HackerOne Blog

We Benchmarked Opus 4.7 on Vulnerability Validation. Here's What We Found.

Miray Mazlumoglu
Principal Engineer
Willian Van Der Velde
Distinguished Engineer
Cyber brain surrounded by screens

The cybersecurity world lit up when Anthropic released Claude Opus 4.7. The initial reactions have been predictable and reasonable: people want to know if this model finds more bugs. Vendors are racing to publish discovery benchmarks, and the numbers look impressive. Visual reasoning is better, agentic coding workflows are faster, and the frontier moved.

At HackerOne, we've been curious about something specific: how does Opus 4.7 perform when the task isn't finding vulnerabilities, but validating that they are exploitable and reachable?

AI-powered vulnerability discovery is progressing fast, and that's a good thing. But as discovery gets better, the volume of findings landing on security teams grows with it at a much faster pace. Between bug bounty programs, scanners, SAST, DAST, penetration tests, and now AI-powered discovery agents, the pipeline of potential issues keeps expanding. The question that follows, as it always has in vulnerability management, is: which of these findings are actually exploitable?

To answer that, we use an agent that reads source code, traces data flows, understands application logic, and produces a reasoned verdict with specific evidence. As discovery scales up, validation needs to scale with it at a much faster speed, reducing the exploitation window to a minimum.

We want to give our customers the best experiences possible, so when Opus 4.7 dropped, we ran it immediately through two validation benchmarks. The results tell a nuanced story.

Benchmark 1: Validating Real Vulnerability Reports

Our first benchmark uses HackerOne's internal validation dataset, a curated set of findings from open source repositories that have been definitively marked as valid or invalid by human security analysts. The agent receives a finding, analyzes the relevant code, and must produce a definitive, evidence-backed verdict.

The biggest improvement showed up in invalid finding detection, where Opus 4.7 improved by about 2 percentage points. For security teams running vulnerability programs, this matters. A significant portion of analyst time goes into evaluating reports that look severe, but on closer inspection, are not practically exploitable or are based on a misunderstanding of application behavior. A model that's better at confidently filtering those out gives security teams their time back to focus on the findings that actually matter.

Opus 4.7 improved overall accuracy by ~2.5 percentage points over Opus 4.6 on definitive, code-backed validation calls. On a task this complex, against findings and actual codebases, that's a meaningful gain.

Both models performed equally well at identifying valid reports. We haven’t observed a significant difference there.

Benchmark 2: CVE Validation on Open-Source Code

Our second benchmark uses publicly known CVEs in open-source software, drawn from an academic dataset of nearly 7,000 CVE records across C, Python, Java, and C++ projects. For each CVE, we create two code snapshots: the vulnerable version (before the fix) and the patched version (after the fix). The agent receives the CVE description and the code, then must determine whether the codebase is vulnerable.

This is where the story gets interesting, because the two models show fundamentally different validation profiles.

Opus 4.7 is the precision model.

It delivered a ~14 percentage point improvement in precision over Opus 4.6, with roughly 3.5x fewer false positives. False positives are a major drain: the finder flags an issue, the validator confirms it, and now the burden shifts to the security analyst to prove it isn’t actually exploitable.

When Opus 4.7 says a codebase is vulnerable, you can trust that verdict at a significantly higher rate. It also reduced verdict extraction failures by over 90%, meaning the agent was far more reliable at producing structured, usable outputs.

Opus 4.6 favors recall.

It catches nearly every real vulnerability, but at the cost of a high false positive rate mentioned above.

In a security triage pipeline where missing a real vulnerability is worse than over-flagging, that bias toward recall could be a deliberate tradeoff, but it shifts the burden downstream to security analysts.

On critical vulnerabilities (CVSS 9-10), the gap widens. Opus 4.7 achieved near-perfect precision on critical CVEs, while Opus 4.6 was only right 6 out of 10 times when it said a critical CVE was valid. For the findings that carry the most organizational risk, Opus 4.7 delivers higher-confidence verdicts.

Overall accuracy improved by ~3.5 percentage points, while the F1 tradeoff reflects the precision-recall balance: Opus 4.7 is more precise and operationally cleaner, while Opus 4.6 casts a wider net.

For security teams, the practical implication is clear. If your bottleneck is analyst time spent chasing false positives, Opus 4.7 is a direct improvement. If you're in an environment where you cannot afford to miss a single finding regardless of noise, the recall profile of Opus 4.6 still has value. We're exploring model-routing strategies that leverage each model's strengths based on severity and context.

Both benchmarks use the same code-backed validation agent, with the only variable being the underlying model. We'll continue publishing these results as new models become available.

What We See in Production

Benchmarks measure capability in controlled conditions. Production tells you whether that capability holds up.

We're seeing Opus 4.7 deliver gains that meet or exceed our benchmark numbers, particularly in more complex scenarios. A few patterns stand out:

  • Better instruction following. Our validation agents run multi-step workflows: clone a repository, search for relevant code paths, trace data flows, and produce a structured verdict with evidence. Opus 4.7 follows these workflows more reliably, with fewer deviations or hallucinated steps.
  • Stronger coherence in long-running tasks. Validation isn't a single prompt-response cycle. Our agents regularly execute 10-20 tool calls per validation, reading multiple files and building up context across an entire codebase. Opus 4.7 maintains coherence across these extended interactions better than its predecessor.
  • Improved multi-step reasoning. The hardest validation cases involve chained vulnerabilities that span multiple files and functions. Think an SSRF that leads to cloud metadata exposure that leads to credential theft or a stored XSS that chains into account takeover. Opus 4.7 handles these multi-step reasoning chains with more precision.
  • Higher token efficiency. Consistent with what others have observed, Opus 4.7 is more efficient in how it uses its context. More validations per dollar, which matters at scale. In our benchmark, it achieved higher precision with fewer model calls per case, producing more thorough analyses per turn rather than spreading reasoning across many smaller steps.

Validation Is the Multiplier, Remediation is Next

The core challenge of identifying real, exploitable vulnerabilities hasn’t changed.

What has changed is everything around it. More findings, finding real critical vulnerabilities is more accessible than ever, the exposure window needs to be shorter than ever. Security teams must operate at an unprecedented speed with an unprecedented amount of real valid security findings.

Fix all the things! But here's even more things! Agentic validation is what makes this challenge manageable, turning a growing stream of potential issues into a smaller set of real, exploitable risks. It replaces uncertainty with evidence and gives teams the clarity they need to take action and fix what matters.

At HackerOne, we see discovery and validation as closely connected. But as volume and speed increase, validation becomes the deciding factor. It determines whether more findings create more noise or lead to real security improvements.

That’s what we’re focused on building: validation that can keep up with the pace of discovery and help teams move from findings to fixes.

Make “is it exploitable?” a faster call with h1 Validation

AI
Exposure Management

About the Authors

Miray Mazlumoğlu
Miray Mazlumoglu
Principal Engineer

Miray Mazlumoğlu is a Principal Engineer at HackerOne, where she leads various AI initiatives across the product portfolio. Her work focuses on designing and experimenting with data-driven systems and AI solutions that drive efficiency and deliver reliable, high-confidence outcomes for complex security challenges.

Willian van der Velde
Willian Van Der Velde
Distinguished Engineer

Willian van der Velde is a Distinguished Engineer at HackerOne, a driver of the technical vision that guides the company's AI direction. His work centers on building scalable, intelligent systems that enhance the security platform, enabling more effective vulnerability discovery, triage, and remediation. He focuses on translating emerging AI capabilities into practical, high-impact solutions that strengthen HackerOne's core products and long-term innovation strategy.