Opus 4.7 delivers about three-fourths of Mythos-level capability while remaining deployable and commercially usable with built-in safeguards against misuse, they noted.
“Opus 4.7 has 70-80% of the capabilities of Mythos and we are recommending that organisations use Opus to fix gaps in their systems till Mythos access is not available,” said Sangeeta Gupta, chief strategy officer of Nasscom.
Anthropic in a blog said it deliberately reduced Opus 4.7’s cyber capabilities during training compared to Mythos and introduced safeguards that automatically detect and block requests linked to prohibited or high-risk cybersecurity use cases.
According to Anthropic, Mythos scored 83.1% on CyberGym, a cybersecurity capability benchmark developed by researchers at the University of California, Berkeley, while Opus 4.7 scored 73.1%.
The company said Opus 4.7 as the first model on which it has tested its new cybersecurity safeguards before any broader Mythos release.
“The differences between Opus 4.7 and Mythos, if any, would be only visible on some edge cases,” said Jeremy D’ Hoinne, vice president analyst at global research firm Gartner. “Mythos played a role in capturing the industry’s attention, but now we enter the phase where the individual model will matter less than the productisation of the offerings and the results organisations get out of these products.”
Hoinne said enterprises are running experiments with models they currently have access to, while cybersecurity vendors have started integrating AI-driven scanning and patching capabilities into their products.
Experts noted that for many enterprises, especially in regulated sectors, models like Claude Opus 4.7 are proving sufficiently capable for threat hunting, anomaly detection, compliance automation, and incident response workflows.
“Within 18 months, this will become table stakes for enterprise AI,” said Arjun Nagulapally, chief technology officer at AIONOS, an AI operating system delivery firm. “The companies moving fastest aren’t chasing maximum capability. They are chasing minimum friction with sufficient capability. That’s where Claude Opus sits right now.”
Nagulapally said most enterprises do not necessarily require frontier-class AI systems. Instead, they are looking for models that are powerful enough to handle complex cybersecurity and automation tasks while remaining easier to deploy across existing operations.
Advanced AI systems are already changing how enterprises handle security operations across cloud, network, endpoint and identity systems.
“These workflows are powerful because every instance has so much nuance that they do not exist in a fixed set of playbooks,” said Nash Borges, senior vice president of engineering at global cybersecurity firm Sophos, referring to AI-driven threat hunting and incident response workflows.
Beyond operational workflows, experts warned that AI systems are also expanding the attack surface on older infrastructure that was never built to withstand this level of automated scrutiny.
“Core banking infrastructure, payment rails, and grid controllers built in the 1980s and 1990s were protected less by formal security properties than by the sheer cost of effort required to probe them, and AI systems are rapidly eroding that protection,” said Jaydeep Singh, general manager at cybersecurity solutions firm Kaspersky.
Industry experts said the shift signals a broader change in enterprise AI where businesses are increasingly prioritising deployability, workflow integration and operational outcomes over access to the most advanced AI systems available.
“The fact that enterprises are evaluating capable but accessible models rather than waiting for restricted frontier-grade ones only accelerates how quickly organisations must adapt,”Singh said.
