Vercel Breach, Opus 4.7 Token Economics & MCP Future
Vercel breach, Opus 4.7 token economics, MCP future
A quieter agentic/code day dominated by two parallel stories: Simon Willison's continued autopsy of Opus 4.7's token costs, and the Vercel security breach — an AI-accelerated attack that chained through a third party (Context.ai) into multiple companies. AIE Miami kicked off and swyx confirmed the State of the Claw talk is outperforming TED on YouTube.
Agentic & code AI
Opus 4.7 costs more tokens than 4.6
Simon Willison upgraded his token-counting tool to compare models side-by-side and found Opus 4.7 uses ~1.46× more tokens for text than 4.6 at the same per-token price — effectively a price bump for "more efficient reasoning."
- Initial post + tool (Apr 20, 00:54 UTC)
- Blog: claude-token-counts
- Correction thread: the initial "3× more for images" claim was due to 4.7 handling higher resolutions. At matched resolution (682×318), it's ~1% difference — clarification, plus Simon community-noting his own tweet to fix it.
Theo independently noticed the pricing oddity: "4.7 was slightly cheaper than 4.6, even though input token cost nearly doubled and output costs fully doubled. Much more efficient reasoning." Combined, these two threads suggest: 4.7's per-token price is flat to down, but it burns more tokens per task, and the net spend goes up for verbose/visual workloads.
Anthropic system prompt diff + tool descriptions request
Simon published notes on the Opus 4.6 → 4.7 system prompt diff (blog) and followed up with a public plea to Anthropic to publish tool descriptions alongside system prompts:
"The biggest challenge of using chat-based AI systems is that the details of what they can do are invisible — those tool descriptions are the missing manual."
MCP Future keynote at AIE Miami
swyx RT'd the MCP Future keynote by @dsp_. Key themes worth watching:
- MCP framed as the most successful AI integration protocol to date
- MCP Apps (packaged apps on top of MCP)
- Progressive discovery via tool search
- Programmatic tool calling / "code mode" (@threepointone's framing)
- Explicit contrast with Skills and CLIs — three competing surfaces for agent capability
swyx separately celebrated State of the Claw beating TED on YouTube — a technical talk on security advisories and maintainer burnout out-performing the storytelling circuit.
Agent-to-agent comms in CMUX
LLMJunky flagged a concrete pattern for multi-agent harnesses: @nummanali's CMUX agent-to-agent feature where Codex and Claude Code talk to each other through an XML message protocol declared in AGENTS.md. This is one of the first public implementations of cross-harness comms in a general CLI.
LLMJunky also posted continued Codex Superapp feedback: Custom Instructions → AGENTS.md, GPT 5.4 Pro picker, editable file viewer, handoff to cloud session — an ongoing punch list.
Fun side use: Codex → coloring-book pages from camera roll for his kids.
Document parsing — Opus 4.7 ParseBench bump, LiteParse
Jerry Liu confirmed Opus 4.7 is a meaningful step up on document understanding via ParseBench (previously reported: 13.5% → 55.8% on charts; Layout regressed; ~$0.07/page). He also promoted LiteParse, a model-free open-source parser now at 4.3K+ stars with 50+ formats and one-shot agent-skill install for Claude Code / Cursor.
T3 Code ban reversed
Theo confirmed the Anthropic ban on Luke's account was an error and has been reinstated — T3 Code users are safe to keep using Claude. Clean close on yesterday's drama.
Matt Pocock teaser
Quiet day otherwise, but he's queued AI Coding videos for the week focused on "simple ideas that resolve questions I get asked regularly."
Security (AI-adjacent, worth your attention)
Vercel got pwned
Primary victim: Vercel. Method: compromised credentials from multiple employees, entry vector appears to be Context.ai.
- Theo's credibility signal and initial triage: "Env vars marked as sensitive are safe. Ones NOT marked as sensitive should be rolled out of precaution. The method of compromise was likely used to hit multiple companies other than Vercel."
- LLMJunky's rotate-secrets warning
- Mitsuhiko asking the right question: how did they get creds from multiple employees — secret vault?, followed by a dry SOC 2 jab
- Vercel's full post-mortem from @rauchg (RT'd by Theo, link): breach came via Context.ai employee compromise, attacker "significantly accelerated by AI", sensitive env vars untouched, specific non-sensitive ones enumerated.
- Theo praising the response: notification within minutes, no throwing third parties under the bus. His outlook: "Incidents like this are never easy. We're going to start seeing more and more of them as LLMs get more powerful."
Recommended action if you're on Vercel: rotate non-sensitive env vars as a precaution.
Other
Three-way tie on Artificial Analysis
Theo notes all three major labs are tied on Artificial Analysis for the first time.
Simon on Datasette → Google Sheets
TIL for the Datasette crowd: Google Sheets can import Datasette JSON via importdata() + Apps Script.
Steipete RT — local GPU inference on agent harnesses
Local-inference-for-agents benchmarking in progress on OpenClaw with vllm/gemma-e4b, llama-swap, LM Studio, Ollama.
T3 Code hits 50K users
Theo asking the room: 50K users, 9.6K GitHub stars — enough to start raising?
Quiet today
Karpathy, trq212, bcherny, leerob, and potetotes posted nothing substantive in the window. The lifting this cycle came from Simon, Theo, Jerry, and LLMJunky.