts in prompt-injection attacks. The one regression: on the same audit, Sonnet 5 scores somewhat higher on misaligned behavior than Opus 4.8 and Claude Mythos Preview. The launch post and the system card both state the trade-off explicitly.

On cyber, Sonnet 5 was never deliberately trained on cybersecurity tasks. It can perform some routine, non-harmful cyber work, but on the Firefox 147 exploit-development evaluation developed in collaboration with Mozilla, neither Sonnet model could develop a working exploit (both at 0.0%); Sonnet 5 has a slightly higher partial-success rate than Sonnet 4.6, which Anthropic attributes to general-intelligence improvements rather than specific training. Both Sonnet models have substantially poorer cyber capabilities than Opus 4.8 and Mythos 5. Because Sonnet 5 is somewhat stronger than Sonnet 4.6 on these tasks, it ships with cyber safeguards on by default, the same set as Opus 4.7 and 4.8. The Fable 5 safeguards, which block a wider range of cybersecurity tasks, are stricter.

The full Sonnet 5 system card is published alongside the launch post and reports a broader set of evaluations in detail. The Cyber Verification Program is available on the native Claude Platform, Claude Platform on AWS, and Claude in Microsoft Foundry, and is coming soon on Claude in Google Vertex.

## Why this matters for TypeScript and web developers

The Claude Code audience is the one that gets the immediate effect. Every new Claude Code session on v2.1.197+ runs on Sonnet 5 by default, with a 1M-token context window that covers an entire medium-sized monorepo for an agentic edit, and a per-token cost that is unchanged from Sonnet 4.6 in practice (the introductory tier is set to absorb the 1.0 to 1.35x tokenizer inflation). The cost-performance point of the new effort-level controls means a developer can pick a cost-effective model for routine refactors and a more capable model for the long-horizon tasks, in the same session, without switching out of Claude Code. The MCP trust fix in v2.1.196 closes a quiet supply-chain risk for teams that have been running Claude Code against repos with a committed `.claude/settings.json`, and the 2.1.197 release lands a model that is, on Anthropic's own numbers, the first Sonnet-line model that can stand in for Opus 4.8 on the agentic work the Claude Code audience does every day.
