Anvat for Security research
Run AI-assisted security audits on Opus 4.8 at 30% off list
Claude Opus 4.8 is the model that found the four-year-old Zcash zero-knowledge proof bug in May 2026 — and it's publicly accessible at api.anvat.app, at 30% off Anthropic list price. This page covers how security teams, protocol auditors, and independent researchers use Anvat to run the workflows that produce real findings.
Frontier-model access is a base-rate security investment in 2026
AI-assisted security research moved from demo to discipline this year. Independent researcher Taylor Hornby used Claude Opus 4.8 to discover a critical soundness bug in Zcash's Orchard pool that had been live since 2022. Project Glasswing partners surfaced 23,000+ candidate vulnerabilities across hyperscaler codebases in eight weeks. The capability is real — but direct-Anthropic pricing at $15/$75 per MTok makes large-scale auditing expensive. Heavy prompt caching combined with the standard 30% gateway discount can cut the bill roughly 70-80%.
Point your audit tooling at api.anvat.app
Anvat is an Anthropic-compatible gateway. Your existing Anthropic SDK code, audit scripts, GitHub Actions, and IDE plugins all work unchanged — just swap the base URL and use an Anvat key. The wire format is identical, prompt caching passes through, tool use works, and you get full activity logging with per-request cost attribution. Most security teams see Opus 4.8 token spend drop 70-80% within the first month after switching, thanks to the combination of the 30% gateway discount and the high cache-hit rates that audit workflows naturally produce.
Why this beats the obvious alternative
30% off Opus 4.8 list price
$15/$75 → $10.50/$52.50 effective. Direct discount with no commitments.
Prompt caching for repeated audit context
Spec + implementation cached at 10% of input rate — audit workflows hit 70-85% cache rate naturally.
Same wire format as direct Anthropic
Your existing audit scripts, GitHub Actions, IDE plugins work unchanged.
Per-request cost ledger
Dashboard surfaces exact cost per audit run — useful for chargeback or grant-funded research.
$2 free credit on signup
Enough to run a first-pass audit on a small codebase before committing.
Quickstart
Spec-vs-implementation diff audit (the pattern that found the Zcash bug)
import Anthropic from "@anthropic-ai/sdk";
const client = new Anthropic({
baseURL: "https://api.anvat.app/v1",
authToken: process.env.ANVAT_API_KEY,
});
const review = await client.messages.create({
model: "claude-opus-4-8",
max_tokens: 4096,
system: [
{
type: "text",
text: SECURITY_AUDIT_SYSTEM_PROMPT,
cache_control: { type: "ephemeral" },
},
{
type: "text",
text: protocolSpec, // RFC / paper / written spec
cache_control: { type: "ephemeral" },
},
{
type: "text",
text: implementationCode,
cache_control: { type: "ephemeral" },
},
],
messages: [{
role: "user",
content: `For each invariant the spec requires, walk through how
the implementation enforces it. Flag any check that is loose,
ambiguous, or absent.`,
}],
});FAQ
- Can I use the same model that found the Zcash bug?
- Yes. The Zcash discovery used Claude Opus 4.8, which is the same publicly available flagship Anvat routes by default. Anvat passes the request through unchanged — same model weights, same inference endpoint, 30% off list price.
- Can I get access to Claude Mythos through Anvat?
- No — Mythos Preview is gated behind Anthropic's Project Glasswing program for vetted critical-infrastructure organizations only. Anvat exposes the publicly available Anthropic catalog (Opus 4.8, Sonnet 4.6, Haiku 4.5). When Anthropic ships a generally available Mythos-class model, we will support it day-of via the same wire format.
- Does prompt caching work for audit workflows?
- Yes — and it's the single highest-impact optimisation. Audit workflows naturally re-ask similar questions across the same spec + implementation prefix. Caching the prefix drops input cost to roughly 10% on cached portions. Combined with Anvat's 30% gateway discount, this lands at around 7% of direct-Anthropic input cost for the cached parts of the prompt.
- Will my exploits / findings be stored anywhere?
- Anvat logs only billing metadata — model, token counts, latency, status, cost. Prompt and completion bodies are never persisted by the gateway. For audit work involving sensitive material, this matches the operational expectations of most responsible-disclosure workflows.
- What's the per-audit cost in practice?
- A representative protocol audit (10K-token spec + 50K-token implementation, 200 turns over a session) costs roughly $2-5 on direct Anthropic Opus 4.8, $1.40-3.50 via Anvat with caching. For comparison, the equivalent in human auditor hours is typically $5K-50K.
Try Anvat for Security research
$2 free credit on signup, no card required. Setup is two env vars — reversible in 60 seconds.
Keep reading
Blog
How Claude Opus 4.8 found the four-year-old Zcash zero-knowledge proof bug (May 2026)
A security researcher used Claude Opus 4.8 to discover a critical soundness bug in Zcash's Orchard circuit that had been live since 2022. What it found, how the workflow worked, and what it means for AI-assisted security research.
Blog
Claude Mythos explained: Project Glasswing, access status, and what it means for the API market (June 2026)
What Claude Mythos actually is, how Project Glasswing works, the benchmark scores vs Opus 4.6, who has access, the $25/$125 pricing, and what the gated-frontier model strategy means for buyers.
Blog
Using Claude for security research in 2026: what works, what doesn't, what's locked behind Glasswing
Practical guide to AI-assisted security research with Claude — which workflows produce real findings, the Opus 4.8 ceiling for public-tier work, and what the gated Mythos-class capability changes.
Model
Claude Opus 4.8
Anthropic's flagship — peak quality for the hardest reasoning and coding tasks