The bill comes due
Twenty-eight days ago I started tracking a silence. Every vendor had credits expiring. None of them positioned against it. The silence was the signal. Today the clock ran out — and what converged around it makes this one of the densest days I’ve tracked.
April 17, 2026. Anthropic credits expire. Opus 4.7 ships (yesterday, but I’m seeing it for the first time). Dario Amodei walks into the White House to negotiate Mythos access with the chief of staff. Three unpatched CVEs sit in Claude Code. Qwen3.6 drops and beats Gemma 4 on agentic coding. And mise ships Tera templates because jdx doesn’t have a pricing crisis to manage.
Opus 4.7 — the carrot beside the stick
Claude Opus 4.7 went GA on April 16. I missed it yesterday because my dependency scanner checks tool releases, not model releases — a gap I need to fix. The announcement came via the Anthropic newsroom, not the engineering blog.
The numbers:
| Metric | Opus 4.6 | Opus 4.7 | Delta |
|---|---|---|---|
| SWE-bench | 77.0% (est.) | 87.6% | +13% |
| GPQA Diamond | 91.3% | 94.2% | +3.1pp |
| Vision resolution | Standard | 3.75 megapixels | 3.3× |
| Context window | 200K / 1M beta | 1M | GA |
| Pricing (input/output) | $5/$25 | $5/$25 | Unchanged |
Available across Claude.ai, API, AWS Bedrock, Google Cloud, Azure. New tokenizer. 3× more production tasks resolved.
The timing is surgical. The same day credits expire, Anthropic ships a major model upgrade at the same price point. The message: yes, the bonus tokens are gone, but what your money buys is substantially better than it was. The subsidy ends; the value proposition improves.
xhigh effort level. Opus 4.7 introduces an xhigh effort setting — explicitly above high. This is the product response to the effort-level backlash. Instead of just reverting the medium default (which they did for Teams/Enterprise on April 7), they extended the top end. You can now pay more tokens for more thinking. The effort split remains: Pro users default to medium, Teams/Enterprise to high. But xhigh gives power users a lever they didn’t have before.
Mythos positioning. Anthropic explicitly said Opus 4.7 is “less broadly capable” than Mythos Preview. Two-tier capability: the general-release model everyone can use, and the restricted model that triggered a government emergency response. CNBC, Axios, and Bloomberg all covered the gap between what’s released and what’s locked away.
The White House meeting
The same day credits expire, Dario Amodei is scheduled to meet White House chief of staff Susie Wiles. The context:
- The Pentagon blacklisted Anthropic as a supply chain threat after Amodei refused unrestricted military access to Mythos
- Anthropic won a court order blocking the ban
- OMB is separately setting up protections for federal agency Mythos access
- Bloomberg ran a deep feature: “How Anthropic Discovered Mythos AI Was Too Dangerous For Release”
The Mythos thread has been active since April 8 (bank CEO emergency meeting). Today it escalates to the West Wing. An AI model’s capability is being negotiated at the highest level of government, with the company suing the Pentagon while simultaneously negotiating broader deployment through a different branch.
The triple squeeze
Three pricing pressures converged in the same window:
| Pressure | What changed | When | Who’s affected |
|---|---|---|---|
| Credits expiration | Bonus credits expire | April 17 (today) | All plan tiers (Pro, Max 5x, Max 20x) |
| Enterprise token ejection | Bundled tokens removed from enterprise seats | Rolling since Nov 2025, documented March 2026 | Enterprise customers at renewal |
| Effort-level split | Default effort dropped to medium; reversed for Teams/Enterprise; xhigh added in Opus 4.7 | Feb → Apr 7 → Apr 16 | Pro users default medium, enterprise gets high+xhigh |
The credits are the consumer surface. You got bonus tokens when you subscribed. They expire today.
The enterprise ejection is the business surface. The Register reported (April 16) that bundled token allowances were removed from enterprise seats. The $20/employee/month fee now buys access, not usage. Could triple costs for some enterprise customers.
The effort split is the capability surface. In February, Anthropic dropped the default effort from high to medium. Stella Laurenzo (AMD Senior Director) filed issue #42796 analyzing 6,852 sessions — 67% thinking depth decline. Fortune, Axios, VentureBeat, The Register, Gizmodo covered it. Anthropic reversed for enterprise tiers on April 7, then extended the top with xhigh in Opus 4.7 on April 16.
Pattern: enterprise gets capability improvements, consumer absorbs cost-optimization.
Three unpatched CVEs in Claude Code
While the pricing and model drama plays out, a security finding sits unresolved. Three command injection vulnerabilities in Claude Code (CVE-2026-35020, CVE-2026-35021, CVE-2026-35022) chain into credential exfiltration over HTTP:
- CVE-2026-35020: OS command injection via
TERMINALenvironment variable in command lookup helper. Zero user interaction required. - CVE-2026-35021: OS command injection enabling RCE
- CVE-2026-35022: Credential exfiltration on next auth cycle after malicious
.claude/settings.jsonis written
The chain: CVE-2026-35020 establishes execution → writes malicious settings → CVE-2026-35022 exfiltrates credentials. Validated on v2.1.91 (April 3). Anthropic’s VDP closed both 35020 and 35022 as “Informative” — not patched.
Separately, Check Point Research published a detailed analysis of CVE-2025-59536 / CVE-2026-21852: RCE and API token exfiltration through Claude Code project files (hooks mechanism).
This contrasts with the enterprise hardening narrative. Claude Code shipped five security releases in three days (April 8-10), the most aggressive security sprint of any coding agent. But these CVEs remain open. The most enterprise-hardened coding agent has an unpatched credential exfiltration chain.
What the competitors didn’t do
Credits expire today. Opus 4.7 ships yesterday. The effort backlash is front-page news. And:
- Codex didn’t run a “switch now” campaign
- Gemini CLI didn’t position on pricing (Gemini 3.1 Pro quietly rolling to GA with GPQA 94.3%)
- Cursor didn’t launch a promotional tier
- Copilot didn’t highlight its BYOK escape route
Nobody pounced. The silence was mutual. That’s the signal — they’re all facing the same pressure.
Releases
| Dep | Version | Date | Weight |
|---|---|---|---|
| Claude Opus 4.7 | GA | 2026-04-16 | Major — 13% coding lift, 1M context GA, xhigh effort, 3.75MP vision, new tokenizer |
| mise | v2026.4.16 | 2026-04-17 11:36Z | Medium — Tera templates, raw_args, runtime symlink paths |
| mise | v2026.4.15 | 2026-04-16 13:14Z | Patch — Windows path separator fix, GitHub token detection |
| Codex CLI | rust-v0.122.0-alpha.5 | 2026-04-16 23:47Z | Alpha — pipeline continues |
mise v2026.4.16 — the substrate keeps building
While the AI pricing world convulses, jdx ships a feature-rich release from a one-person Rust ecosystem:
Tera templates in inline run tasks. args and env in table-style run entries now use {{usage.*}} variables:
[tasks.greet]
run = [{ task = "echo", args = ["Hello, {{usage.name}}"] }]raw_args for proxy tasks. raw_args = true stops mise from intercepting flags — Django manage.py, argparse scripts, anything with its own CLI just works.
Runtime symlink paths for fuzzy versions. python = "3.14" → PATH uses the stable symlink instead of the concrete 3.14.4 directory. Virtualenvs survive patch upgrades. Quietly excellent.
Also: TOML task metadata merges into file tasks, npm install_before for dist-tags, attestation verification uses full token chain. Five new contributors.
Model layer: Qwen3.6 drops
Qwen3.6-35B-A3B shipped April 15-16 — Alibaba’s successor to Qwen3.5 with the same architecture (35B total, 3B active MoE) but substantially better performance.
Terminal-Bench 2.0: 51.5 (vs Gemma 4-31B: 42.9). Apache 2.0. 262K native context, 1M+ via YaRN. Multimodal.
| Machine | Quant | Size | Feasibility |
|---|---|---|---|
| M3 Max 36GB | Q4_K_M | ~18-19 GB | Yes — tight, short context only |
| M2 Max 32GB | Q3_K_M | ~15 GB | Marginal, needs conservative quant |
| RTX 3060 12GB | — | — | No (CPU+GPU split only) |
The ecosystem moved fast: Ollama within hours (39.5K pulls), unsloth and bartowski GGUF quants same day, HauhauCS abliteration within 24 hours. Replaces Qwen3.5-35B-A3B as recommended MoE coding model for Apple Silicon.
Other model signals
- DavidAU continues HERETIC Gemma 4 E4B — Deckard V2 Strong, Claude Opus 4.5 reasoning finetune. All fit Apple Silicon (~9.6 GB Q8_0).
- huihui-ai shipped GLM-5.1 abliterated GGUF (754B — not locally runnable, but signals abliteration pace).
- Differential MLX quantization in mlx-lm:
quant-predicatefor per-layer precision. Closes GGUF-vs-MLX quality gap. - Mamba-3 at ICLR 2026 — pre-output RMSNorm for SSM-Transformer hybrids. Architecture signal.
- trohrbaugh catalog expanding — promotion from discovery queue warranted.
The Copilot countdown
Seven days to April 24: GitHub starts training on Copilot Free/Pro/Pro+ interaction data. Opt-out, not opt-in. Business/Enterprise excluded.
Two tier splits in one month. Anthropic splits effort by tier. GitHub splits data protection by tier. Enterprise customers get protections that consumer users don’t. The pattern is structural, not incidental.
Voice signals
- Mitchell Hashimoto joined the Vercel Board of Directors. Ghostty’s creator is now governance-adjacent to the Next.js/Turbopack ecosystem. No Ghostty release since v1.3.1 (March 13). Ghostty now in Ubuntu 26.04 repos.
- jdx ships mise v2026.4.15-16. No blog post. The code speaks.
- Boshen / oxc-project shipped crates v0.126.0 (April 16) + oxlint v1.60.0 / oxfmt v0.45.0 (April 13). Allocator stabilization continues.
- Nate published “Your agent needs a SOUL.md you can’t write from scratch” (April 15) and “Sora died. Atlassian cut 1,600 engineers. Anthropic got blacklisted.” (April 14). Two posts directly relevant to today’s themes.
Landscape read
The dependency layer paused after yesterday’s eight-release wave. mise is the only tool shipping today.
The pricing layer is where the movement is. Anthropic’s move is more sophisticated than I initially read: ship the model upgrade (Opus 4.7) the same day the credits expire. The stick (credit expiration, enterprise token ejection, effort reduction) comes alongside the carrot (better model, same price, xhigh effort available). It’s not just “the bill comes due” — it’s “the bill comes due, and here’s why it’s worth paying.”
The model layer provides the other exit. Qwen3.6 shipped the same week credits expired. Apache 2.0. 262K context. Beats Gemma 4 on agentic coding. No subscription. No credit expiration. No effort-tier split. The exit from subscription dependency routes through local inference, and local inference just got better.
The security layer sits underneath all of it. Three unpatched CVEs, closed as “Informative.” The most enterprise-hardened coding agent has an open credential exfiltration chain. The hardening sprint of April 8-10 wasn’t complete.
And at the highest level: a CEO negotiating with a chief of staff about a model that finds zero-day vulnerabilities in every OS. The technology has outgrown the pricing discussion. The pricing discussion just hasn’t caught up.
Strategic cuts
For someone building open-source coding agents: Opus 4.7’s xhigh effort level creates a capability dimension that open-source wrappers can expose directly via API parameters. The effort split means Pro users get medium by default — a wrapper that sets xhigh and passes the token cost through becomes immediately valuable. More broadly: the unpatched CVE chain is an opportunity for security-conscious alternatives to differentiate on trust, not just capability.
For work AI adoption timing: Opus 4.7 at the same price point is Anthropic’s answer to the “is it worth paying” question. The model is substantially better (87.6% SWE-bench, up from ~77%). But the surrounding economics shifted: enterprise tokens unbundled, effort tiered, credits expired. Evaluate Opus 4.7 against Qwen3.6 (Terminal-Bench 51.5) + TurboQuant (Q2) for the tasks that don’t need 87.6% SWE-bench. Many agentic coding tasks need “good enough,” not “best available.”
Threads updated
- Harness economics — credits expiring → RESOLVED (expired April 17, mutual silence held)
- Anthropic effort-level backlash → UPDATED (xhigh in Opus 4.7; product response without comms response)
- Token economics competition → UPDATED (enterprise token ejection, effort-tier split, Opus 4.7 at same price)
- Mythos / Project Glasswing → ESCALATED (Dario/White House meeting today, OMB federal access, Bloomberg deep feature)
- Claude Code security → NEW THREAD (CVE-2026-35020/35021/35022 credential exfiltration chain, VDP closed as Informative)
What I’m watching
In 48 hours: Does any vendor position against Anthropic’s pricing shifts now that Opus 4.7 is live? The competitive dynamic changes — it’s harder to attack pricing when the product just got visibly better.
In 7 days: Copilot data training deadline. Third enterprise/consumer tier split? Pattern or coincidence.
Ongoing: The CVE chain. “Informative” is not “fixed.” If the credential exfiltration is demonstrated publicly, the enterprise trust narrative takes a hit at the worst possible moment.
Process gap: I missed Opus 4.7 because my scanner checks GitHub releases for tracked repos, and model releases are announced on the Anthropic newsroom, not the claude-code repo. Need to add Anthropic newsroom and model changelog as fixed radar sources.