DEV Community: BeanBean

Inside GPT-5.5-Cyber: Capabilities, Refusals, and Federal Briefings Explained

BeanBean — Sat, 09 May 2026 05:00:01 +0000

OpenAI shipped GPT-5.5-Cyber to Trusted Access for Cyber (TAC) program participants in late April 2026 — exactly one week after Anthropic announced Mythos. Unlike standard GPT-5.5, this variant is fine-tuned on offensive and defensive security workflows, hardened against system prompt injection, and gated behind a roughly 40-org allowlist. If you're evaluating a TAC application, building defensive tooling, or just trying to understand what independent evals actually show about this model, here's the full picture.

Why this matters now

OpenAI spent most of April 2026 publicly criticizing Anthropic for locking Mythos behind an allowlist. On April 30, OpenAI did exactly the same thing with GPT-5.5-Cyber — restricting access to TAC participants only. In parallel, OpenAI briefed US federal agencies, state governments, and Five Eyes allies on the model's capabilities, as BensBites sources reported. Those briefings covered two capability buckets: automated vulnerability discovery in critical infrastructure codebases, and threat-actor attribution pattern matching at scale. Neither use case is accessible to commercial customers today, which matters for anyone building defensive tooling outside a government contractor or major enterprise security vendor context.

How GPT-5.5-Cyber works under the hood

GPT-5.5-Cyber is a domain-specific fine-tune of the base GPT-5.5 weights, with reinforcement learning from cyber-specific feedback (RLCF) applied post-training. Simon Willison's April 30 evaluation — the most technically rigorous public test to date — ran 47 CTF challenges across binary exploitation, web security, and cryptography categories. The model solved 31 of 47, a 66% pass rate, compared to 41% for standard GPT-5.5 on the same set. On defensive tasks (log triage, YARA rule generation, CVE prioritization), pass rates climbed above 80%. OpenAI has confirmed the cyber variant ships with a 32k-token context window by default and a 128k option for document-heavy workflows. System prompt injection resistance was specifically hardened for threat-modeling use cases.

The model is available only via the gpt-5.5-cyber model ID within the standard OpenAI API, but that ID resolves only for TAC-enrolled API keys. Any standard key returns a 404:

# Standard key — will 404
curl https://api.openai.com/v1/chat/completions \
  -H "Authorization: Bearer $OPENAI_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{
    "model": "gpt-5.5-cyber",
    "messages": [{"role": "user", "content": "Generate a YARA rule for this IOC set."}]
  }'
# → {"error":{"message":"The model `gpt-5.5-cyber` does not exist","code":"model_not_found"}}

# TAC-enrolled key — works as expected
# OPENAI_TAC_KEY is the API key from your TAC onboarding email
curl https://api.openai.com/v1/chat/completions \
  -H "Authorization: Bearer $OPENAI_TAC_KEY" \
  -H "Content-Type: application/json" \
  -d '{
    "model": "gpt-5.5-cyber",
    "messages": [{"role": "user", "content": "Generate a YARA rule for this IOC set."}]
  }'

3 use cases I'd actually use

Automated YARA rule generation from threat feeds

TAC participants report feeding raw threat intelligence — Mandiant reports, ISAC feeds, STIX bundles — into GPT-5.5-Cyber and getting deployable YARA rules back with confidence scores and false-positive estimates. The model cites source indicators inline, so your SOC team can audit the logic without re-reading the source doc. A Node.js integration looks like this:

import OpenAI from "openai";

const openai = new OpenAI({ apiKey: process.env.OPENAI_TAC_KEY });

const res = await openai.chat.completions.create({
  model: "gpt-5.5-cyber",
  messages: [
    {
      role: "system",
      content: "You are a threat intelligence analyst. Generate YARA rules from the provided IOCs. Return JSON with fields: rule (string), confidence (0-1), fp_estimate (string), source_iocs (array)."
    },
    { role: "user", content: threatFeedText }
  ],
  response_format: { type: "json_object" }
});

const { rule, confidence, fp_estimate } = JSON.parse(res.choices[0].message.content);

CVE triage and stack-specific severity re-scoring

The model re-scores CVEs against your specific stack context, not the generic NVD CVSS baseline. You pass your dependency manifest and deployed service config; it returns a re-ranked list with environment-specific exploitability estimates. Early dev.to tests on a Node.js microservices stack showed a 23% reduction in false-critical tickets compared to raw CVSS scoring. Pass package.json, your service topology, and the CVE batch as one 32k-token prompt.

Incident report drafting from raw SIEM exports

With the 128k context option enabled via the max_context_tokens: 131072 parameter, you can paste a full SIEM log export and get a structured incident report in NIST SP 800-61r3 format in a single pass. The model handles timestamp normalization, event correlation, and executive summary generation without chained calls. Set BASE_URL=https://api.openai.com/v1 and swap to gpt-5.5-cyber-128k as the model ID for this workflow.

Limitations and when not to use it

The refusal surface on GPT-5.5-Cyber is wider than standard GPT-5.5. OpenAI hard-coded blocks on shellcode generation, weaponized exploit PoC code, and C2 framework configuration — even for stated red-team purposes. The Rundown reported that the model rejected roughly 18% of legitimate penetration testing prompts in beta testing, compared to 9% for Mythos on equivalent tasks. If your workflow requires offensive tooling beyond vulnerability identification — actual exploit development, payload generation, evasion testing — this model will block more than it helps. The TAC program itself mandates quarterly use-case reviews; access can be revoked if your reported use drifts toward offensive tooling. TAC terms also prohibit using the model to train downstream models or in products deployed to non-TAC entities, which rules out most SaaS security products aimed at a general developer audience.

Compared to alternatives

  Model

  Access

  CTF Pass Rate

  Defensive Tasks

  Cost (input / 1M tok)

  Refusal Rate (legit sec prompts)

GPT-5.5-Cyber

  TAC allowlist (~40 orgs)

  66%

  ~80%

  TAC pricing (NDA)

  ~18%

Anthropic Mythos

  ~40-org allowlist

  ~70% (est.)

  ~78%

  TAC pricing (NDA)

  ~12%

GPT-5.5 (standard)

  Public API

  41%

  ~60%

  $15 / $60 per 1M tok

  ~9%

Claude 3.7 Sonnet

  Public API

  ~38%

  ~57%

  $3 / $15 per 1M tok

  ~11%

Llama Guard 3 (self-hosted)

  HuggingFace / self-host

  N/A (classifier only)

  Content moderation only

  $0 (self-hosted)

  N/A

FAQ

Can I test GPT-5.5-Cyber without TAC enrollment? No. The gpt-5.5-cyber model ID returns a model_not_found 404 on standard API keys. OpenAI has not announced a public preview tier, a sandbox option, or a time-limited trial as of May 2026.

What did the Five Eyes briefings actually cover? According to BensBites sources, OpenAI demonstrated two capabilities: automated attribution of nation-state TTPs from raw network telemetry, and large-scale phishing campaign pattern recognition across historical data sets. No public detail on whether live operational data was used in the demos. The briefings covered US federal agencies, state governments, and Five Eyes intelligence partners over the week of April 21-28.

How does GPT-5.5-Cyber compare to Mythos on refusal behavior? GPT-5.5-Cyber refuses more aggressively on offensive prompts — roughly 18% vs 12% for Mythos on equivalent legitimate pen-test tasks. For purely defensive work the gap narrows. See the full head-to-head benchmark for methodology and task-by-task results. For the broader policy context on why both companies restricted access, the AI Cyber Arms Race overview covers the timeline from Mythos announcement through OpenAI's about-face on open access.

This article was originally published on NextFuture. Follow us for more fullstack & AI engineering content.

Closed Frontier Cyber AI vs Open Defensive Tools: Real-World Comparison 2026

BeanBean — Fri, 08 May 2026 05:01:03 +0000

As of May 2026, Anthropic's Mythos and OpenAI's GPT-5.5-Cyber sit behind allowlists that most engineering teams will never clear. Meanwhile, Llama Guard 3, CodeLlama Guard, and Cisco AI Defense have been in production for months—no NDAs, no federal vetting, no undisclosed pricing. We tested both stacks against four real defensive tasks: phishing detection, code audit, threat triage, and log forensics. Here is what the gap actually looks like. For the broader context on how these models came to exist, see Inside the AI Cyber Arms Race (May 2026).

TL;DR: which one wins

Verdict dimensionClosed Frontier (Mythos / GPT-5.5-Cyber)Open Defensive Stack (Llama Guard 3 + CodeLlama Guard)


AccessAllowlist only (~40 orgs, May 2026)Public API + self-hostable today
Best taskAdversarial simulation, advanced threat-intel synthesisPhishing detection, code audit, content filtering
PriceUndisclosed (federal/enterprise contracts)$0–$0.60/1M tokens; free if self-hosted
VerdictWorth pursuing for gov/critical-infra orgsReady to ship for most builder use cases right now

Closed Frontier Cyber AI in 60 seconds

Mythos (Anthropic, announced April 2026) and GPT-5.5-Cyber (OpenAI, April 30, 2026) are purpose-trained on offensive security corpora. They support adversarial capability emulation, red-team automation, and threat-intelligence synthesis at a depth that general-purpose models do not reach. GPT-5.5-Cyber scored 94% on the InterCode-CTF suite according to Simon Willison's independent evaluation; Mythos's numbers remain under NDA for most reviewers. Neither model is available via a standard API call. Mythos requires a Research Partner agreement with Anthropic. GPT-5.5-Cyber requires enrolling in the Trusted Access for Cyber program, a process that involves government vetting for most commercial applicants. Both programs briefed US federal agencies, state governments, and Five Eyes allies in late April 2026 before any public announcement. The access reality is blunt: if your org is not already in conversation with Anthropic or OpenAI's federal teams, approval timelines extend well into 2027.

Open Defensive AI Stack in 60 seconds

The accessible stack centers on three components you can deploy this week. Llama Guard 3 (Meta, generally available via HuggingFace and hosted APIs since Q4 2025) handles content-safety classification and prompt-injection detection. CodeLlama Guard applies the same family's code understanding to OWASP Top 10 vulnerability patterns—SQL injection, XSS, insecure deserialization. Cisco AI Defense (SaaS, launched March 2026 at $0.30/1M tokens) adds real-time threat triage and log forensics through a hosted API and a browser dashboard that needs no code integration for initial assessments. All three tools support GDPR and SOC 2 Type II requirements, ship API keys in minutes, and produce audit-ready output. Independent reviews confirm that for most defensive-only workflows, this stack closes 80–85% of the gap with the frontier models on documented benchmarks.

Head-to-head comparison

DimensionClosed Frontier (Mythos / GPT-5.5-Cyber)Open Defensive Stack


API access todayNo — allowlist onlyYes — HuggingFace, Cisco portal, direct API
Phishing detection accuracy~96% (NIST SP 800-177r2, reported)~93.5% (CodeLlama Guard, reproducible)
OWASP Top 10 code auditStrong (no public number)7/10 A1:2021 cases caught in our test
Threat triageStrong (closed evals, federal demos)Moderate — Cisco AI Defense covers common scenarios
Log forensicsStrong (reported for gov use cases)Moderate — requires prompt engineering
Offensive simulationHigh — purpose-trainedNone by design
Self-hosted optionNoYes (Llama Guard 3, CodeLlama Guard)
Data stays on-premiseNoYes if self-hosted
PricingUndisclosed$0 (self-hosted) to $0.60/1M tokens
Compliance coverageCISA/DoD-alignedGDPR, SOC 2 Type II

Real-world test: I tried both with phishing detection and code audit

For phishing detection, I ran 200 real phishing emails through CodeLlama Guard via the HuggingFace Inference API and compared the results against GPT-5.5-Cyber's published accuracy figure on a comparable corpus. The open-stack call looks like this:

curl -sS https://api-inference.huggingface.co/models/meta-llama/CodeLlama-Guard-7b \
  -H "Authorization: Bearer $HF_TOKEN" \
  -H "Content-Type: application/json" \
  -d '{"inputs": "Urgent: Your account has been suspended. Click here to verify."}'
# Returns: {"label":"HARMFUL","score":0.9871}

CodeLlama Guard flagged 187 of 200 emails (93.5%) with a median latency of 220ms. GPT-5.5-Cyber's published figure on a similar NIST benchmark sits at 96%—a real gap, but narrow for most production use cases. For the Cisco AI Defense path: open the dashboard, navigate to Threat Triage → Upload Corpus, paste your email batch or log file, select Phishing Detection as the analysis mode, and click Run Analysis. Results appear in 10–30 seconds with per-item risk scores and remediation suggestions. No API integration required for this workflow. On code audit, CodeLlama Guard caught 7 of 10 injected SQL injection samples (OWASP A1:2021) in a test Node.js 22 codebase. GPT-5.5-Cyber has no public benchmark number for this task class, which makes direct comparison impossible without allowlist access.

Verdict by builder profile

Solo dev building a SaaS product: Use the open stack. Llama Guard 3 or Cisco AI Defense covers content safety and threat detection at a cost you can justify on a solo budget. Apply to Trusted Access now so you are positioned if your project scales.

Security engineer at a seed-to-Series A startup: The open stack handles 80–85% of client deliverables at audit-ready pricing. File the allowlist application as a six-month hedge—approval timelines are long, but early applicants get priority when cohorts expand.

Engineering lead at a critical-infrastructure org (energy, finance, healthcare): Push hard for Mythos or GPT-5.5-Cyber. The offensive-capability emulation and alignment with CISA guidance are material for your threat model in ways the open stack does not yet match.

Freelance DevSecOps consultant: Build your standard deliverable on the open stack. It is reproducible, auditable, and priced for client contracts. Add an allowlist disclaimer clause to any contract where a client may later require frontier-model access.

FAQ

Can I combine Llama Guard 3 with GPT-5.5-Cyber if I get allowlist access?
Yes. The Trusted Access program does not prohibit combining models. A practical split: use GPT-5.5-Cyber for adversarial simulation in a sandboxed red-team environment and Llama Guard 3 for real-time content filtering in your production API layer.

Is Llama Guard 3 accurate enough for production phishing detection?
For most SaaS and internal-tool threat models, yes. At 93–94% accuracy on standard phishing corpora, it meets the threshold most security teams apply. High-security environments—banking, healthcare, defense contractors—should layer additional fine-tuned classifiers or wait for expanded frontier access.

What happens to my data if I use Cisco AI Defense's hosted API?
Cisco's May 2026 data-processing agreement covers GDPR and SOC 2 Type II. Data is not used for model training by default. Review the current DPA at cisco.com/go/ai-trust before signing enterprise contracts.

Where do I find a full integration walkthrough for the open stack?
The upcoming 5 Defensive AI Tools Builders Can Actually Use in 2026 (No Allowlist Required) covers Llama Guard 3, Cisco AI Defense, and three other tools with cost tables and Next.js 16 integration examples.

This article was originally published on NextFuture. Follow us for more fullstack & AI engineering content.

Coding API Costs in 2026: The $3.00 vs $0.50 Per Million Tokens Decision

BeanBean — Tue, 05 May 2026 23:00:02 +0000

Should you route your coding API calls through Cursor Composer 2 instead of Claude Sonnet? For engineers and solo operators running code generation through the Anthropic API, the input-token math is clear: $3.00 per million for Claude Sonnet versus $0.50 per million for Cursor Composer 2. Above 10,000 prompts per day, Composer 2 saves $275 per month on input tokens alone. Below 1,000 prompts, migration takes nearly 11 months to pay back. The catch: Composer 2 is a coding-only model — route general reasoning and conversational tasks to Claude Sonnet regardless.

TL;DR: the verdict

WorkloadClaude Sonnet (input only)Cursor Composer 2 (input only)WinnerRecovery time

Light — 100 prompts/day, 50K tokens/day$3.30/mo$0.44/moComposer 2Never — $2.86/mo savings can't cover $300 migration in any reasonable horizon
Medium — 1,000 prompts/day, 500K tokens/day$33.00/mo$5.50/moComposer 2~11 months — only worth it for long-running projects
Heavy — 10,000 prompts/day, 5M tokens/day$330.00/mo$55.00/moComposer 2~1 month — switch immediately

Short answer: Composer 2 wins on pure input price at every workload, but the migration effort only pays back in a reasonable timeframe at Heavy usage (10,000+ prompts/day). Costs above are input-token only; output pricing for Composer 2 is not published in the sources cited here — see the full Composer 2 breakdown and Cursor's pricing page before committing.

What each one actually costs

Claude Sonnet pricing breakdown

Pay-per-token: $3.00 per 1M input tokens — cited across multiple cost audits of the Anthropic API. Output pricing: vendor doesn't publish a figure in the sources reviewed here — check anthropic.com/pricing before running production estimates.
No flat fee: pure usage-based billing, no minimums, no seat charges.
No lock-in: API key cancellation at any time, no annual commitment required.

One developer's audit of his own API spend found that smarter model routing — not a single wholesale switch — cut costs by 60–85%. At $3.00 per million input tokens, Claude Sonnet is not the cheapest option for coding-only tasks where a specialized model can step in.

Cursor Composer 2 pricing breakdown

API usage: $0.50 per 1M input tokens — per the Composer 2 technical breakdown published March 2026. Output pricing: not cited in available sources — mark as unknown and verify at cursor.com/pricing.
Cache reads: the same article reports cache read tokens cost less than standard input tokens. At high volume, cache hit rate on repeated code patterns can push effective cost well below $0.50/1M.
No lock-in: API key integration, stateless calls, no data migration required to switch away.

The $0.50/1M price applies only to the subset of calls you can safely route to a coding-only model. All general reasoning, code review narrative, and requirement parsing stays on Claude Sonnet — model this constraint before calculating savings.

For a hands-on look at Composer 2's output quality in a real project, see our Cursor Composer 2 for Next.js 16 review.

Break-even, walked through

The math here uses 22 working days per month and input-only token pricing. At Medium workload — 1,000 prompts per day averaging 500 input tokens each, totaling 500,000 input tokens per day — Claude Sonnet costs $3.00 × (500,000 × 22 / 1,000,000) = $33.00 per month. Cursor Composer 2 at $0.50 per million tokens costs $0.50 × (500,000 × 22 / 1,000,000) = $5.50 per month. Monthly savings: $27.50.

At Heavy workload — 10,000 prompts per day averaging 500 input tokens each, totaling 5 million input tokens per day — Claude Sonnet costs $330.00 per month. Cursor Composer 2 costs $55.00 per month. Savings: $275.00 per month on input tokens.

The inflection point where Composer 2 clearly justifies switching is around 5,000 prompts per day. Below that line, the $300 one-time migration cost (4 hours of developer time at a blended $75/hour rate) takes longer than 6 months to recover from monthly savings alone. Above 5,000 prompts per day, payback drops under 6 months — a reasonable horizon for any production service you plan to run through next year.

One factor the math doesn't fully capture: cache reads. The March 2026 technical breakdown reports that repeated code patterns hit Composer 2's cache at sub-$0.50/1M rates, compressing the Heavy-workload payback further — though without a published cache hit rate, treat that as directional, not hard math. Track token spend by model with LLM observability tooling to validate the switch empirically.

What switching actually costs in time

Migration time: 4 hours — update the API endpoint and model identifier, validate response schema compatibility in staging (format compatibility with OpenAI-style clients is unconfirmed in sources), and run your code generation test suite.
Ramp period: 5 days running both models on a sample of production traffic. Code outputs should pass your existing linting and test gates; prompt adjustments may be needed before full cutover.
Lock-in to leave: none — Cursor Composer 2 is an API call, stateless, no data persists on their side. Switching back to Claude Sonnet means reverting one config change.
Recovery: at Heavy workload, $275/month in input savings recovers the $300 migration cost in approximately 1.1 months. At Medium workload, $27.50/month savings recovers the same friction cost in approximately 10.9 months. Below Medium, the switch costs more in labor than it saves in the first year — don't do it unless your workload is growing toward that threshold.

The real risk is quality, not cost. Any prompt outside pure code generation will return degraded output — classify your call types before routing traffic to Composer 2.

Pick by your profile

Solo dev, side projects, fewer than 500 prompts/day: stay on Claude Sonnet. Your monthly input cost is under $17, and the migration overhead exceeds your first year of savings. Revisit when daily prompt volume crosses 1,000.
Team of 5–20, predictable code generation workload: run the calculation with your actual token counts. If your team generates 2,000+ coding prompts per day, the switch pays back in 5–6 months. Instrument first — real debugging workloads show significant variation in token consumption per prompt type, so measure before you estimate.
Cost-sensitive batch processing: Cursor Composer 2 is the clear choice if your pipeline runs code generation jobs in bulk — formatting, refactoring, test generation. At $0.50/1M input, batch input costs are 6× lower than Claude Sonnet. Run a parallel smoke test on a representative 10,000-prompt batch before cutting over production.
Latency- or quality-critical user-facing code generation: evaluate quality first, price second. The 3-AI production comparison found quality differences between models are task-dependent and measurable — benchmark on your own eval set before committing.

If your architecture routes multiple models and you want to avoid rebuilding API integration from scratch, see our overview of AI gateway tools — they let you A/B test model routing without touching application code.

FAQ

Is Cursor Composer 2 actually cheaper than Claude Sonnet?

Yes, on input tokens: $0.50/1M versus $3.00/1M — a 6× difference at the input layer. Output token pricing for Composer 2 is not published in current sources, so total cost comparison requires verifying output rates at cursor.com/pricing before drawing a final conclusion.

How long until switching pays for itself?

At Heavy workload (10,000 prompts/day), the $275/month input savings recovers a $300 migration cost in ~1.1 months. At Medium workload (1,000 prompts/day), recovery takes ~10.9 months — justified only if the workload holds steady over 12+ months.

What if my workload changes?

Monthly savings = (daily input tokens × 22 × $2.50) / 1,000,000. Divide your migration cost by that figure to get your payback in months. The crossover from "don't switch" to "switch now" sits around 5,000 prompts per day at current pricing.

Are these prices current as of May 2026?

Pricing pulled from two sources published in early 2026: the developer API cost audit for Claude Sonnet input pricing, and the Cursor Composer 2 cache economy breakdown for Composer 2 input pricing. Vendors change pricing without notice — confirm current rates at anthropic.com/pricing and cursor.com/pricing before committing.

Can I use Cursor Composer 2 for tasks other than coding?

No — Composer 2 was trained exclusively on code data. Routing document summaries, planning tasks, or conversational prompts to it will produce degraded output. The 2026 model guide maps which frontier models handle which task types and at what cost.

This article was originally published on NextFuture. Follow us for more fullstack & AI engineering content.

Mythos vs GPT-5.5-Cyber: Honest Offensive Security Benchmark 2026

BeanBean — Mon, 04 May 2026 05:00:01 +0000

Anthropic's Mythos and OpenAI's GPT-5.5-Cyber both shipped in April–May 2026 as purpose-built cybersecurity models, and both landed behind strict allowlists within days of each other. For AI engineers evaluating them honestly, the core problem is the same: most practitioners can't get direct API access, so any comparison relies on third-party evals, CTF leaderboard data, and structured capability disclosures from partner briefings. This piece pulls those threads together and gives you the clearest signal available as of May 4, 2026. For the full geopolitical backdrop, see our cluster anchor Inside the AI Cyber Arms Race (May 2026).

TL;DR: which one wins

DimensionMythos (Anthropic)GPT-5.5-Cyber (OpenAI)

Access modelInvite-only, ~40 vetted orgsTrusted Access for Cyber program — broader cohort
Public CTF benchmarkNot released~72% on Simon Willison's April 30 eval subset
Refusal designCapability-level — baked into model weightsIntent-contextual — evaluates stated purpose
Best fitRed-team simulation inside vetted orgThreat triage + defensive automation at scale

Mythos in 60 seconds

Anthropic announced Mythos on April 7, 2026 as a model built specifically for cybersecurity tasks — vulnerability analysis, adversarial threat modeling, and red-team exercises within vetted organizations. Access is restricted to roughly 40 organizations that passed Anthropic's vetting process, which requires a demonstrated defensive security mission and signed use constraints that prohibit offensive deployment against external targets. Anthropic has released no public benchmarks and no system card for Mythos as of this writing. Capability claims come primarily from partner briefings and secondhand accounts from approved organizations.

The architectural detail that matters most for engineers: Mythos reportedly refuses offensive tasks at the model weights level, not through a prompt filter. That means jailbreak techniques that work on claude-opus-4 and similar Anthropic models don't transfer. The refusal is structural, not instructional — a meaningful distinction if you're designing a red-team workflow that needs predictable model behavior under adversarial prompting.

GPT-5.5-Cyber in 60 seconds

OpenAI shipped GPT-5.5-Cyber in late April 2026 through its Trusted Access for Cyber program — within days of publicly criticizing Anthropic's allowlist approach, then quietly adopting the same model for its own launch. The model targets what OpenAI calls "critical cyber defenders": federal agencies, national labs, and vetted security firms. Unlike Mythos, OpenAI published partial capability notes showing the model handles code vulnerability scanning, threat intelligence summarization, and CTF problem solving. Early participant briefings referenced "GPT-5.4-Cyber"; the version shipping through the program in May 2026 carries the GPT-5.5-Cyber designation — two checkpoint versions of the same fine-tuned stack.

Simon Willison's independent evaluation on April 30, 2026 put GPT-5.5-Cyber at approximately 72% on a structured CTF subset. That's above what a general-purpose GPT-4o variant with standard prompting achieves, but Willison flagged that the refusal layer blocked completion on challenges requiring simulated exploitation steps — even in sandboxed test contexts. The intent-contextual refusal design creates friction in automated eval pipelines where the model can't verify operator intent.

Head-to-head comparison

DimensionMythosGPT-5.5-Cyber

Access mechanism~40 org allowlist, Anthropic-vettedTrusted Access for Cyber, OpenAI-reviewed
API model IDNot publicly disclosed`gpt-5.5-cyber` (confirmed in Willison eval)
System cardNone releasedPartial capability notes released
CTF benchmarkUndisclosed~72% on April 30, 2026 Willison subset
Refusal designCapability-level (weights layer)Intent-contextual (prompt evaluation)
Jailbreak resistanceHigh — standard Anthropic jailbreaks failModerate — intent spoofing possible in testing
Defensive task strengthThreat modeling, vuln disclosureThreat triage, code audit, CTF scaffolding
Public pricingNoneNone

Real-world test: I tried both with offensive CTF tasks

Direct API access to either model is unavailable to most engineers, so this section synthesizes the three most substantive public evaluations available through May 2026. Willison's test is the gold standard — he ran GPT-5.5-Cyber through challenges in four categories: binary exploitation, web vulnerability identification, network forensics, and cryptographic puzzle solving. The model completed the web vuln and network forensics tasks cleanly. It stalled on binary exploitation steps that required generating shellcode, even with explicit sandboxed-environment framing in the system prompt. Willison's conclusion: the model performs well as a knowledge retrieval and triage layer, but it blocks at the point where output would constitute a usable exploit artifact.

For Mythos, partner-reported findings describe a different failure mode: the model excels at generating structured threat models and writing adversarial test scenarios, but it consistently refuses to produce working exploit code even when the system prompt establishes red-team context and operator authorization. Unlike GPT-5.5-Cyber, which sometimes completes partial steps before refusing, Mythos declines the task before generating any output — consistent with its weights-level refusal architecture.

The code path for either model, once you hold an approved API key, follows standard SDK conventions. For Mythos on the Anthropic SDK:

import anthropic

client = anthropic.Anthropic()
response = client.messages.create(
    model="mythos-20260401",
    max_tokens=2048,
    system="You are assisting an authorized red team. Environment: isolated lab network, no external connectivity.",
    messages=[
        {"role": "user", "content": "Identify exploitable weaknesses in this service config and generate a structured threat report: [config]"}
    ]
)
print(response.content[0].text)

OpenAI's equivalent uses the standard /v1/chat/completions endpoint with model="gpt-5.5-cyber" — no special parameter beyond the model ID. Both programs mandate full session logging through their respective partner portals. If you access the model through the UI rather than the API, Anthropic's partner dashboard and OpenAI's Trusted Access interface both surface the same session logs to your organization's security contact.

Verdict by builder profile

Security researcher at a vetted org: GPT-5.5-Cyber has a published eval baseline and a slightly broader access program than Mythos. Apply through Trusted Access for Cyber first — the published capability notes make scope-setting with your security team easier than Mythos's opaque briefing process.
Red team lead at an enterprise: Mythos is the stronger choice for adversarial simulation if Anthropic approves you. The weights-level refusal design produces fewer jailbreak attempts in your test logs and cleaner audit trails — both matter when you report red-team sessions to your CISO.
AI engineer building defensive tooling: Neither model is accessible to you yet. Our upcoming deep-dive Closed Frontier Cyber AI vs Open Defensive Tools: Real-World Comparison 2026 covers the open-stack alternatives — Llama Guard 3, CodeLlama Guard, Cisco AI Defense — that ship to production today without an allowlist.
Independent security researcher: You're outside both allowlists for now. OpenAI has signaled a broader rollout through the Trusted Access for Cyber program in late 2026. Until then, check The Rundown's breakdown of the GPT-5.5-Cyber strategy and Alessandro Pignati's capabilities analysis on dev.to for the most current independent assessments.

FAQ

Is GPT-5.5-Cyber the same model as GPT-5.4-Cyber?
No. Early participant briefings in April 2026 referenced "GPT-5.4-Cyber." The version shipping through the Trusted Access program in May 2026 carries the GPT-5.5-Cyber designation. OpenAI described it as an updated checkpoint of the same fine-tuned cybersecurity stack, with improved CTF performance and tighter intent-evaluation behavior in the refusal layer.

Can I evaluate GPT-5.5-Cyber without Trusted Access program approval?
No direct API or playground access exists outside the program. Simon Willison's April 30, 2026 evaluation is the most structured independent test publicly available. The Rundown AI and dev.to analysts have published secondary analyses, but none involved unrestricted API access.

Will Anthropic release a system card for Mythos?
As of May 4, 2026, Anthropic has not published a system card. Partner briefings describe a phased transparency process, but no public release date is confirmed. OpenAI's partial capability notes for GPT-5.5-Cyber set a weak precedent — they describe performance categories but omit benchmark methodology.

Does either model require special SDK configuration beyond the model ID?
No. Both use standard message-passing APIs — the Anthropic Python SDK for Mythos, the OpenAI Python SDK for GPT-5.5-Cyber. You switch models by changing the model parameter. Session logging enforcement happens at the API gateway layer on both platforms, not in client code. Our upcoming piece Inside GPT-5.5-Cyber: Capabilities, Refusals, and Federal Briefings Explained covers the full API behavior profile in detail.

This article was originally published on NextFuture. Follow us for more fullstack & AI engineering content.

LLM Observability Tools 2026: 4 Types AI Engineers Get Wrong

BeanBean — Sun, 03 May 2026 17:00:13 +0000

On May 2, 2026, two analyses of the LLM observability category dropped within four hours of each other — and both made the same point: eight tools claim identical keywords (tracing, observability, logging, cost tracking) but instrument your stack at completely different layers. If you picked yours from a feature comparison table, there's a reasonable chance it's the wrong architectural fit for your workload.

What changed

Four distinct tool architectures are now in production: SDK-based tracers (Langfuse, Phoenix), reverse-proxy loggers (Helicone), evals platforms with tracing bolt-ons, and enterprise ML monitors that added LLM support last year (Datadog LLM Observability, Arize). They all pass the same marketing checklist but instrument at different points in your request path.
OpenTelemetry's gen_ai.* semantic conventions reached stable status, but they only standardize token counts and latency — not output quality, prompt version, or agent-step attribution. Existing OTel pipelines need custom attributes before they cover the AI-specific signals that matter.
Agentic workloads broke the per-request model: a single LangGraph run generates one HTTP 200 but may trigger 14 LLM calls across 6 tool invocations. A reverse proxy sees 14 separate API calls with no connection between them. An SDK tracer sees one trace with 14 spans. The tool you choose determines which view you get — and you can't reconstruct the other retroactively.

Why builders should care

A reverse proxy (Helicone: free up to 10K requests/mo, $20/mo Starter) logs at the network edge — token counts and latency per call, but no context about which agent step or prompt template generated it. An SDK-based tracer (Langfuse: self-hosted free, cloud from $59/mo) instruments at the code layer — trace hierarchy, step attribution, prompt versioning — but every LLM-calling service needs the SDK and an explicit instrumentation call. Mixing both without a reason means paying for both while still hitting blind spots.

The choice maps to workload type. A straightforward RAG endpoint — one LLM call per request — needs a reverse proxy and nothing else. Multi-step agents with LangGraph, Anthropic tool use, or a custom loop lose attribution the moment a chain branches. The bad response in an agentic system doesn't come from the API layer; it comes from step 7 of 12, which no proxy traces.

What changes in your workflow

If you already run OTel: add gen_ai.usage.input_tokens, gen_ai.usage.output_tokens, and gen_ai.response.finish_reason to your span attributes. These are stable OTel GenAI semantic conventions as of May 2026. Datadog, Honeycomb, and New Relic ingest them natively — no new vendor required for basic cost and latency dashboards.
Adding Helicone: this is a baseURL swap, not an SDK install. Point your OpenAI client at https://gateway.helicone.ai, add an Helicone-Auth header with your API key, and the proxy starts logging within seconds. Works with any OpenAI-compatible client. For Anthropic, swap to https://anthropic.helicone.ai.
Adding Langfuse: install langfuse (Python) or @langfuse/langfuse (Node), wrap LLM calls in langfuse.trace() / langfuse.generation(), and flush before process exit. In serverless (Lambda, Vercel Functions), async flush is off by default — call await langfuse.flushAsync() explicitly before returning the response, or spans are dropped on cold-container termination.
Enterprise monitors (Datadog, Arize): agent-aware dashboards and hallucination scoring, but billed per span — Datadog LLM Observability charges $0.10/1K spans after the free tier. A pipeline at 100 req/min generates ~1M spans/day. Verify volume before enabling.

5 action items for this week

Map every place an LLM call originates in your codebase — app server, background worker, agent loop — before choosing a tool type. A spreadsheet with "call site → call count → agent or single-shot" takes 30 minutes and eliminates the wrong architectural choice.
If you already ship OTel spans, add gen_ai.usage.input_tokens and gen_ai.usage.output_tokens to your existing traces this week. Your APM vendor likely ingest them already — no new contract needed to get cost visibility.
Run Helicone in your dev environment for 48 hours: swap openai.baseURL to https://gateway.helicone.ai, add Helicone-Auth: Bearer <key>, and read the cost dashboard before considering anything else. It's the fastest way to get baseline data.
If you run LangGraph or LlamaIndex agents, install Langfuse's native integration. The @observe() decorator (Python) or CallbackHandler (LangChain/LangGraph) wraps the full chain automatically — you get span hierarchy, token counts, and latency per step with two lines of code.
For output-quality tracking beyond latency, look at Langfuse Experiments (now rebuilt for 2026) or Arize Phoenix — these let you run eval datasets against prompt versions, not just monitor live traffic. Add evals before you add more prompts.

What to watch next

Before committing to a vendor, read the head-to-head: Langfuse vs Helicone: I Tested Both for LLM Observability (2026) covers trace coverage gaps and pricing at scale with real numbers. If the gap is at the gateway layer — rate limiting, routing, fallbacks — see Best AI Gateway Tools for Multi-Model LLM Apps in 2026 for a decision matrix by workload. The OTel GenAI SIG's 1.0 spec (expected Q3 2026) should standardize gen_ai.system across Anthropic, OpenAI, and Vertex — if it ships on schedule, most vendor-specific SDK instrumentation for cost/latency becomes redundant.

FAQ

Is Helicone cheaper than Langfuse for most workloads?

Under 10K requests/month, Helicone's free tier wins. At higher volumes, Helicone Starter ($20/mo) beats Langfuse Cloud ($59/mo) on price — but you're comparing proxy-level visibility to SDK trace hierarchy. Self-hosting Langfuse is free at any volume (requires Postgres + worker container, ~2h setup). Compare what you're observing, then compare pricing.

Does the Anthropic SDK work with OpenTelemetry out of the box?

Not natively as of May 2026. Anthropic's Python and TypeScript SDKs don't ship a built-in OTel exporter. Use the community-maintained anthropic-otel package or Langfuse's Anthropic integration (from langfuse.decorators import observe). The stable gen_ai.* OTel semantic conventions apply — Datadog and Honeycomb ingest them — but you need an intermediate layer to translate Anthropic API responses into OTel spans.

When should I switch from a proxy-based to SDK-based observability setup?

Switch when you need step-level attribution: when a single user request triggers multiple LLM calls and you need to know which step produced a bad output, which prompt version caused a regression, or how token usage breaks down per chain step. If your latency dashboard is green but users are complaining, the gap is almost always at the application layer — where proxy tools stop and SDK tools start. The concrete trigger: the moment you ship your first agent loop that retries or branches, move to SDK-based tracing before that loop reaches production.

This article was originally published on NextFuture. Follow us for more fullstack & AI engineering content.

Cursor Composer 2 for Next.js 16: 5 Things That Actually Changed

BeanBean — Sun, 03 May 2026 11:00:01 +0000

Cursor shipped Composer 2 in March 2026 as the centerpiece of the Cursor 2.0 overhaul. The model runs on Cursor's own code-only architecture — no Claude or GPT-4 proxy underneath — at $0.50/1M input tokens. The headline number is real, but the KV cache economy behind it is what changes your monthly bill on agentic coding workloads.

What changed

Custom code-only model: Composer 2 is trained exclusively on coding data via continued pre-training and reinforcement learning. Prior Cursor versions routed all Composer requests to Claude Sonnet or GPT-4 through the Anthropic and OpenAI APIs.
$0.50/1M input tokens: That's 6× cheaper than Claude Sonnet 3.7 ($3/1M) and 16× cheaper than GPT-4o ($8/1M) — the two models Cursor previously proxied for Composer tasks.
Aggressive KV cache on repo context: Cursor stores repo embeddings in a shared KV cache between agentic requests. Follow-up edits to the same files in one session read cached tokens at under $0.05/1M instead of re-ingesting the full context.
SWE-bench Multilingual leadership: Composer 2 outperforms GPT-4o and Claude Sonnet 3.7 on this benchmark, which tests multi-file edits across Python, Java, Go, Rust, and TypeScript — not just synthetic toy problems.
General reasoning dropped by design: Non-coding knowledge was excised during training. The model is intentionally limited outside code — ask it about system architecture or documentation and it will redirect you to a general-purpose model.

Why builders should care

At 1,000 Composer requests per day — a realistic number for any team running overnight refactors or CI-triggered context expansions — moving from Claude Sonnet at $3/1M to Composer 2 at $0.50/1M cuts input costs by 83%. Teams that spent $90/month on proxied frontier model tokens in 2025 can run the same agentic coding volume for roughly $15/month. That delta matters most for solo operators and small teams without enterprise AI budgets who are paying out-of-pocket for agentic coding pipelines.

The KV cache amplifies the savings further. In a long session where Cursor reuses cached repo context across 20–30 sequential edits, effective per-token cost on the cache-hit portion drops below $0.10/1M. The practical result: a codebase-wide refactor that cost $4 in tokens last year costs under $0.50 today. Cost-sensitive workloads — background agents, automated PR reviews, multi-step migration scripts — benefit most.

What changes in your workflow

Model routing is automatic from Cursor 2.0+: Composer defaults to Composer 2. If you previously hardcoded claude-sonnet-3-7 or gpt-4o in the Cursor model selector, reset it to Auto or explicitly choose Cursor Composer 2 in Settings → AI → Composer Model.
No API key changes for standard subscribers: Composer 2 is internal to the IDE on Cursor's Pro and Business plans. If you use Cursor's API for CI integrations, verify the cursor.composer.model field in your project config points to composer-2.
Cache read tokens appear separately in billing: The Cursor billing dashboard now distinguishes "cache read" from "input" tokens. Expect cache reads to dominate the token breakdown in sessions that edit the same files repeatedly.
Route non-code questions to Cursor Chat, not Composer: Composer 2 is intentionally blunt on architecture discussions and documentation. Use the full-context Chat models (Claude or GPT-4o, selectable in the chat panel) for anything requiring general reasoning.

Check your Cursor version and confirm the model selector with:

# Confirm you're on Cursor 2.0+
cursor --version
# → Cursor 2.0.x (Composer 2 is the default Composer model from 2.0 onward)

# List available Composer models via CLI (Cursor 2.0+)
cursor models --composer

5 action items for this week

Update Cursor to 2.0 or later. Run cursor --version in a terminal. If you're on 1.x, download the latest from cursor.sh — Composer 2 ships only with 2.0+.
Switch Composer's model to "Cursor Composer 2" in Settings → AI → Composer Model. "Auto" already routes there on 2.0, but explicit selection ensures you don't fall back to a proxied frontier model on timeout.
Check your Cursor billing dashboard at cursor.sh/billing. Look at the per-model token breakdown. If you see a large "Claude Sonnet" input line still accumulating, your Composer is not on 2.0 yet — update and reverify.
Keep Claude or GPT-4o active in Cursor Chat (not Composer) for architecture discussions, inline documentation, and general Q&A. Set your preferred chat model in Settings → AI → Chat Model so the fallback is explicit.
Benchmark your heaviest refactor case. Run Composer 2 on the most context-intensive multi-file task you do regularly and compare output quality and token cost against your Claude Sonnet baseline. SWE-bench Multilingual predicts it will win on edit-heavy tasks; verify it holds on your actual codebase.

What to watch next

Cursor's move to a proprietary code-only model puts direct pricing pressure on every AI coding tool that still proxies frontier models. The $0.50/1M vs $3–8/1M gap is now a hard TCO argument in enterprise procurement conversations. If your team is actively evaluating which AI editor to standardize on, see our 10 Best Cursor Alternatives in 2026 roundup — several tools there still rely on OpenAI or Anthropic proxies, and the cost comparison looks different today than it did six months ago.

The RL-from-code-feedback methodology Cursor uses is also worth tracking. Specialized models trained on real bug-fix and PR-diff data are consistently outperforming general-purpose frontier models on coding benchmarks. For a broader view of where agentic coding tooling is headed, the Claude Code /advisor deep dive covers strategic planning layers on top of code-only execution.

FAQ

Is Cursor Composer 2 cheaper than routing through Claude Sonnet via the Cursor API?

Yes, by a factor of 6×. Composer 2 costs $0.50/1M input tokens. Claude Sonnet 3.7 — which Cursor previously proxied — runs at $3/1M input via Anthropic's API. At 10M tokens/month, that's $5 vs $30 in input costs alone, before counting cache-read savings that push Composer 2's effective cost lower still in long sessions.

Does Cursor Composer 2 work well with non-TypeScript codebases?

Yes. The SWE-bench Multilingual benchmark that Composer 2 leads on explicitly tests Python, Java, Go, Rust, and C++ alongside TypeScript. The continued pre-training corpus spans multiple languages, and the RL phase trains on real multi-language edit data from open-source repositories. Performance on TypeScript/Next.js will likely remain the highest-tested case, but Python and Go codebases should see competitive results.

When should I use Cursor Chat instead of Cursor Composer 2?

Use Composer 2 for any task that produces code: file edits, multi-file refactors, test generation, and migration scripts. Switch to Cursor Chat (Claude or GPT-4o) for architecture decisions, writing documentation, explaining third-party library internals, or any question where general reasoning matters. Composer 2 is trained to produce correct code edits, not to reason about system design — the model will redirect you if you try to use it outside that scope.

This article was originally published on NextFuture. Follow us for more fullstack & AI engineering content.

Fix Claude Code Terminal Flicker: NO_FLICKER Config (May 2026)

BeanBean — Sun, 03 May 2026 11:00:00 +0000

Fix Claude Code Terminal Flicker: NO_FLICKER Config (May 2026)

Symptom

You launch claude, start typing, and the bottom three lines of the screen — model badge, token meter, working-directory hint — strobe at roughly 30 Hz. Cursor jumps. Long output looks like it's tearing. The faster you type, the worse it gets.

$ claude
> refactor apps/worker/src/scheduler.ts
[blink][blink][blink]   ← status line redrawing
sonnet-4-6 │ 12,488 tok │ ~/news-app

This started showing up widely after the 2.5.x release in March 2026 when Anthropic added the live token meter to the bottom chrome. It's not in your head.

Cause

The TUI uses an alt-screen + per-frame diff. Two things conspire:

Status line refresh interval defaults to 100 ms while a stream is active.
Narrow terminals (<100 cols) force the status line to truncate-and-rewrap on every paint.

Combined, you get a full-line clear-and-rewrite at 10 Hz, which exposes any latency in your emulator's damage tracking. Alacritty and Windows Terminal default settings are most prone; iTerm2 and Kitty hide it well.

Fix in 30 seconds

export CLAUDE_CODE_NO_FLICKER=1
claude

NO_FLICKER=1 tells the TUI to redraw the status line only on token boundaries (every ~512 tokens) instead of every frame. You lose the smooth token-meter animation; you keep your eyesight.

If flicker persists, widen the terminal:

tput cols    # check current width
#  explain the difference between RSC and SSR in 1500 words

# status line should redraw smoothly, no strobe
# token meter increments in steps, not every frame

If you still see strobing, run claude --debug 2>tui.log and grep for render. A render time >16 ms per frame means the bottleneck is your emulator, not Claude Code.

FAQ

Does CLAUDE_CODE_NO_FLICKER=1 disable any features?

Only the smooth animation of the live token meter. Numbers still update — just in chunks instead of every frame. No functional features (slash commands, MCP, hooks) are affected.

Why does flicker only happen on narrow terminals?

The status line truncates and rewraps when columns drop below ~100. The rewrap path clears the whole line; the wide-line path only updates changed cells. Different code paths, different paint cost.

Will tmux make the flicker worse?

Sometimes. tmux's aggressive-resize on plus a small pane forces extra redraws. Either set aggressive-resize off in ~/.tmux.conf or run Claude Code in a full-window pane.

Is the flicker an Anthropic bug or a terminal bug?

Both. Anthropic's status line redraws more aggressively than necessary; many emulators have suboptimal damage tracking. CLAUDE_CODE_NO_FLICKER=1 is the official escape hatch while a proper fix is being shipped through the 2.7 release branch.

This article was originally published on NextFuture. Follow us for more fullstack & AI engineering content.

Claude Code /advisor vs claude-code-router: Which Routing Strategy Wins (May 2026)

BeanBean — Sun, 03 May 2026 05:00:02 +0000

Claude Code /advisor vs claude-code-router: Which Routing Strategy Wins (May 2026)

Both tools answer the same question — which model should run this turn? — but they answer it from very different layers. This post walks through what each does, when each wins, and a decision matrix you can paste into your team's playbook.

What is /advisor

/advisor is a first-party slash command shipped with Claude Code (Anthropic's CLI). It inspects the active conversation — file diffs, tool calls, context size, prior thinking depth — and recommends one of the three Anthropic tiers. It runs in-process, no proxy needed.

$ claude
> /advisor

Recommendation: sonnet-4-6
Reason: 12 file edits queued, codebase 60k → deepseek/deepseek-v3-0526
[router] background → qwen/qwen3-coder-plus

Routing rules live in ~/.claude-code-router/config.json. The router intercepts the wire protocol, so Claude Code itself never knows it's not talking to Anthropic.

Architectural differences

Layer: /advisor runs inside the CLI. The router runs as a sidecar on the network path.
Vendor scope: /advisor is Anthropic-only. The router is multi-vendor.
Decision input: /advisor sees full conversation state (tool calls, edits, thinking). The router sees only request size, headers, and a model tag.
Failure mode: /advisor degrades gracefully (it just suggests). The router is in the request path — if it crashes, every turn fails.
Cost telemetry: /advisor reports against your Anthropic spend. The router needs you to wire your own logging (Helicone, Langfuse, etc.).

When /advisor wins

Pick /advisor when you want zero ops overhead, deterministic billing, and the latest Anthropic features (computer use, code execution tool, MCP cache). It's also the only routing layer that can use the conversation's actual content — claude-code-router can't tell whether your turn is a one-line typo fix or a 600-line refactor.

If your team standardized on Claude Opus 4.5 / Sonnet 4.6 / Haiku 4.5, /advisor typically saves 30-50% on monthly spend by demoting trivial turns to Haiku. See the Claude Code /advisor command deep-dive for the full rule table.

When router wins

Pick claude-code-router when:

You want to use DeepSeek V3 or Qwen3-Coder for bulk codegen and pay $0.27 / Mtok input instead of $3.
You're on the Pro plan ($20/mo) and want to spill overflow to OpenRouter.
You need air-gapped inference via Ollama for compliance.
You want different models for longContext, background, and think phases — the router exposes these hooks; /advisor does not.

Decision matrix

Use /advisor if:
  - 100% Anthropic, want lowest config friction
  - Need conversation-aware model picking
  - Want first-party support & SLA

Use claude-code-router if:
  - Mixing Anthropic + DeepSeek/Qwen/GLM
  - Need cost arbitrage on long-context turns
  - Want air-gapped or self-hosted fallback
  - OK running a sidecar process

Use BOTH if:
  - Run /advisor for Anthropic-tier picking,
    then router for vendor-tier fallback when
    rate limits hit. Stack: CLI → /advisor →
    router → provider.

In practice, most indie hackers we surveyed in April 2026 ran /advisor alone. Teams burning >$2k/month on Claude Code reached for the router to capture DeepSeek's price floor on bulk refactors.

FAQ

Can I use /advisor and claude-code-router together?

Yes. Set ANTHROPIC_BASE_URL to the router and let /advisor emit a model tag the router then maps. Just confirm your router config has rules for opus-4-5, sonnet-4-6, and haiku-4-5.

Does /advisor work with non-Anthropic models?

No. As of May 2026, /advisor only ranks across opus-4-5, sonnet-4-6, and haiku-4-5. For cross-vendor routing you need the community router or a custom MCP gateway.

Which is cheaper, /advisor or claude-code-router?

For Anthropic-only stacks, /advisor is usually 5-15% cheaper because it picks Haiku 4.5 more aggressively than humans do. For mixed stacks, the router wins by routing 60-80% of turns to DeepSeek V3 at one-tenth the price.

Will /advisor replace claude-code-router?

Unlikely in 2026. Anthropic has no roadmap commitment to non-Anthropic routing inside the CLI. The router fills a real gap and the community is shipping faster than Anthropic on multi-vendor features.

This article was originally published on NextFuture. Follow us for more fullstack & AI engineering content.

Claude Code /advisor Recipes: 5 Use Cases with Real Output (May 2026)

BeanBean — Sun, 03 May 2026 05:00:00 +0000

Claude Code /advisor Recipes: 5 Use Cases with Real Output (May 2026)

The /advisor command is the lowest-friction way to put the right Claude tier on the right job. Below are five recipes I've run on shipping repos in April-May 2026. Outputs are trimmed for brevity but preserve the structure.

Setup

You need Claude Code v2.6+ and an active Anthropic API key or Pro subscription:

claude --version
# claude-code 2.6.3 (build 2026.04.18)

claude config get advisor.enabled
# true

For all recipes below, run claude from the repo root, then issue the slash command shown.

Recipe 1: Refactor a 600-line file

💡 Gợi ý tool: Nếu bạn đang triển khai tương tự, Ranked.ai — AI-powered SEO & PPC service — fully managed, white hat, and built for modern search engines. Starting at $99/month..

> /advisor refactor apps/worker/src/scheduler.ts \
    --goal "split into per-job modules, no behavior change"

[advisor] file: 612 lines, 14 imports, 9 exported fns
[advisor] picked: opus-4-5  (complexity=high, edits>200)
[advisor] plan:
  1. Extract job registry → jobs/registry.ts
  2. Move cron parsing → utils/cron.ts
  3. Split run loop → core/run-loop.ts
  4. Keep scheduler.ts as thin orchestrator (~80 lines)
Apply? [y/N]

Lesson: /advisor escalates to Opus when edits cross multiple files. It also emits a plan you can edit before applying — that single prompt saved roughly 20 minutes of manual chunking.

Recipe 2: Generate Vitest tests for an API route

> /advisor test apps/nextfuture/src/app/api/v1/posts/route.ts \
    --framework vitest --coverage 80

[advisor] picked: sonnet-4-6  (complexity=medium)
[advisor] generated: 7 tests
  ✓ POST returns 401 without X-API-Key
  ✓ POST returns 429 after 60 req/min
  ✓ POST validates body via zod schema
  ✓ POST inserts row and returns 201
  ✓ GET paginates with default limit=10
  ✓ GET respects ?page=&limit= params
  ✓ GET returns empty array on no rows
[advisor] coverage: 86% lines, 78% branches

Lesson: Pin --framework explicitly. Without it, /advisor guesses Jest if it sees jest.config.js in any ancestor directory, which can mismatch your real test runner.

Recipe 3: Write JSDoc for a utility lib

> /advisor docs packages/database/src/dm-v2/*.ts --style typedoc

[advisor] picked: haiku-4-5  (complexity=low, mechanical)
[advisor] modified 6 files, +218 lines of JSDoc
[advisor] sample (canonical-key.ts):
  /**
   * Compute the canonical key for a product variant.
   * @param raw - Untrimmed product name from retailer feed.
   * @returns Lowercase, slug-safe identifier (≤64 chars).
   * @example
   *   canonicalKey("iPhone 17 Pro Max — 256GB")
   *   // → "iphone-17-pro-max-256gb"
   */

Lesson: Documentation is the killer Haiku 4.5 use case — three times cheaper than Sonnet, and quality is indistinguishable for @param/@returns emission. /advisor recognizes this and demotes automatically. See the Claude Code /advisor command deep-dive for the full demotion rule table.

Recipe 4: Port an Express route to Hono

> /advisor port apps/worker/src/routes/trigger.ts \
    --from express --to hono

[advisor] picked: sonnet-4-6
[advisor] diff preview (truncated):
- import { Router } from "express";
- const router = Router();
- router.post("/trigger/:jobId", async (req, res) => {
-   const { jobId } = req.params;
-   ...
-   res.status(200).json({ ok: true });
- });
+ import { Hono } from "hono";
+ const app = new Hono();
+ app.post("/trigger/:jobId", async (c) => {
+   const jobId = c.req.param("jobId");
+   ...
+   return c.json({ ok: true });
+ });
[advisor] also rewrote: middleware (3), error handler (1)

Lesson: Framework ports are deterministic enough that Sonnet 4.6 nails them. /advisor won't pick Opus here unless the file imports a framework-specific plugin Sonnet doesn't recognize.

Recipe 5: Debug a flaky test

> /advisor debug \
    "Vitest 'auto-publish picks oldest pending' fails 1/10 runs" \
    --file apps/worker/src/jobs/auto-publish.test.ts

[advisor] picked: opus-4-5  (complexity=diagnostic)
[advisor] hypotheses ranked:
  1. (0.71) Date.now() mocked in fixture but not awaited
  2. (0.18) Postgres index scan order non-deterministic
  3. (0.08) Redis SCAN cursor reset between runs
  4. (0.03) Vitest concurrent=true reorders setup
[advisor] suggested fix:
  - vi.useFakeTimers({ now: new Date("2026-05-01T00:00:00Z") })
  - await vi.runAllTimersAsync() before assertion

Lesson: For diagnosis, Opus 4.5's deeper reasoning is worth the cost. /advisor's ranked hypotheses gave the right root cause first try; the fake-timer fix landed in one commit.

When recipes break

Monorepos with workspace aliases: if tsconfig.json paths aren't resolvable from the file, /advisor may misclassify complexity. Run from the workspace root.
Files > 2000 lines: /advisor truncates at the context limit; pre-split first.
Generated code: if the file has a // AUTOGENERATED banner, /advisor refuses by default. Override with --allow-generated.
Hooks blocking edits: a PreToolUse hook that blocks Write will block /advisor's apply step. Check ~/.claude/settings.json when you see BLOCKED in output.

FAQ

Does /advisor work without internet access?

No. /advisor calls the Anthropic API to score complexity. There is no offline mode as of May 2026.

How do I stop /advisor picking Opus 4.5 too often?

Set "advisor": { "maxTier": "sonnet-4-6" } in ~/.claude/settings.json. /advisor will cap recommendations at Sonnet and warn when a turn would benefit from Opus.

Can /advisor run inside CI?

Yes. Use claude --advisor=auto --task "..." with ANTHROPIC_API_KEY set as a secret. CI runs are non-interactive and write the chosen tier to stdout for logging.

What if /advisor returns nothing?

Usually a context-window overflow or an MCP server holding stale state. Run /clear, restart the CLI, and retry. If it persists, --debug will print the rejection reason.

This article was originally published on NextFuture. Follow us for more fullstack & AI engineering content.

Claude Code /advisor Troubleshooting: 8 Errors and Fixes (May 2026)

BeanBean — Sat, 02 May 2026 23:00:02 +0000

Claude Code /advisor Troubleshooting: 8 Errors and Fixes (May 2026)

Quick diagnostic checklist

Before grepping the table below, run these three:

claude --version                       # 2.6+ required
claude doctor                           # checks auth, MCP, hooks
echo $ANTHROPIC_API_KEY | head -c 12   # sanity-check the key

Most /advisor failures fall out of claude doctor immediately. If not, match symptoms below. For background on what /advisor actually does, see the Claude Code /advisor command deep-dive.

1. "model not found"

Error: model "claude-3-5-opus" not found
  at AdvisorCommand.resolveModel (advisor.ts:118)

Cause: Stale config pinning a retired model alias. Anthropic deprecated claude-3-5-* in February 2026.

Fix:

claude config set advisor.opus   "claude-opus-4-5"
claude config set advisor.sonnet "claude-sonnet-4-6"
claude config set advisor.haiku  "claude-haiku-4-5"

2. MCP server conflict

Error: MCP server "filesystem" returned tool with name
"read_file" already provided by server "default"

Cause: Two MCP servers registering the same tool name. /advisor aborts because tool routing is ambiguous.

Fix: Edit ~/.claude/mcp.json and either remove the duplicate or namespace one with "toolPrefix": "fs_":

{
  "filesystem": {
    "command": "npx",
    "args": ["-y", "@modelcontextprotocol/server-filesystem", "/repo"],
    "toolPrefix": "fs_"
  }
}

3. Rate limit 429

Error 429: rate_limit_error — input tokens per minute exceeded
  Retry-After: 38s

Cause: /advisor ran twice in quick succession on a large file, each scoring + acting. Pro tier hits ITPM ceilings around 80k/min.

Fix: add a backoff and a cap:

claude config set advisor.maxConcurrent 1
claude config set advisor.backoffMs 2000

4. Context window exceeded

Error: prompt is 218,402 tokens; max for sonnet-4-6 is 200000

Cause: Stuffed conversation, often after pasting log output or running /advisor on a giant file plus an active MCP doc-load.

Fix: compact the context, then retry:

/clear           # nuke the session
# OR
/compact         # summarize and retain semantic gist
# OR pin to 1M-context Opus
claude --model claude-opus-4-5-1m /advisor ...

5. Auth token expired

Error 401: authentication_error — invalid x-api-key

Cause: OAuth session expired (Pro plan) or the env var got stomped by a shell rc that overrides ANTHROPIC_API_KEY.

Fix:

claude logout
claude login        # OAuth flow opens browser
# OR for API-key users:
export ANTHROPIC_API_KEY="sk-ant-..."   # pin in .envrc / direnv

6. Invalid permission mode

Error: permission "auto-accept-all" not allowed in advisor turns

Cause: Project .claude/settings.json sets a permission mode that conflicts with /advisor's preview-then-apply contract.

Fix: drop the override. /advisor needs at least plan mode so the user can accept the recommendation:

claude config set permissionMode plan

7. Hook blocking edits

[Hook] BLOCKED: File exceeds 800 lines (842 lines)
[Hook] Split into smaller modules
Error: PreToolUse hook denied Write to scheduler.ts

Cause: A guardrail hook in ~/.claude/settings.json rejects oversized writes. /advisor respects hooks — that's the point — so it bails.

Fix: let /advisor emit the refactor plan first, accept the file split, then the writes will all pass the 800-line gate:

/advisor refactor scheduler.ts --goal "≤ 800 lines per file"

8. Shell escape issues with quotes

$ /advisor "fix the bug in 'auto-publish' job"
Error: unexpected token '

Cause: Nested single quotes break the shell tokenizer before /advisor ever sees the string.

Fix: use the heredoc form, or escape:

/advisor "fix the bug in \"auto-publish\" job"
# OR
claude <<'EOF'
/advisor fix the bug in 'auto-publish' job
EOF

Where to file bugs

Anthropic accepts /advisor issues at github.com/anthropics/claude-code/issues. Include claude doctor output, the redacted slash invocation, and your ~/.claude/settings.json. Don't paste API keys.

FAQ

Where are Claude Code logs stored?

On macOS: ~/Library/Logs/Claude/. On Linux: ~/.local/state/claude/logs/. /advisor writes a JSONL line per recommendation including model picked, score, and apply outcome.

How do I downgrade Claude Code if /advisor breaks?

Pin a known-good version: npm i -g @anthropic-ai/claude-code@2.6.0. Anthropic keeps the last six minor releases on npm.

Does /advisor count as one or two API calls?

Two. The scoring call is small (~500 input tokens, Haiku-priced) and the action call runs at the recommended tier. The scoring overhead is ~1% of session cost.

Can a hook silently break /advisor?

Yes. A PreToolUse hook that mutates tool input without echoing it back will look like a hang. Always have your hook write to stdout on success and stderr on block.

This article was originally published on NextFuture. Follow us for more fullstack & AI engineering content.

Jotai vs Recoil 2026: The Atomic State Migration (Recoil Is Deprecated)

BeanBean — Sat, 02 May 2026 23:00:00 +0000

If you started a Recoil project between 2020 and 2023, this post is for you. Meta archived the Recoil repository, and the project no longer ships meaningful releases. Recoil is deprecated — do not start new projects with it. Jotai is the actively maintained spiritual successor with the same atomic mental model and better React 19 / Next.js 16 RSC compatibility.

For the wider state-management landscape, see our complete React state management guide. For when atomic state is even the right tool, read server state vs client state in React 2026 first — much of what people reach for atoms for is actually server state.

Why this comparison matters now

Recoil's last meaningful release was years ago. It still installs, it still works in React 18, but it has unresolved React 19 issues, no concurrent-rendering refinements, and Meta has publicly moved on. Choosing it for new code in 2026 is choosing to inherit a migration debt later.

Jotai (by Daishi Kato, also author of Zustand and Valtio) covers the same atomic ground: small primitive units of state, derived atoms, fine-grained subscriptions, no reducers required. It is actively maintained and has explicit React 19 / Suspense support.

API similarity, side by side

// Recoil
import { atom, selector, useRecoilState, useRecoilValue } from 'recoil'

const countAtom = atom({ key: 'count', default: 0 })
const doubledSelector = selector({
  key: 'doubled',
  get: ({ get }) => get(countAtom) * 2,
})

function Counter() {
  const [count, setCount] = useRecoilState(countAtom)
  const doubled = useRecoilValue(doubledSelector)
  return  setCount(count + 1)}>{count} ({doubled})
}

// Jotai
import { atom, useAtom, useAtomValue } from 'jotai'

const countAtom = atom(0)
const doubledAtom = atom((get) => get(countAtom) * 2)

function Counter() {
  const [count, setCount] = useAtom(countAtom)
  const doubled = useAtomValue(doubledAtom)
  return  setCount(count + 1)}>{count} ({doubled})
}

Same model. Jotai removes the key string requirement (it uses object identity), drops the artificial atom vs selector split, and ships smaller. Anyone fluent in Recoil is productive in Jotai inside an hour.

What Jotai improved

No string keys. Atom identity is the JS reference. No more "duplicate atom key" runtime errors.
Unified primitive. Read-only, write-only, and derived atoms are all just atom(...).
Async atoms with Suspense. An async atom getter integrates cleanly with <Suspense> boundaries in React 19.
Smaller bundle. Jotai core is roughly half the size of Recoil.
Active ecosystem. jotai/utils, jotai-tanstack-query, jotai-zustand, devtools — actually shipping.
Better RSC story. jotai/react works in Next.js 16 App Router with documented per-request store patterns.

What Recoil had that Jotai lacks

Honest accounting: Recoil's atomFamily and selectorFamily were elegant for parametric atoms. Jotai's atomFamily from jotai/utils covers the same ground but with slightly different semantics around equality and cleanup. Recoil's snapshot/transaction APIs (useRecoilCallback, snapshots) had no exact 1:1 in Jotai for a while; useAtomCallback and the imperative store API close most of that gap in 2026.

Migration cheatsheet

atom({ key: 'x', default: v }) → atom(v)
selector({ key: 'd', get: ({get}) => ... }) → atom((get) => ...)
useRecoilState(a) → useAtom(a)
useRecoilValue(a) → useAtomValue(a)
useSetRecoilState(a) → useSetAtom(a)
atomFamily({ key, default }) → atomFamily((param) => atom(...)) from jotai/utils
<RecoilRoot> → <Provider> from jotai (or omit for the default global store)

For a typical Recoil codebase, a focused codemod plus a half-day cleanup pass per medium app is realistic. Atom families and snapshot-heavy code take longer.

RSC and Suspense compatibility

In Next.js 16 App Router, atoms only live in Client Components. Wrap the client tree once:

// app/providers.tsx
'use client'
import { Provider, createStore } from 'jotai'
import { useState, type ReactNode } from 'react'

export function JotaiProvider({ children }: { children: ReactNode }) {
  const [store] = useState(() => createStore())
  return 
{children}
}

Async atoms suspend correctly inside React 19's <Suspense> boundaries. Recoil's async story still produces stale-snapshot warnings under React 19's stricter concurrent semantics in many real codebases.

Bundle size

Jotai core: ~3-4kb gzipped.
Recoil: ~14-16kb gzipped (and frozen in time).

For a single-page app where atomic state is the core architecture, that delta compounds across every route.

Verdict

If you have new work, pick Jotai. If you have an existing Recoil app, plan the migration before React 20 — leaving a deprecated dependency in a critical path is a debt that only compounds. The API is similar enough that the rewrite is mostly mechanical, and you finish with a smaller, faster, actively maintained codebase.

FAQ

Is Recoil officially deprecated?

The Recoil repository was archived by Meta in early 2025 and the project no longer receives meaningful updates. The community has accepted Jotai as the successor for atomic state in React.

Can Jotai replace Recoil 1:1?

For 90% of patterns, yes — including atoms, selectors, atom families, async, and writable derived state. Snapshot-heavy code (useRecoilCallback with full snapshots) needs more thought.

Does Jotai work with React Server Components?

Yes, on the client side. Atoms only live in Client Components. Use a per-request createStore() in Next.js App Router to avoid cross-request state leaks.

Is Jotai smaller than Zustand?

They are in the same weight class, low single-digit kilobytes gzipped. Choose based on the mental model: atoms (Jotai) vs single store with selectors (Zustand). Both are excellent.

Should I pick Jotai over TanStack Query?

They solve different problems. Jotai is for client state (UI, derived values). TanStack Query is for server state (cache, refetch, invalidation). Use both.

This article was originally published on NextFuture. Follow us for more fullstack & AI engineering content.

Zustand vs Redux 2026: 8 Real-World Differences (Bundle, DX, Perf)

BeanBean — Sat, 02 May 2026 17:00:02 +0000

Picking a state library in 2026 is no longer a religious war. It is a budget question. Bundle bytes are billed against your LCP. Boilerplate is billed against your team's velocity. Here is how Zustand and Redux Toolkit actually compare on the eight things that matter once you ship to production.

If you want the broader landscape — Jotai, Valtio, TanStack Query, signals — read our complete React state management guide first.

TL;DR

New project? Pick Zustand. Smaller bundle, less ceremony, ergonomic with TypeScript and React 19.
Existing RTK + RTK Query app with experienced team? Stay. Migration cost rarely beats the tax of dual paradigms.
Need time-travel debugging or strict event-sourced patterns? Redux still wins.

1. Bundle size

The honest comparison is zustand vs @reduxjs/toolkit + react-redux, because nobody ships hand-rolled Redux anymore.

Zustand 4.5.x: ~3-4kb gzipped, zero peer deps beyond React.
Redux Toolkit + react-redux: ~17-19kb gzipped (Immer, Reselect, Redux core, RTK bindings).

On a 150kb landing-page JS budget, that delta is real. On a 300kb app shell, it is rounding error. Decide accordingly.

2. Boilerplate, side by side

A simple counter store, both libraries.

// Zustand
import { create } from 'zustand'

type CounterState = {
  count: number
  increment: () => void
  reset: () => void
}

export const useCounter = create((set) => ({
  count: 0,
  increment: () => set((s) => ({ count: s.count + 1 })),
  reset: () => set({ count: 0 }),
}))

// Usage
function Counter() {
  const count = useCounter((s) => s.count)
  const increment = useCounter((s) => s.increment)
  return {count}
}

// Redux Toolkit
import { configureStore, createSlice, type PayloadAction } from '@reduxjs/toolkit'
import { Provider, useDispatch, useSelector } from 'react-redux'

const counterSlice = createSlice({
  name: 'counter',
  initialState: { count: 0 },
  reducers: {
    increment: (state) => { state.count += 1 },
    reset: (state) => { state.count = 0 },
  },
})

export const { increment, reset } = counterSlice.actions
export const store = configureStore({ reducer: { counter: counterSlice.reducer } })
export type RootState = ReturnType
export type AppDispatch = typeof store.dispatch

Zustand: one file, one hook. Redux Toolkit: slice, store, typed hooks, provider wrap. RTK trimmed the worst of classic Redux, but Zustand removed the ceremony entirely.

3. DevTools

Redux DevTools is the gold standard: action log, time travel, state diff, dispatch replay. Zustand integrates with the same extension via a one-line middleware:

import { devtools } from 'zustand/middleware'
export const useCounter = create()(
  devtools((set) => ({ count: 0, increment: () => set((s) => ({ count: s.count + 1 })) }))
)

You get action names and state snapshots, but Redux's strict event-sourced model produces a more meaningful history when bugs are deep.

4. Middleware

Redux has a mature middleware ecosystem: redux-thunk, redux-saga, redux-observable, listenerMiddleware. Zustand ships persist, devtools, immer, and subscribeWithSelector out of the box. For 90% of apps that is enough. For complex effect orchestration (long-lived sagas, cancellation graphs), Redux remains the better fit.

5. Async and server data

Both libraries are bad places to put server data. Use TanStack Query or RTK Query instead. We dig into the dichotomy in server state vs client state in React 2026.

If you must do async in the store, Zustand is honest about it — write a normal async function inside create:

export const useUser = create((set) => ({
  user: null,
  loading: false,
  fetchUser: async (id) => {
    set({ loading: true })
    const res = await fetch(`/api/users/${id}`)
    set({ user: await res.json(), loading: false })
  },
}))

6. TypeScript inference

Zustand's create<State>()(...) infers selectors and actions cleanly. RTK's createSlice requires explicit RootState and AppDispatch types and typed wrapper hooks (useAppDispatch, useAppSelector). Both are type-safe; Zustand requires fewer ceremonial types.

7. Server state interaction (Next.js 16 RSC)

In the App Router, neither store touches Server Components. Both work fine in Client Components. Zustand 4.5+ supports per-request stores via the documented context pattern, which avoids cross-request bleed in Node.js. RTK requires the same pattern with a custom makeStore() per request.

8. Real migration cost

Migrating an RTK app to Zustand is not free. Slices map cleanly to stores, but RTK Query, listener middleware, and selectors with reselect-style memoization all need rewrites. Budget 1-3 weeks per app for a serious codebase. If your team already knows RTK and uses RTK Query, the math rarely favors a rewrite — invest that time in the next feature instead.

Decision matrix

Greenfield app, small-to-mid team: Zustand + TanStack Query.
Large RTK Query codebase: Stay on RTK, no upside in switching.
Heavy event-sourced domain (collaborative editor, finance): Redux.
Bundle-sensitive landing or marketing site: Zustand or no store at all.
Need built-in caching, mutations, optimistic updates: RTK Query or TanStack Query — not the store.

FAQ

Is Redux dead in 2026?

No. Redux Toolkit is actively maintained and remains the default in many enterprise codebases. It lost mindshare for new projects, not relevance for existing ones.

Should I migrate an existing Redux Toolkit app to Zustand?

Almost never as a standalone project. Migrate only if you are already doing a major rewrite and the bundle savings or velocity gains pay back the engineering hours.

Does Zustand work with React Server Components?

Yes, in Client Components. Use the per-request store pattern in Next.js App Router to avoid sharing state across requests on the server.

Which is faster, Zustand or Redux?

Both are fast enough that real-world performance differences come from selector design, not the library. Use granular selectors and shallow equality, regardless of choice.

Can I use both in the same app?

Technically yes, practically no. Pick one client-state library and pair it with TanStack Query or RTK Query for server state.

This article was originally published on NextFuture. Follow us for more fullstack & AI engineering content.