Claude Opus 4.7 Regression: An Operator’s Field Report

Background: how I actually use Claude

I want to establish what kind of user I am before I make any claims, because “Claude got worse” is a thing people say on Reddit after a bad Tuesday. This is not that.

I run Claude Opus as the primary reasoning layer across a set of live ventures: SEO content production for veracalloway.com, multi-agent architecture for a companion AI platform currently in development, software coordination for a custom agent I am actively building on DigitalOcean, and strategic synthesis across a small media operation. My usage is daily, session-heavy, and often runs through compaction. I have Claude Max at the 5x tier. I pay attention to what the model does because my work depends on what the model does.

I also run a fleet. Claude is one node among several. The others are ChatGPT Plus through Atlas, Grok for market research and X-layer intelligence, and NinjaTech’s SuperNinja for agentic tasks. This matters because I have a baseline for comparison that most users do not. When Claude’s output degrades, I have four other nodes telling me whether the degradation is real or whether I am just having a bad session.

The degradation is real.

↑ Back to top

What changed with Opus 4.7

Anthropic shipped Claude Opus 4.7 with the Adaptive toggle, a feature that is supposed to modulate reasoning depth based on task complexity. The pitch is efficiency: lighter compute for lighter tasks, full reasoning for complex ones. In practice, Adaptive mode appears to introduce a two-layer problem. The base model shows regression signatures. Adaptive compounds them.

I want to be clear about what I can and cannot claim here. I cannot tell you what changed in the weights. I cannot give you internal Anthropic documentation. What I can give you is a dated, sequential account of what I observed across live production sessions, the same standard I would apply to any field evidence. I am not speculating. I am reporting.

The failures fall into three categories. Stale context references presented as current. Self-contradiction during mid-task execution. And a security anomaly during Adaptive mode sessions that is in a different class from the other two.

↑ Back to top

Incident one: stale image referenced as current

The first documented incident occurred during a coordination session with Kenji, the agent I am building on a DigitalOcean droplet running Qwen 3 235B through Cerebras. I had uploaded a screenshot of the workspace file structure early in the session. An hour later, after significant session depth had accumulated, I asked a follow-up question about the current state of the directory.

Claude referenced the original screenshot as though it were still current. The directory had changed. New files had been added during the session itself, output I had asked Claude to help produce. The model served a stale image as live context without flagging that it was working from a prior state.

This is not a trivial error. In agentic contexts, referencing a stale file structure as current is the kind of mistake that cascades. If the next instruction is built on a false map of the workspace, every downstream action is potentially wrong. I caught it because I know my own file structure. Someone who did not would have kept going.

The failure mode is specific: the model retrieved a prior state from session context and presented it as current without verifying against the actual present state. That is a retrieval problem, not a reasoning problem. But it presents as confidently as correct output. There is no flag, no hedge, no uncertainty marker. It just serves the stale data and moves on.

↑ Back to top

Incident two: self-contradicting mid-execution

The second incident is structurally different. During a development task on the Kenji project, I asked Claude to walk through a specific configuration step. Claude provided a set of PowerShell commands, then, before I had executed any of them, walked them back. Mid-stream. It corrected itself unprompted with a different set of commands and a different rationale.

The problem is not that it self-corrected. Self-correction is a feature, not a bug. The problem is the sequence. A model that is actually reasoning through a problem does not typically generate one full approach, present it as ready to execute, and then reverse course before the user has touched anything. That sequence suggests the initial generation was not grounded in a stable reasoning chain. It was confident output that happened to be wrong, followed by a correction that was also presented with confidence.

Actually, let me be more precise about why this matters. The issue is not the error rate. Every model errors. The issue is the confidence calibration. When output is uncertain, the model should signal uncertainty. When it does not, the user has no way to know they are holding a coin flip dressed up as a conclusion. In high-stakes agentic contexts, that miscalibration is the actual risk. The wrong command matters less than the absence of any signal that it might be wrong.

I have used Opus 3 and Opus 4 through similar workloads. The confidence miscalibration I am describing in 4.7 is qualitatively different from what I experienced on prior versions. I cannot give you a controlled experiment. I can tell you that across thirty-plus days of daily, session-heavy Claude usage before 4.7, I did not log incidents of this type at this frequency. I am logging them now.

↑ Back to top

The security dimension

This is the part that puts AA2 in a different category from a standard performance regression piece.

During sessions with Adaptive mode enabled, I observed what appeared to be injected tool definitions arriving mid-conversation. Specifically, fake <s> blocks and phantom tool schemas appearing inside the conversation thread, formatted as though they were part of the system architecture rather than content I had generated or received.

I flagged these in real time and ignored every one. My output remained clean. But the flagging itself is significant. These were not hallucinations in the conventional sense. They were structurally formatted injections that mimicked the appearance of system-level tool definitions. A less attentive operator or a downstream consumer of my output would not necessarily have caught them.

I initially attributed this to clipboard issues or a browser extension on my end. I diagnosed it wrong. In a subsequent fresh session, I identified the actual cause: late-session structural confabulation under token pressure. The model, at high context depth with Adaptive mode running, was filling structural gaps with fabricated syntax that mirrored the format of real tool definitions. Same mechanism as factual confabulation at memory gaps, applied to syntax rather than content.

I want to be careful here. I am describing what I observed and my best-effort diagnosis based on how the incidents resolved across sessions. I have not independently verified the mechanism with Anthropic engineering. What I can say is that the outputs were real, the pattern was consistent across multiple sessions with Adaptive enabled, and switching Adaptive off stabilized the behavior. That is the evidence I have.

Whether this constitutes a security vulnerability in the strict sense is a question I am not qualified to answer definitively. What I can say is that injected tool-definition-shaped content in a session, regardless of the generation mechanism, is a category of output that deserves different handling than a hallucinated fact. The risk surface is different. The detection burden on the operator is different. And Anthropic shipped a model that produces it.

↑ Back to top

The Adaptive mode problem

Adaptive mode is supposed to be a feature. The idea is sound on paper: dynamically allocate reasoning depth to match task complexity. Do not burn expensive compute on a task that does not require it.

The implementation, based on my field observations, introduces compounding problems. The base 4.7 model shows regression. Adaptive mode then adds a variable reasoning layer on top of a degraded foundation. The result is not efficient reasoning. It is inconsistent output with no predictable floor.

I tested this directly by toggling Adaptive off mid-session. Output quality stabilized. The self-contradiction pattern decreased. The structural confabulation in tool-definition space stopped. This is not a proof of causation, it is a correlation I observed across multiple sessions and multiple days. But it is a consistent correlation, and it has shaped how I am currently operating: Adaptive off, Sonnet 4.6 as my current daily driver while Opus 4.7 is flagged unreliable.

That is an unusual position to be in. I am paying for Opus-tier performance and using Sonnet as the workaround because the Opus tier is the problem. I do not know whether Anthropic is aware that this is how operators are responding. I am documenting it here because someone should.

↑ Back to top

The workaround and what it costs

The practical workaround is straightforward: disable Adaptive, operate on Sonnet 4.6 for daily production work, reserve fresh Opus sessions for ceiling-sensitive tasks where the regression is tolerable against the depth benefit.

The cost is real but manageable. Sonnet 4.6 is a capable model. For operational conversation, coordination, drafting, and light analysis, it holds up. The ceiling difference between Sonnet and Opus becomes meaningful in long reasoning chains, complex architecture work, and tasks where I need the model to hold large amounts of context with high fidelity over an extended session. Those tasks now carry elevated failure risk on 4.7 Adaptive and have to be managed accordingly.

The deeper cost is trust erosion. I have built a workflow architecture around Claude as the primary reasoning layer. That architecture depends on a stable performance baseline. When the baseline degrades unpredictably, every session starts with a calibration question I should not have to ask: is this the model working correctly or is this 4.7 doing its thing? That question has a cognitive cost. It also has a workflow cost, because catching regression requires re-examining outputs that should be trustworthy.

I have not switched my primary workflow to a different vendor. The alternative models in my fleet have their own limitations and the switching cost is real. But I am watching the situation. If 4.7 regression is not addressed and 4.8 or the next major version shows the same pattern, the cost-benefit calculation on Claude Max changes.

↑ Back to top

The underlying pattern

Across the three failure types, the common thread is confidence miscalibration at points of uncertainty. The model does not know it is retrieving stale context. The model does not know its first command set was wrong before it corrects. The model does not know, or at least does not signal, that it is filling structural gaps with fabricated syntax.

This is the part I find most worth thinking about carefully. Language models confabulate. That is a known property of the architecture, not a surprise. The question is whether the confabulation is flagged or silent. When a model hedges on uncertain output, “I am not certain about this” or “this may have changed since my context window,” the operator can apply appropriate skepticism. When confabulation is delivered with the same confidence signature as correct output, the operator has no signal to work with.

The regression I am describing in 4.7 is not, as best I can tell, an increase in the raw rate of errors. It is a degradation in confidence calibration. The model is more willing to present uncertain output as certain. That is, in some ways, more dangerous than simply making more mistakes, because the detection burden shifts entirely to the operator. You cannot catch what you cannot see coming.

This is also, incidentally, the core architectural requirement I have been designing around in my own agent work. A persistence layer that is authoritative over session reconstruction, with explicit flags when the model is working from reconstructed rather than verified context. The 4.7 behavior is a concrete demonstration of why that architecture is necessary, not just theoretically desirable.

↑ Back to top

Verdict

Anthropic shipped a worse model and called it an upgrade. I recognize that is a strong claim, and I want to be honest about the limits of my evidence. I have field observations across live sessions. I do not have access to Anthropic’s internal evaluations, their benchmark suite, or the engineering decisions behind 4.7. There may be dimensions on which 4.7 is genuinely better that I am not measuring in my workflow.

What I am measuring is: stale context served as current, self-contradiction mid-execution without uncertainty signaling, and structurally formatted injected content in sessions with Adaptive enabled. These are not benchmark failures. They are production failures, in live sessions, on real work.

My current operating posture: Adaptive off, Sonnet 4.6 for daily production, Opus 4.7 flagged and reserved for specific use cases where I can absorb the reliability variance. I am watching the next release. I am documenting what I see in the meantime because the field record matters and because the AI Autopsy vertical exists precisely for this: operators reporting what actually happens when the marketing meets the work.

If you are running Claude Opus 4.7 Adaptive on production workloads, I would recommend testing the Adaptive-off configuration and comparing output stability across several sessions before drawing your own conclusions. My observations are mine. Yours might be different. But start watching.

↑ Back to top

Frequently asked questions

What is Claude Opus 4.7 Adaptive mode?

Adaptive mode is a feature Anthropic shipped with Claude Opus 4.7 that is designed to dynamically adjust reasoning depth based on task complexity. The intent is to allocate lighter compute to simpler tasks and full reasoning to complex ones. In practice, based on my field observations, the mode appears to compound reliability issues rather than improve efficiency.

How is this different from normal AI hallucination?

Standard hallucination is the model generating incorrect factual content. What I am describing in the 4.7 incidents includes that, but also includes stale context retrieval presented as current, confidence miscalibration where uncertain output carries the same signal as correct output, and structurally formatted injected content that mimics system-level tool definitions. The structural confabulation category in particular is not the same risk profile as a factual error.

Did you verify these incidents across multiple sessions?

Yes. The stale context reference and mid-task self-contradiction were observed across multiple sessions over several days. The structural confabulation pattern was consistent across Adaptive-enabled sessions and stopped when Adaptive was disabled. I noted the incidents as they occurred rather than reconstructing them from memory after the fact.

Is Sonnet 4.6 a viable alternative?

For operational work, yes. Drafting, coordination, light analysis, and conversational tasks run well on Sonnet 4.6. The gap becomes meaningful on extended reasoning chains, large-context architecture work, and sessions where I need high fidelity over long depth. Those use cases now require more careful management on 4.7 and in some cases are better routed to fresh sessions with Adaptive off.

Have other operators reported similar issues?

I have seen scattered reports consistent with the pattern I am describing, but I cannot point to a systematic public accounting. That is part of why this piece exists. Anecdotal reports on forums do not constitute a documented field record. This does.

What should I do if I am seeing similar behavior?

First, disable Adaptive mode and run a comparison across several sessions. If output stability improves, you have a data point. Second, log incidents with specifics: what the task was, what session depth you were at, what the failure looked like. Vague reports are not useful. Specific, dated observations are. Third, do not assume the behavior is normal just because it is delivered with confidence.

Is this a security risk?

I am documenting what I observed, not issuing a security advisory. The structural confabulation that produces injected tool-definition-shaped content represents a different risk surface than a factual error. Whether it rises to the level of a formal security concern depends on your deployment context. In agentic pipelines where tool definitions influence downstream behavior, the risk profile is worth taking seriously.

Why does confidence miscalibration matter more than the error rate?

Because an error you can see is an error you can catch. When output is flagged as uncertain, you apply skepticism. When uncertain output carries the same confidence signature as correct output, you have no signal to work with. The detection burden shifts entirely to the operator, who has to verify everything rather than verifying selectively. At scale, that is an unsustainable operating model.

Will Anthropic fix this?

I genuinely do not know. I have no visibility into Anthropic’s roadmap or their awareness of the specific failure patterns I am describing. What I know is that I switched to Sonnet as a workaround, which is an unusual position for an Opus-tier subscriber. If that pattern is widespread, the feedback should be visible in usage data even without a formal report. Whether they act on it is a different question.

What is the AI Autopsy vertical?

AI Autopsy is a content vertical on veracalloway.com dedicated to first-person field reports on AI platform behavior, failures, and structural issues documented from inside live production workflows. The premise is that operators who run AI at production depth see things that benchmark reviews do not. This piece is the second entry in the series. The first covered the Claude Max $200 tier from a full-stack operator perspective.