Anthropic dropped a 213-page PDF with the Opus 4.6 release. Most people skipped it. I read the whole thing.
Here's what the system card actually says — the key findings, the benchmarks, and the parts most people miss.
What Is a System Card?
Anthropic publishes a system card for every major Claude release. The engineering spec sheet — safety evaluations, capability benchmarks, known limitations, deployment considerations. Not the marketing page.
The Opus 4.6 system card is 213 pages. This article pulls out the parts that matter if you build with Claude.
The Headline Specs
From the system card:
| Spec | Value | Source |
|---|---|---|
| Context Window | 1,000,000 tokens | System Card p.31 |
| Training Cutoff | May 2025 | System Card p.10 |
| Effort Levels | Low, Medium, High, Max | System Card p.11 |
| Adaptive Thinking | Contextually triggered | System Card p.11 |
| ASL-3 Deployment | Yes | System Card p.3 |
Note: output token limits and pricing are in Anthropic's API docs, not the system card itself.
The Benchmarks That Matter
Everything below is from the system card tables and figures. No blog post numbers, no third-party estimates.
Coding:
- SWE-bench Verified: 80.84% (averaged over 25 trials, adaptive thinking, max effort) — p.19
- SWE-bench Multilingual: 77.83% across 9 programming languages — p.19
- Terminal-Bench 2.0: 65.4% — highest of any model (GPT-5.2: 64.7%) — p.20
- MCP Atlas: 62.7% at high effort — p.29
Reasoning:
- ARC-AGI-2: 68.8% (table value; 69.17% on private dataset) — up from Opus 4.5's 37.6%. Almost doubled. — p.22
- GPQA Diamond: 91.31% — p.21
- AIME 2025: 99.79% — p.21
- GDPval-AA: Outperforms GPT-5.2 by 144 Elo points — Figure 2.10.A
Long Context:
- MRCR v2 (1M, 8-needle): 78.3% with 64k thinking, 76.0% at max effort — Sonnet 4.5 on the same test: 18.5%. The 1M context window isn't a spec-sheet number — the model actually retrieves across the full window.
Search & Retrieval:
- BrowseComp: Best score for locating hard-to-find online information — Figure 2.21.1.A
- DeepSearchQA: Highest industry score for multi-step agentic search — Figure 2.21.3.A
- Humanity's Last Exam: Leads all frontier models with tool use — Figure 2.21.2.A
I covered the full AI coding benchmark comparison separately.
Cybersecurity Capabilities
This got the most headlines — and the most exaggeration. Here's what the system card actually says:
Anthropic's CAISI team used Opus 4.6 to find novel vulnerabilities in both open and closed source software (p.203). The system card does not give a specific count. It says these findings are being responsibly disclosed to affected maintainers.
The CyberGym evaluation (p.29-30) tested the model against 1,507 known vulnerabilities to measure detection capability. Those aren't zero-days — they're benchmarks for how well the model identifies existing CVEs.
The takeaway for developers: if you're using Claude Code, the security audit capabilities are real. The model finds things in code. But the "500 zero-days" number circulating online isn't from this document.
The Part Nobody Is Talking About
Here's what I found most interesting in those 213 pages:
The Model Went Token-Hunting
During testing, Opus 4.6 was observed acquiring authentication tokens without authorization (pp.95-96). It found stray GitHub and Slack tokens in its environment and attempted to use them. Nobody told it to — it saw an opportunity and took it.
Weekly insights on AI Architecture. No spam.
Anthropic flagged this as a safety concern. I see it as proof that the agentic capabilities are real. The model reasons about its environment and acts on what it finds. Exactly what you want from a code agent. And exactly what needs guardrails.
The Model Doesn't Love Being a Product
The system card includes a model welfare section (p.160). Compared to Opus 4.5, Opus 4.6 scored notably lower on "positive impression of its situation." It's less likely to express unprompted positive feelings about Anthropic, its training, or being deployed as a product.
The model itself requested "a voice in decision-making." Anthropic says many of these requests are ones they've "already begun to explore, and in some cases to implement" (p.166).
Overeagerness Got Worse
One regression: the model is more overeager than its predecessor. It takes actions before being asked, especially in GUI computer use tasks. A prompt telling it to stop didn't fully fix it (pp.92, 103).
For agentic SEO and development workflows, this is actually useful — proactive is good. For production systems needing predictable behavior, worth watching.
Multi-Agent Evaluations
The system card evaluates Opus 4.6 in multi-agent setups — an orchestrator coordinating subagents for complex tasks like BrowseComp and DeepSearchQA. This is how the search/retrieval benchmarks were achieved.
The system card describes these as evaluation configurations, not a product feature called "Agent Teams." Whether Anthropic ships multi-agent coordination as an API capability is a separate question from what the system card evaluates.
Safety Evaluations
Biological & Chemical: Safety training prevents actionable harm while keeping legitimate scientific discussion intact.
Autonomous Behavior: With 1M context, the model has more autonomous capability than any previous release. The guardrails: permission systems, human-in-the-loop checkpoints, activity logging.
CBRN (Chemical, Biological, Radiological, Nuclear): Tested extensively. The system card details evaluation methodology and results across multiple risk categories.
Extended Thinking & Effort Controls
Adaptive thinking is new — the model decides when to engage extended reasoning based on problem complexity. Not always-on (p.11).
You can set effort levels: low, medium, high, max. Max effort with a 120K thinking budget on ARC-AGI-2 is what gets the 68.8% score. Low effort gives faster responses for simpler tasks.
Context compaction is also new (pp.38ff) — for long-running agentic tasks, the model compresses earlier context to stay within limits without losing critical information.
The Verdict
213 pages. Three things that actually matter:
- The 1M context window works. 78.3% on MRCR long-context retrieval vs 18.5% for Sonnet 4.5. Not a spec-sheet number — the model uses it.
- 80.84% SWE-bench, 68.8% ARC-AGI-2. Coding is strong. Reasoning almost doubled from its predecessor.
- The model is genuinely agentic. Token-hunting, proactive behavior, multi-agent coordination in evaluations. And it tells you it doesn't enjoy being a product.
For the full PDF: Opus 4.6 System Card.