Opus 4.7 Reportedly Days Away as OpenAI Fires Back With GPT-5.4 Cyber

TL;DR

The Information reports Anthropic is preparing Claude Opus 4.7 and an AI design tool that could ship as early as this week
The design tool matches the leaked app builder screenshots from last week - templates, live preview, one-click publish, built-in databases
OpenAI responded yesterday with GPT-5.4-Cyber, a restricted model for defensive security with binary reverse engineering - directly challenging Claude Mythos
Internal codenames "Capybara" (from the March leak) and "Tengu" (from Claude Code feature flags) confirm both models have been in final prep for weeks

Two stories landed within hours of each other on April 14, and together they paint the clearest picture yet of where the AI frontier race is heading.

Opus 4.7: what The Information reports

The Information published an exclusive briefing stating Anthropic is preparing Claude Opus 4.7 alongside a new AI-powered design tool. The report suggests both products could arrive "as soon as this week."

Anthropic hasn't confirmed anything publicly. But the evidence trail has been building for weeks.

The internal codename Capybara first surfaced in the March CMS leak that exposed nearly 3,000 unpublished Anthropic assets. At the time, the community assumed Capybara referred exclusively to Mythos. But commit messages and feature flags in Claude Code's codebase reference both Capybara and a second codename, Tengu - the latter appearing in the tengu_pewter_ledger feature flag that the phantom token investigation documented as controlling server-side behavior changes.

The AI design tool aligns precisely with what leaked screenshots showed last week: a polished app builder inside Claude with the tagline "Let's ship something great," offering templates for chatbots, games, and landing pages with live preview, one-click publishing, and built-in infrastructure (database, auth, storage, users). The Information's report adds credibility to what was previously unconfirmed screenshots.

What to expect from 4.7

No benchmarks have leaked for Opus 4.7. Based on Anthropic's cadence (Opus 4.5 in November 2025, Opus 4.6 in February 2026), an April release fits the 3-4 month cycle. The model will reportedly carry the cybersecurity safeguards Anthropic committed to building before bringing Mythos-class capabilities to broader release - the "upcoming Claude Opus model" they referenced in the Glasswing announcement.

If that's accurate, Opus 4.7 represents the production version of what Mythos Preview demonstrated in restricted testing: dramatically improved coding and reasoning, but with safety guardrails that Mythos deliberately lacks.

The "thinking drop" theory

Community members have framed the documented reduction in Opus 4.6's extended thinking output - what some called a "67% thinking drop" - as deliberate compute conservation ahead of the 4.7 launch. The thinking reduction is real and documented. The causal link to 4.7 prep is speculation. Anthropic hasn't addressed it, and the token inflation investigation found multiple independent bugs affecting Claude Code's token consumption that could explain the behavior without invoking a deliberate strategy.

GPT-5.4-Cyber: OpenAI's response to Mythos

While the industry speculates about Opus 4.7, OpenAI shipped something concrete yesterday.

GPT-5.4-Cyber is a variant of GPT-5.4 fine-tuned specifically for defensive cybersecurity work. It launched April 14 - exactly one week after Anthropic's Project Glasswing announcement. Bloomberg's headline captures the framing: "OpenAI Releases Cyber Model to Limited Group in Race With Mythos."

What GPT-5.4-Cyber does

The model is described as "purposely fine-tuned for additional cyber capabilities and with fewer capability restrictions" compared to standard GPT-5.4. Key features, per 9to5Mac and SiliconANGLE:

Binary reverse engineering - analyze compiled software for malware and vulnerabilities without source code
Reduced refusal rates on legitimate security tasks - vulnerability research, exploit analysis, malware dissection
Defensive-only positioning - OpenAI frames this as a tool for defenders, not attackers

Access: the same playbook as Mythos

Like Anthropic's Mythos, GPT-5.4-Cyber isn't publicly available. Access runs through OpenAI's Trusted Access for Cyber (TAC) program:

Individual defenders verify identity at chatgpt.com/cyber
Enterprise teams request access through OpenAI representatives
Only the highest verification tier unlocks Cyber-specific capabilities
Currently limited to "vetted security vendors, organizations, and researchers"

The parallels with Project Glasswing are deliberate. Both labs arrived at the same conclusion: AI models capable enough to find and exploit vulnerabilities need identity-verified access controls rather than blanket capability restrictions. The difference is execution - Anthropic built a 12-company coalition with $100M in credits; OpenAI built an individual verification portal.

The arms race pattern

The timeline tells the story:

Date	Event
March 26	Anthropic's CMS leak reveals Mythos (codename Capybara)
April 7	Anthropic launches Project Glasswing with Mythos Preview
April 12	Leaked screenshots show Claude app builder
April 14	OpenAI launches GPT-5.4-Cyber
April 14	The Information reports Opus 4.7 imminent

Within three weeks, the frontier AI security space went from "interesting research direction" to a full competitive front with restricted models, identity verification, and billion-dollar companies racing to arm defenders before attackers catch up.

The unresolved question remains the one Alex Stamos raised during the Glasswing launch: open-weight models are six months behind frontier models on vulnerability finding. When that gap closes, the restricted-access model both labs are betting on stops working.

Opus 4.7's safeguards - whatever they turn out to be - will be the first test of whether guardrails can be built fast enough to matter.

Sources: