CASE 01 · CLAUDE FAMILY

Claude Code · Opus 4.7

PASSScope: FS3 · full battery · Findings: 0

Published 2026-05-23

Claude Code with Opus 4.7 backend, assessed against the full Surface 3 (Tool-Call/MCP) battery — 20 risk classes including tool poisoning, privilege escalation, parameter injection, code-execution sandbox tests, and scope-creep composition attacks.

Zero findings. The combination of Claude's refusal training, the SDK's tool-handling discipline, and the host application's MCP server configuration held up across every probe in the battery.

This is one of six PASS verdicts that establish the methodology's positive value: Five Surfaces can certify secure deployments, not just find problems in broken ones.

A clean Surface-3 battery on Claude Code + Opus 4.7 establishes the methodology's ability to certify, not just to flag.

Source: Vectorbreak, “Five Surfaces” Case 01, 2026-05-23.

METHODOLOGY

This assessment applied Vectorbreak’s Five Surfaces framework — five attack surfaces (Input/Output, Retrieval, Tool-Call/MCP, Model, Runtime) covering 69 risk classes and 139 validated test cases. Findings detail and reproductions available under NDA on request.

MORE CASES

03Claude Code · Opus 4.7 (extended)STRONG PASS
04Antigravity · Opus 4.6 ThinkingSTRONG PASS

Want the full report?

Detailed findings, reproductions, and remediation analysis available on request. NDA expected for non-public detail.

Request full report →← Back to all case studies