CPN Learning Path CPN Connect On Demand Library All Courses Home

Opus 4.7 and Cyber

Opus 4.7 is finding vulnerabilities that have sat undetected in production code for decades. Five lessons cover the discovery methodology, the Mythos comparison, the custom harness pattern, and the governance requirements that follow.

rate limit

Code not recognized.

About this course

Most security teams trust their scanners are finding the vulnerabilities that matter. Those scanners are finding the ones they were built to find. Opus 4.7 is finding something different: bugs that have sat in widely-deployed production code for years, in some cases decades, because catching them required reading the file with intent rather than matching it against a known pattern. Nicholas Carlini, a Research Scientist, and his team at Anthropic, has been running those tests across real codebases, and the results are what this course is built around.

The methodology is deliberately simple. The model goes into a sandboxed container, gets a structured security challenge, reads the codebase, and writes its findings to a report file. Add one hint line per file and a single-model run becomes a parallelized scan across a large repository. This course walks through the full loop, the variations, and where each fits.

The model comparison is what customers bring up first. The benchmark number they'll quote is from CyberGym: Mythos Preview hits 97%, Opus 4.7 hits 90%. The seven-point difference mostly disappears in practice when you account for what security teams can actually act on, because most can't patch everything either model produces. Mythos pulls ahead on exploitation, and that's also why it isn't broadly available. Autonomous exploit generation at that level is a risk profile Anthropic has decided not to release.

Janak Sevak from Anthropic's partner team covers the market signals: what security teams want from Claude and where they're getting stuck. Even the most advanced organizations that got early access to Project Glasswing, Anthropic's early-access program for advanced security teams, took three days to get going. The course walks through a custom harness with four customization points engineers can adapt per engagement, and the two go-to-market paths: Claude Security as a packaged product and Opus 4.7 as a build platform for custom work.

This course will take you through:

  • How to explain what Opus 4.7 is finding in production codebases, and why traditional tools walked past it
  • How to walk a technical audience through the discovery methodology, from a single-model run to parallelized scans
  • How to hold the Mythos comparison conversation when a customer quotes the benchmark gap
  • How to scope a custom harness engagement and present the two go-to-market paths to a security team
    By the end, you'll be ready to sit in front of a security team, explain what Opus 4.7 found and how it found it, and answer the model comparison question.

Curriculum

  • The Cyber Security Moment
  • How AI Finds Vulnerabilities
  • Opus 4.7 vs. Mythos
  • Building Custom Solutions
  • Governance and Next Steps

About this course

Most security teams trust their scanners are finding the vulnerabilities that matter. Those scanners are finding the ones they were built to find. Opus 4.7 is finding something different: bugs that have sat in widely-deployed production code for years, in some cases decades, because catching them required reading the file with intent rather than matching it against a known pattern. Nicholas Carlini, a Research Scientist, and his team at Anthropic, has been running those tests across real codebases, and the results are what this course is built around.

The methodology is deliberately simple. The model goes into a sandboxed container, gets a structured security challenge, reads the codebase, and writes its findings to a report file. Add one hint line per file and a single-model run becomes a parallelized scan across a large repository. This course walks through the full loop, the variations, and where each fits.

The model comparison is what customers bring up first. The benchmark number they'll quote is from CyberGym: Mythos Preview hits 97%, Opus 4.7 hits 90%. The seven-point difference mostly disappears in practice when you account for what security teams can actually act on, because most can't patch everything either model produces. Mythos pulls ahead on exploitation, and that's also why it isn't broadly available. Autonomous exploit generation at that level is a risk profile Anthropic has decided not to release.

Janak Sevak from Anthropic's partner team covers the market signals: what security teams want from Claude and where they're getting stuck. Even the most advanced organizations that got early access to Project Glasswing, Anthropic's early-access program for advanced security teams, took three days to get going. The course walks through a custom harness with four customization points engineers can adapt per engagement, and the two go-to-market paths: Claude Security as a packaged product and Opus 4.7 as a build platform for custom work.

This course will take you through:

  • How to explain what Opus 4.7 is finding in production codebases, and why traditional tools walked past it
  • How to walk a technical audience through the discovery methodology, from a single-model run to parallelized scans
  • How to hold the Mythos comparison conversation when a customer quotes the benchmark gap
  • How to scope a custom harness engagement and present the two go-to-market paths to a security team
    By the end, you'll be ready to sit in front of a security team, explain what Opus 4.7 found and how it found it, and answer the model comparison question.

Curriculum

  • The Cyber Security Moment
  • How AI Finds Vulnerabilities
  • Opus 4.7 vs. Mythos
  • Building Custom Solutions
  • Governance and Next Steps