Sonnet 5 is default — your token count just jumped ~30%

Claude Code v2.1.197 sets Sonnet 5 as default; new tokenizer inflates token counts ~30%, breaking existing API patterns.

Sonnet 5 is default — your token count just jumped ~30%
Share

If you script against Claude Code, your cost math changed on June 30. The tokenizer under the hood was rebuilt for Sonnet 5, and the same English text now counts as roughly a third more tokens — before you write a single new prompt.

Lexical Bloat in Practice: What ~30% Inflation Looks Like

Sonnet 5's rebuilt tokenizer produces about 30% more tokens for identical English prose than Sonnet 4.6, per practitioner measurement . A 1,000-token prompt under 4.6 lands near 1,300 tokens under v2.1.197, which made Sonnet 5 the default on June 30, 2026 . Anthropic has not published a formal tokenizer diff, so treat 30% as a working estimate, not a specification.

Quick Answer: Sonnet 5 became the default in Claude Code on June 30, 2026 (v2.1.197). Its rebuilt tokenizer encodes identical English text into roughly 30% more tokens than Sonnet 4.6 — so a 1,000-token prompt becomes about 1,300 — inflating every cost estimate for input and output alike .

This is a tokenizer architecture change, not a billing anomaly. It persists regardless of patch level and applies to both input and output counting. No changelog entry between v2.1.187 and v2.1.201 reverses it . The tokens are real work, not a metering glitch — your context budgets and your invoices move together.

Concretely, a 100K-token context under Sonnet 4.6 needs roughly 130K tokens to encode the same content under Sonnet 5. Every existing cost estimate should be multiplied accordingly before you compare it against the introductory pricing window.

ContentSonnet 4.6 tokensSonnet 5 tokens (~30% est.)
Short prompt1,000~1,300
Mid-size context10,000~13,000
Large context100,000~130,000

Do not assume 30% applies uniformly. The figure is an average from third-party analysis, not a published table . Vocabulary-dense technical prose — logs, stack traces, dense identifiers — may diverge further than short, structured inputs.

The practical step is measurement. Before rebudgeting, run your own representative prompts through both models and record the delta:

  • Sample real production prompts, not toy strings.
  • Compare input and output counts separately.
  • Flag your token-heaviest workloads first — they carry the largest absolute increase.

Incompatible Callsites and How to Address Them

Sonnet 5 is default — your token count just jumped ~30%

Token inflation is the visible break; the quieter one is behavioral. In Sonnet 5, adaptive ("extended") thinking is on by default, a change from Sonnet 4.6 where thinking was an explicit activation step . Code that assumed thinking was off — or that toggled it via budget_tokens or beta flags — now runs against a model that reasons before responding unless you opt out.

That inversion matters most for callsites built around the old contract. Scripts that activated interleaved thinking through legacy patterns, for example betas=['interleaved-thinking-2025-05-14'], may throw or, worse, misbehave silently against Sonnet 5's changed API surface for manual extended thinking and sampling parameters . A silent failure is the dangerous case: no exception, just output shaped differently than your parser expects.

A separate break lands on automation that reads Claude Code's own transcript. Version 2.1.201 (July 3, 2026) stopped Sonnet 5 sessions from using a mid-conversation system role to inject harness reminders . If your tooling parsed those interstitial system-role messages, it will now receive an unexpected structure. This is a positive cleanup for prompt hygiene, but scripts keyed to the previous layout need updating.

Here is what to audit before flipping anything on:

  • Thinking toggles. Find every call that set budget_tokens or a thinking beta. Decide whether adaptive thinking on by default is acceptable, or add an explicit opt-out.
  • Sampling parameters. Check integrations that pin temperature, top-p, or legacy thinking activation. Sonnet 5 breaks prior API patterns here .
  • Transcript parsers. Anything scraping system-role harness reminders needs a new heuristic after v2.1.201.

The fastest escape hatch is to pin the previous model while you work through that list. Set --model claude-sonnet-4-6 on the command line, or config.model in your project settings, and your callsites keep the Sonnet 4.6 contract until you have verified each one.

claude --model claude-sonnet-4-6

Teams should not leave this to individual discipline. Anthropic's org-configured model restrictions, introduced in v2.1.187 (June 23, 2026), let an admin enforce a model allowlist across the organization . Pin Sonnet 4.6 org-wide, migrate deliberately, then lift the pin — rather than waking up to a fleet of scripts silently reasoning differently.

"Sonnet 5 breaks prior API patterns for manual extended thinking and sampling parameters, so scripts and integrations relying on those must be updated," notes the builder's-log analysis of Claude Code week 27 (source: chatforest.com).

None of these breaks is catastrophic on its own. Collectively they argue for the same posture the token delta did: pin, measure, migrate one callsite at a time.

Sycophancy Reduction and 1M Lexical Capacity: What's On the Box

Anthropic positions Sonnet 5 as an agentic step up from Sonnet 4.6, with performance "approaching Opus 4.8" on reasoning, tool use, and coding . That framing is qualitative. The announcement did not publish an itemized benchmark table — no SWE-bench row, no head-to-head reasoning score — so treat "approaching Opus 4.8" as directional marketing language, not a verifiable delta you can regression-test against.

Two behavioral claims sit alongside the performance framing: cyber safeguards are enabled by default, and the model shows a lower sycophancy rate than its predecessor . Neither carries a quantitative figure in the official documentation. Lower sycophancy is welcome for code review and design critique — a model that pushes back is more useful than one that agrees — but there is no published percentage to hold Anthropic to.

The context window is the other spec worth scrutiny. A native 1M-token window appears in the changelog and in practitioner analysis , but it did not surface directly in Anthropic's own launch page . Call it directionally confirmed, not formally spec-locked. If your architecture depends on a hard 1M ceiling, validate it against the API before you design around it.

The most consequential change for agentic workloads is quieter than any headline number: adaptive ("extended") thinking is on by default. In Sonnet 4.6, extended thinking required explicit activation . Now the model self-structures long-horizon tasks without you orchestrating the reasoning phase — which is why the migration guidance matters here too.

"Sonnet 5 breaks prior API patterns for manual extended thinking and sampling parameters, so scripts and integrations relying on those must be updated," — builder's-log analysis of Claude Code week 27 (source: chatforest.com).

The takeaway from the spec sheet: the durable, testable facts are the default-on thinking and the safety posture. The eye-catching numbers — Opus-adjacent performance, 1M tokens — are real signals but under-documented. Verify them yourself before they enter a production assumption.

Introductory Discount Through August: Do the Arithmetic Now

Sonnet 5 is default — your token count just jumped ~30%

Sonnet 5 ships with introductory pricing of $2/MTok input and $10/MTok output through August 31, 2026, reverting to standard $3/MTok input and $15/MTok output on September 1 . That discount is doing quiet work: it partially masks the tokenizer inflation while it lasts, then removes the mask on the same day the per-token rate rises.

Quick Answer: Sonnet 5's intro rate ($2/MTok input through Aug 31, 2026) keeps a typical workload slightly cheaper than Sonnet 4.6 despite ~30% more tokens. On Sept 1 the rate reverts to $3/MTok, turning that inflation into a real ~30% input-cost increase.

Work the numbers on identical text. A prompt that was 1M tokens under Sonnet 4.6 becomes roughly 1.3M tokens under Sonnet 5's new tokenizer, per practitioner analysis . At the intro input rate that is 1.3M × $2 = $2.60, versus $3.00 for the old 1M-token equivalent at Sonnet 4.6 standard pricing — marginally cheaper, but only until the window closes.

Scenario (same source text)TokensInput rateInput cost
Sonnet 4.6 (standard)1.0M$3/MTok$3.00
Sonnet 5 (intro, ≤ Aug 31)1.3M$2/MTok$2.60
Sonnet 5 (standard, ≥ Sept 1)1.3M$3/MTok$3.90

The post-August figure is the one to plan against: 1.3M × $3 = $3.90 for the same job that cost $3.00 under Sonnet 4.6 — a ~30% input-cost increase driven entirely by token count, not rate . Output compounds it further: if generated text inflates similarly, the $15/MTok output rate multiplies against a larger token base too.

The introductory window is roughly eight weeks from the v2.1.197 ship date of June 30, 2026 . Enterprises on negotiated contracts should model the September worst case now rather than budgeting off the discounted July figure — the cheaper number expires, the token inflation does not.

Allowlists, Isolated Reads, Manual Posture: What v2.1.196 Brought to Admins

Sonnet 5 is default — your token count just jumped ~30%

The same twelve-day stream that reset your token math also rewired the security defaults administrators depend on. Four changes matter most: an MCP auto-spawn fix, a credential-blocking sandbox setting, org-wide default models, and a shift to a Manual permission posture. Together they move Claude Code from opt-in caution to safe-by-default — which means unattended automation built on the old assumptions can stall.

The headline governance fix is v2.1.196 (June 29, 2026): claude mcp list and claude mcp get no longer auto-spawn .mcp.json servers that were self-approved through a committed .claude/settings.json in untrusted workspaces . Instead the CLI surfaces a ⏸ Pending approval state, closing an MCP prompt-injection vector where a repo could ship its own pre-approved servers . Brief your team before this surprises onboarding — a shared settings file that previously "just worked" now waits for a human.

Earlier, v2.1.187 (June 23, 2026) added a sandbox.credentials setting that blocks sandboxed commands from reading credential and secret files . That is directly relevant to any CI harness running untrusted code next to a credential store; the isolation is now a config flag rather than a hand-rolled wrapper.

v2.1.196 also introduced org-wide default models. Admins set an organization default — surfaced as Org default or Role default in /model — that individual users can still override within their allowed set . It layers on the org-configured model restrictions shipped in v2.1.187, giving governance without a hard lock: a steer, not a cage.

"Enterprises gain concrete governance levers — model allowlists plus org defaults plus a credential-blocking sandbox — while individual developers get a Manual-by-default permission posture," per the builder's-log analysis (source: ChatForest Builder's Log).

The posture shift is v2.1.200 (July 3, 2026), which set the default permission mode to Manual across the CLI, VS Code, and JetBrains, and stopped AskUserQuestion dialogs from auto-continuing . The practical fallout for admins:

  • MCP: committed self-approvals now sit at ⏸ Pending approval — pre-approve trusted servers explicitly.
  • Sandbox: set sandbox.credentials on any harness executing untrusted code near secrets.
  • Org models: define an org/role default so Sonnet 5 rollout is intentional, not incidental.
  • Manual mode: pipelines that assumed auto-approval will hang — pass explicit permission flags or they stall waiting for input.

The ~30% Inflation: How Firmly Established Is It?

The ~30% token-count increase is directionally strong but not officially specified. It comes from third-party builder analysis measuring Sonnet 5's new tokenizer against identical text — not from a published Anthropic tokenizer document or API specification. Treat it as a credible field measurement, not a contractual number.

Anthropic's own announcement confirms the parts it commits to: introductory pricing of $2/MTok input and $10/MTok output through August 31, 2026, reverting to $3/$15 afterward, plus availability and safety posture . It does not include a tokenizer comparison, an explicit context-window figure, or a benchmark table .

That leaves the model's marquee claims resting on qualitative framing:

  • "Approaching Opus 4.8" on reasoning, tool use, and coding — no cited leaderboard entry or quantitative delta appears in any source reviewed here .
  • Lower hallucination and sycophancy rates — described directionally, without a published percentage or independent evaluation .
  • The 1M-token context window — surfaced in the changelog and practitioner write-ups, not the fetched announcement page .

So the recommended posture is to verify before you rebudget. The tokenizer shift is real enough to matter, but token inflation is workload-dependent — code, prose, and non-Latin scripts will not move by the same factor. Run your own tokenizer comparison on representative prompts before committing to infrastructure or budget revisions.

The takeaway: Sonnet 5 as default (v2.1.197, June 30) is a settled fact; the ~30% is a strong signal awaiting your own measurement. Meter one real workload this week, and let the number — not the headline — set your spend.

Frequently asked questions

Why does the same prompt cost more if Sonnet 5 has introductory pricing?

Because two effects run in opposite directions and only one is temporary. Sonnet 5's introductory rate of $2/MTok input and $10/MTok output runs through August 31, 2026, reverting to $3/$15 afterward . The intro discount roughly offsets the ~30% more tokens Sonnet 5 reportedly emits for identical text versus Sonnet 4.6 , so input spend roughly breaks even until the cutoff. After September 1, you pay 30% more tokens at a 50% higher per-token rate — compounding to roughly a 95% input cost increase for the same content.

Which specific callsites break after upgrading to v2.1.197?

Two categories. First, code relying on explicit extended-thinking activation — `budget_tokens`, legacy beta flags — behaves differently because adaptive thinking is now on by default in Sonnet 5, a change from Sonnet 4.6 where thinking required explicit activation . Second, v2.1.201 (July 3, 2026) stopped Sonnet 5 sessions from using a mid-conversation system role for harness reminders , so automation that parsed those responses will receive unexpected output. Audit any script that sets thinking parameters manually or reads structured system-role text.

Can I pin Claude Code to Sonnet 4.6 to avoid the token inflation?

Yes. Set the model explicitly with `--model claude-sonnet-4-6` or in your config file, and the default switch to Sonnet 5 in v2.1.197 (June 30, 2026) won't apply. Org admins can enforce the pin fleet-wide via the model allowlist and org-default controls added in v2.1.196 and v2.1.187 . Trade-off: Sonnet 4.6 will not receive ongoing safety and capability updates, so pinning is a short-term cost control, not a permanent posture.

Is the ~30% token inflation figure confirmed by Anthropic?

No. The ~30% figure is practitioner-measured, not from official documentation . Anthropic confirmed Sonnet 5's pricing, availability, and safety posture but has not published a tokenizer diff. Treat 30% as a strong directional signal, not a settled constant — inflation varies by content type and non-Latin scripts differ. Benchmark your own representative prompts before making budget commitments.

What changed for teams using committed .claude/settings.json files?

v2.1.196 (June 29, 2026) closed an MCP injection vector: `claude mcp list`/`get` no longer auto-spawns `.mcp.json` servers self-approved via a committed `.claude/settings.json`, and untrusted workspaces now show a `⏸ Pending approval` state . New collaborators cloning your repo will hit that approval step rather than silently running your configured servers. Update onboarding documentation to describe the approval flow before your next team member joins, or the interruption will read as a broken setup.

Enjoyed this article? Subscribe to get new stories by email whenever they're published.

Subscribe