Claude Sonnet
The recommended default for most scans
Sonnet is the model we recommend for most vulnerability scans. It has the reasoning depth to catch subtle issues like auth bypasses, business logic flaws, and chained injection vectors, while still being fast enough to keep scan times reasonable. It's the default on all managed plans for a reason.
What Claude Sonnet brings to a scan
Where it excels
Reasoning depth
Sonnet catches vulnerability classes that require multi-step reasoning: chained request sequences, stateful auth flows, and business logic issues that only appear when endpoints are tested in combination.
Confidence scoring
Sonnet's higher intelligence means its confidence scores are better calibrated. A 0.90 from Sonnet carries more signal than the same number from a smaller model, with fewer false positives and less noise to filter.
Thoroughness
Sonnet traces more code paths per page than Haiku. On complex SPAs and API-heavy applications, this translates to more complete coverage and fewer missed endpoints.
Best suited for
When to pick Claude Sonnet
- Production vulnerability assessments
- Applications with complex auth flows
- API-heavy apps with many endpoints
- Pre-launch security checks
- Most teams on managed plans
Pricing
What Claude Sonnet costs per scan
Input tokens
$3.00
per million tokens
Output tokens
$15.00
per million tokens
On managed plans, credits are consumed at cost with no markup. On the BYOK plan, your Anthropic account is billed directly at these rates.
Compare models
Run a scan with Claude Sonnet
Paste a URL, select Claude Sonnet, and get a full vulnerability report in minutes.