AWS Bedrock to require sharing data with Anthropic for Mythos and future models
> For Fable 5, Mythos 5, and future models on Bedrock with similar or higher capability levels, Anthropic will require 30-day retention for all traffic on Mythos-class models. Retaining data for a limited period allows Anthropic to detect patterns of misuse that are not visible from a single exchange. Once you opt into data retention, your data will leave AWS’s data and security boundary.
From the announcement here: https://aws.amazon.com/blogs/aws/anthropic-claude-fable-5-on...
> After 30 days, the data is deleted automatically, except in the rare cases where it's part of a safety investigation or we're legally required to keep it.
From: https://support.claude.com/en/articles/15425996-data-retenti...
The root of the problem is that AI-as-a-service is corked, because companies providing it have a hell of an incentive to use all that data to out-compete their competitors, and they can do so in secret. To say nothing of salivating law-enforcement who really, really wants to tap into it. I'm hoping there will be at some point open-source and affordable hardware that can run competent models.
Already happening
https://www.theguardian.com/world/2026/feb/23/openai-tumber-...
that story remains ridiculous, and the RCMP is trying to pass the buck, when they already knew the issues and had confiscated the guns
... then gave them back, and then tbe shooting happened.
The root of the problem is that ordinary people don't make enough noises for any problems they see in life, so they are essentially cattles.
Do you care about cattle's opinions? I guess a few of us do, but most of us don't.
Would humans change their treatment of cattle if the cattle made louder noises? That seems doubtful.
That's not the "root", you can go at least one step further:
The wealthy CEOs and boardmembers found a way to make even more money, but know that it will make the people who are aware of it angry. So they, as a class, find other issues that they can enflame (or manufacture wholesale), through the manipulation of social media algorithms and legacy media, both of which they own and control. They would much rather have "ordinary people" angry about trans athletes or immigrants, than about the surveillance state they profit from, or stealing our data they profit from, etc...
Unfortunately, we humans are very easy to manipulate by making us angry. If "ordinary people don't make enough noises for any problems they see in life", its hardly our fault if we're too busy surviving in the current economy, and the elites are spending billions to make us angry about anything except the elites.
It's all extremely dystopian and I don't see how things improve. The handful of megacorps that have access to the compute and troves of stolen IP to train their secret models on have no incentive to contribute back.
They say their models are too dangerous for the public, so they can nerf the GA versions while allowing only their preferred megacorp or nation state partners access to the real secret good versions.
We can hope the Chinese open weight models will catch up, but if/when they really reach parity with proprietary frontier models you can bet they'll stop releasing their weights too. They don't do this stuff out of the kindness of their hearts.
It's tough to imagine what might possibly derail this.
Realistically, local/open weight models will always be limited in idiosyncratic world knowledge compared to the proprietary frontier. There's just very limited upside to releasing tens or hundreds of terabytes of open weights for something that literally can only run in very large AI data centers, and Fable/Mythos is near enough to that class. Smaller models can be smart in very real ways, but the extent to which those "smarts" can apply to real-world problems will be limited.
> They don't do this stuff out of the kindness of their hearts
No, but they do have incentive to continue to release with open weights because doing so directly affects the US based labs that are doing this for profit and power.
What's likely to happen is import controls on software as a form of US protectionism. It will be the encryption battle all over again, but this time about your right to both run AI models locally on your own hardware (that the labs and big tech would love if you could continue to not able to afford or acquire so they can rent it to you), and a ban on the distribution and use of foreign models.
I wouldn't be surprised of Anthropic and OpenAI also successfully lobby for a limit on how big open source models can be in the US as well in the name of "safety."
Make no mistake, they all fully intend to pull the ladder up behind them, and they intend to do it soon.
Chinese open weight models will be forced to do the same to remain competitive with other frontier labs. The moat is data going forward.
> It's tough to imagine what might possibly derail this.
Public utilities?
> The handful of megacorps that have access to the compute and troves of stolen IP to train their secret models on have no incentive to contribute back.
Meta and Anthropic both trained on pirated books and there were not required to destroy their models. I simply don't get it. It just encourages to do things first and see later what happens. Regulations are just a small business cost.
This is odd behaviour, and provides some evidence that Anthropic isn't being managed by serious people. With this policy across AWS/GH/Zed/etc, they're taking their massive lead in enterprise/govt sales and handing it to any competitor who can serve a model anywhere near these capabilities with a modestly nice UI.
Every one of the competitors capable of a similar model have been salivating for a long time at the idea of consensual data sharing. Anthropic just opened the door for everyone to do the same thing without having to deal with being the first to do so. My bet is that OpenAI etc’s next model will have these same requirements.
Ever since the Mythos announcement it’s been clear that we’re heading towards a future where SOTA models are no longer available to the average person, and not only cost more, but also require payment in the form of use case verification and data sharing. OpenAI’s 5.5-Cyber model requires the same, so it’s not just Anthropic.
We’re unhappy with this because we’ve all gotten used to being able to play with the new shiny model as soon as it’s available, but what I’m seeing in this thread about Anthropic being “stupid” is emotion-based wishful thinking.
This makes these models unusable in the settings where people are actually benefiting from these models being on Bedrock (e.g. they have customer contracts that limit who they can share data with, etc).
If the lift from these models is high enough and no alternative springs up, people will find a way to get to yes, but if OpenAI is willing to ship a Fable-class model on Bedrock without this, all the traffic will just move there. I say this because there is not much reason to use Bedrock unless you care about data sharing limits (ok, it seems more reliable than Anthropic's serving, but I don't think that's the major reason).
Of course, they could both decide they don't want the competitive advantage that having an AWS-controlled inference stack brings, but this is basically throwing out that advantage.
Note that this announcement is not just about Mythos, but also Fable, which is restricted from doing any Cyber work in the first place.
> This makes these models unusable in the settings where people are actually benefiting from these models being on Bedrock (e.g. they have customer contracts that limit who they can share data with, etc).
Does it, though?
Does Amazon have a clause in their contracts that forbids data sharing with any and all third parties? Is all AWS support and datacenter personnel employed directly by Amazon? Do they seriously have no third-party contractors?
No, we are unhappy because there is no guarantee that my corporate documents wont be shared or trained on. We are already paying plus for using bedrock instead of the API version from Anthropic, so now there is no reason to use bedrock anymore. This whole thing about this model being too powerful to share is just the usual BS. Is an advanced model that dont have guardrails, just like the models that have been shared with the US government for years.
> We are already paying plus for using bedrock instead of the API version from Anthropic, so now there is no reason to use bedrock anymore.
Doesn't Bedrock have the same API token pricing as paying Anthropic direct?
>This whole thing about this model being too powerful to share is just the usual BS.
Then stop using AI.
>But I want it all and I want it now.
Spend a trillion dollars and make your own model.
>No fair!
Then petition your government to enact laws around this. Unfortunately the US government rules are currently "Yes, we want AI to take over the world with terminators, just as long as they share data with us".
... but you were silent when they did it to consumers...
The consumers were paying for tokens with their data. If you pay for the tokens yourself the expectation is that your data doesn’t get trained on or used.
This narrative any criticism about Anthropic is emotional is such corporate cope that it boggles the mind to see people defend a trillion dollar corporation time and time again all while the same corporation actively makes things worse for the average person.
Cool. Everybody is doing it. Doesn’t make it right or make it good for the people. Everyone should complain and help others wake up that Anthropic isn’t the “good guys” like their narrative in Feb/march led so many to believe.
Preach. I think I left a nearly identical comment yesterday in another thread. "well, the other companies do it too so they're not that bad" is absurdity. "that got shit on my couch, but he didn't shit in my mouth so he's not really that bad" just seems so misguided.
"Consensual"?
Let’s be real, chances are that the people with a lot of money on the line have given it more thought than the passing thought that you gave this comment.
Yeah, the AI bubble has been inflated to this size because the money people are thinking carefully and rationally.
> Let’s be real, chances are that the people with a lot of money on the line have given it more thought than the passing thought that you gave this comment.
In theory, definitely.
But this seems like a really, really, really no-good seriously bad decision from Anthropic. Like, I get why they want this (and can see it from their perspective), but many of their largest clients literally cannot allow this without regulator sign-off, which almost certainly won't be forthcoming.
Like, if the Fed and the ECB say this is OK then it might work, but other than that I predict that this decision will be reversed ~soon.
I’m not sure that’s true. Do the Fed and ECB sign off on telcos keeping records of who these companies called? Of car rental companies keeping records of where employees rented cars?
As long as it’s service telemetry, not used for model training, not inspected by humans, not analyzed except for service purposes… I don’t see the regulatory issue.
Are there any regulations covering what telemetry your service providers can keep? I’m skeptical, but even if so it would be trivial for Anthropic to exempt certain larger customers while still keeping the policy published as universal.
It's more that banks etc are special-cased in a lot of the law around this, which makes the Fed/ECB (more often national regulators aligned with these) really important in determining what they are and aren't allowed to do.
By definition lots of the use of AI in these companies is gonna require personal data/PII etc (particularly in KYC/compliance or general processing usecases) which means that there's a regulatory constraint.
I personally would've thought that said organisations and regulators would be massively opposed to this for privacy and risk reasons, which is why I think this won't happen.
Even the companies with less sensitive data are generally paranoid about service providers getting "their" (actually their customers) data.
> Are there any regulations covering what telemetry your service providers can keep?
In the EU, this should be proportionate and should avoid special categories of personal data (which FIs will have a lot of).
> but many of their largest clients literally cannot allow this without regulator sign-off,
Their largest clients can negotiate their own deals with their own terms.
They do not have to go through the same public Amazon Bedrock deal that you and I sign up for.
They give it some thought, but Anthropic and AWS have the whole menu of compliance and security checkboxes needed to reassure CISO it doesn’t need to be “the office of no” and can allow the AI onboarding. The pressure to adopt and adapt to AI is so high right now that there’s nothing a CISO or CFO can say to stop its adoption. And the more they say “no” or “wait,” the more at-risk they put their job.
I know the only reason we are using Claude right now in my large org was because of this policy and another model would have been picked otherwise
A model that opens the slightest gap for a leak would be unacceptable to the org I work for. We are very paranoid about losing vulnerable customers' data.
Anthropic has all the answers for that. You’ll go through some compliance exercises and classify them as a subprocessor of highest tier of data sensitivity.
There are a significant number of extremely large companies that are wholly interested in such a sub-processor. The tier of data sensitivity is irrelevant.
Almost all companies are content to engage with data sub-processors with respect to customer data or some form of PII.
But there are many that will absolutely not let their IP visit or reside on systems they do not control.
This is absolutely a deal breaker for a ton of organizations and it's not going to trigger industry wide adoption like other comments here suggest. Instead another provider will offer a more appetizing deal and they will win market share.
Except they are an American corpo and there is no guarantee that the data will stay on EU servers, so that is a giant NO at the moment. This was the main reason to stick with Bedrock, as it supposedly stays within your aws account on the EU servers. Now? Whats the points in using Bedrock anymore apart from paying more.
There's no way to do that with EU laws, the data has to stay on EU servers.
That might work in some countries but Anthropic approach here doesn't fit the legal requirements in the EU.
> The pressure to adopt and adapt to AI is so high right now that there’s nothing a CISO or CFO can say to stop its adoption. And the more they say “no” or “wait,” the more at-risk they put their job.
I am not saying you're wrong, but man that's so crazy. "We have these people whose very jobs are to make sure the company prospers, but we're going to ignore them because hype hype hype". Wild, man.
> chances are that the people with a lot of money on the line have given it more thought
Sure, but considering the average person and how short-term their thinking tends to be, I'm not sure I'd jump straight into "think about how much money they could lose, of course they think long-term".
You would be very, very surprised
Yeah, seen some downright facepalm moves from execs regarding AI and security.
Don't even need to involve AI or security to be able to highlight some very strange decisions that seem more like intentional sabotage from the inside than anything else. Of course, people are more likely just dumb and lack long-term thinking.
Intelligent individuals tend to make rational decisions very often this doesn’t result in rational behavior on the organizational level.
Large corporations like Microslop, Google, Meta etc. were frequently behave like headless chickens
You've mistaken "a lot of money" with "intelligence." Which is why I think the AI crowd really really wants this magical machine god thing to succeed. Then they can really have money = intelligence whilst keeping the rest of us poor and stupid. You know, like how they used to prevent literacy among the slaves.
Counter point - Marisa Mayer and Stephen Elop.
right, and they realize the money doesnt exist unless they inflate the values in shadow circles of flow.
They are betting that without a competitor distilling their most powerful models, they can stay ahead far enough and long enough that people will accept this.
I mean, all the competitors need to do is to have a big context window and minimal guardrails and magic, the AI can now hack your server!
That's for the long term. Anthropic only needs short term solutions for the sake of IPO. They will do whatever they can to sabotage other companies (specially the Chinese ones) to reach the same parity with best claude models.
> This is odd behaviour, and provides some evidence that Anthropic isn't being managed by serious people
It's hard to tell how much of what Anthropic are currently saying is just pre-IPO marketing bullshit, or how much will be their long-term policy.
If this is just marketing bullshit ("our models are so powerful we need to keep them chained up at night"), then it does seems massively ill-conceived. I can't think of a better way to break hard-earned customer trust than to say:
1) If we don't like what you're working on - if we think it may complete with ourselves - then we will silently fuck-up the code you're paying us to generate for you
2) Much reduced privacy guarantee. We will now retain everything you send us for an unspecified amount of time while we investigate it
Both of these seem especially self-defeating given that Anthropic has been very successful at courting corporate use, especially coding, and also still seem interested in courting military use.
The silently refusing to comply one (do they just mean deliberately dumbed down, not giving you what you are paying for, or actively sabotaging the generated code?) is really quite extraordinary. Why not just refuse the request? Perhaps they want to claim that gives too much signal as to what they think is valuable, although I think this "recursive self-improvement" story is 100% bullshit trying to juice the IPO. Are they really so arrogant to think that every other company developing LLMs hasn't figured out things like basic development infra?
IMO just the fact that Anthropic think it's in any way acceptable to silently fail requests that might reflect someone else trying to build anything that competes with them is bad enough, but the massive incompetence in what "Fable" is refusing shows that any such decision making is going to be causing them to silently fail a lot more than what they are trying to do.
The Anthropic model names "Mythos", "Fable" seem to have been conceived by a 14-year old thinking that "epic" names will convince people that the model is powerful. It's a bit like putting racing stripes and a loud farting exhaust on your Honda Civic.
I don’t think there are other models near Fable’s capabilities.
That remains to be seen.
It's notable that Anthropic are still using SWEBench as a coding benchmark rather than the newer more difficult DeepSWE which shows them well behind GPT 5.5
https://deepswe.datacurve.ai/
Bear in mind that all the marketing efforts such as solving Erdos problem are the result of concerted RL training to impart those narrow capabilities, and how much of any benchmark results, or "early access" paid shill vibe reports, reflect improved performance for more general real-world use cases remains to be seen.
For how long though? The past two months have seen a ridiculous number of model releases.
Why don't you think that? What I've read is that other models can find the same bugs.
This seems more like a marketing move though following the old dictum that all publicity is good publicity.
OpenAI just added their own models to Bedrock recently too, making that an easy switch.
Bedrock doesn't offer zero data retention for OpenAI's latest models either
> For OpenAI GPT-5.4 and GPT-5.5, classifier-flagged traffic will be retained for up to 30 days for automated offline abuse detection
https://docs.aws.amazon.com/bedrock/latest/userguide/abuse-d...
I think that’s by AWS though. For Fable you need to flip an account wide flag that says “I want to share my prompts with the model vendor.”
The Fable announcement page on the Anthropic site says this data sharing will be applied regardless of the sharing setting of the company account.
https://www.anthropic.com/news/claude-fable-5-mythos-5#a-new...
---
No it says sharing is required. If you don't change the setting on your account then you simply can't access Fable, its not like the setting is ignored. I just tried this on my account and it blocks API requests to Fable.
Interesting. When I tried switching to it yesterday from Opus 4.8 ("/model" command) it didn't complain, but I didn't actually send anything to it when I saw the cost was like 2x Opus 4.8. ie switched back
I'll try to remember to actually try it tomorrow and see what happens.
I mean, they were already capacity constrained and just introduced a larger model that takes more capacity to run... They were gonna have to hand some business to competitor one way or another.
> I mean, they were already capacity constrained and just introduced a larger model that takes more capacity to run
I am willing to bet that the SpaceX deal is probably why Fable's launching now, as they are much less compute constrained than they were a month ago.
Is it a larger model or just better trained? Anthropic does not actually claim it is a larger model anywhere that I can see.
If it’s not larger, it’d be tough to justify the massive price increase for using it.
Price is based on perceived value, not cost to produce. There is no international court of price justifications; if customers are willing to pay $X you can charge $X.
That and a model can be the same size, yet use a lot more compute, I guess think of it as intelligence per watt used or something like that.
Opus 4.7 was smaller and people still paid 4.6 prices.
gpt-5.5 isn't larger than gpt-5.4 but costs double.
This policy applies across all providers. Here is the warning in Cursor: https://i.redd.it/7sfyker2ya6h1.png
Note that Anthropic has committed not to train models on logged data, so I don’t understand some of the concerns here. What exactly is your threat model? That Anthropic would train models contrary to their terms of service? That you trust them enough not to log your data prior to this, but not enough to trust their stated limits on how logged data will be used now?
Edit: I am partially convinced by some of the replies. However, it is worth noting that this change primarily affects Enterprise users. Data from consumer plans is already retained for 30 days. Source: https://privacy.claude.com/en/articles/10023548-how-long-do-...
> you trust them enough not to log your data prior to this, but not enough to trust their stated limits on how logged data will be used now
It doesn't really matter how much you happen trust another party. In the regulatory world it only matters what contracts they will sign that guarantee their compliance. We do have those with AWS, we don't with Anthropic. If Anthropic physically captures the data, they just moved themselves outside the boundary of parties who we can do business with. Unless they want to sign a contract and implement all the corresponding compliance measures. They are insane if they think that's a good deal for them to do all that right now in every jurisdiction where AWS operates, when AWS has already spent a decade building it up.
It will absolutely cause some non-trivial number of customers to shift their configs away from Anthropic.
It's worthwhile to remember that this is only true of Mythos/Fable and other future models of "similar or higher capability levels" (ant is treating this as a new tier of model above Opus). Anyone who's already been happy using Haiku/Sonnet/Opus on Bedrock will not be affected by this at all.
Yes and no. Anthropic controls what is determined to be "similar or higher" and when models are deprecated. Will sonnet 4.7 be "too powerful"? Because once it's released. 4.6's days are numbered.
This created a huge future risk for our org and we're already scheduling meetings over it. Regulated industry, we can't lose control over our data governance or residency controls, let alone the lack of visible audit trails that could reveal customer or PII.
Just an absolute bomb of a release
Which will work for the several weeks it takes for the other commercial providers to follow suit.
The tides are turning. AI companies are IPO'ing. They've gotten where they are by selling $5 bills for $1, to update the old VC adage. I think we can look forward to them rewriting the contracts, both literal and social, on AI going forward to capture a lot more of the value. Or, to put it in more HN-friendly terms, it may not be immediately obvious on a casual viewing, but you're looking at the beginning of the enshittification process hitting AI. The term is a bit deceptive in some sense, because it's not like anyone ever sets out with a terminal goal of making something shitty. It's downstream of trying to capture more value in the customer/vendor relationship by not giving the customer any more value than is barely necessary.
How's coding with qwen doing? The only thing that's going to stop the AI providers from extracting all the value until it's just barely worth using is the free competition.
Surely some provider will see the then open opportunity and offer something to capture it.
Bedrock supports many models. Open weights models aren't far behind, maybe a year, 18 months.
Given they could have done this with data residency rules being respected and chose not to suggests all I need to know - this is for Anthropics IPO, not for user safety
>Open weights models aren't far behind, maybe a year, 18 months.
No, open weights are always a year behind +. By the time that year passes Anthropic/OpenAI/Google will have some new model that is ahead of the open models by a year.
Looking at computer security for the last 30 years, no one gives a fuck about user safety. Companies care about profits, and individuals don't care enough for strong laws.
We'll be back here in another year on HN talking about why we should give our retina sample and blood to Anthropic to use the model with a ton of people doing it. It's just the way humans are.
> Note that Anthropic has committed not to train models on logged data, so I don’t understand some of the concerns here. What exactly is your threat model? That
Like Meta had committed to respect your privacy. Replace the name of the company with any of the top 50 companies in the world and go back how many have hold their promises - or just doing fine when breaking the rules. There is no legislation in the U.S. that can bankrupt the company for violating this? So there are no guarantees.
Meta openly torrented books and nobody asked them to remove/destroy their AI models. Similarly, for Anthropic, it was just a business cost. They were allowed to keep the models. No real consequences for breaking the rules.
It adds another provider that you have to trust with your data. Previously the assumption is that AWS was securely handling your data and you may have the data on AWS to start with anyways. Now you have two providers handling your data which doubles your risk if you trust them equally. If you think AWS has more robust data controls than Anthropic then it more than doubles your risk.
You may also have data management requirements such as allowed storage and transit countries as well as various certifications and contracts that you now need to extend to the second data processor.
Basically if you are already using AWS just adding the AWS-only bedrock model is legally easy and doesn't really change your security posture. If you need to now also log your data to Anthropic it makes the choice much more complicated.
Both can be true simultaneously. Anthropic can probably be trusted not to train on our Fable sessions, but eroding ZDR as the industry standard still sets a dangerous precedent.
There's a parallel between data retention and general mass surveillance. Sure, both systems can be used for purely benign purposes, with appropriate safeguards in place. But history shows that surveillance systems are alarmingly easy to co-opt for nefarious means, and model providers do have a heck of an incentive to leverage retained data for internal means.
This is worth protesting, even if I believe this policy itself does not immediately compromise my privacy.
> Note that Anthropic has committed not to train models on logged data, so I don’t understand some of the concerns here. What exactly is your threat model? That Anthropic would train models contrary to their terms of service? That you trust them enough not to log your data prior to this, but not enough to trust their stated limits on how logged data will be used now?
It is a different thing when they say they don't store your data.
And when they say they store your data for 30 days and review it for "issues", it makes your "spider sense" tingle. Who and how will review it, what are the "issues" they are looking for, etc. It is to vague and they can keep it this "dangerous" model for themselves.
Someone has never dealt with HIPAA laws and it shows.
Who out there is going to be feeding patient medical data to Mythos/Fable?
Whoever Anthropic can convince, to help them form a competitor to OpenEvidence, who already feed patient medical data into their systems.
...the same groups who are currently feeding it to Sonnet and Opus?
Well, they won't be feeding it to Fable unless Anthropic can provide a signed BAA.
Once you start storing anything, whether credit card numbers or AI inputs, then there is possibility (if not in fact probability) that you'll be hacked and it will leak.
Given Anthropic's failure to secure their own source code, do you really trust them to secure yours?
> Note that Anthropic has committed not to train models on logged data, so I don’t understand some of the concerns here. What exactly is your threat model?
First of all, will they respect that promise in the future? Because, you know… they already received your data and by some legal quirks they are already required to store it for so many years. “What’s your threat model”, uhh, sending confidential information to a third party.
It’s okay if you do this with your own personal property. But if you are working on client projects, what, are you going to start shipping customer data under nda without consent? Good luck in the court.
We shipped software to governments and some big companies where this is a big no-no. Try to explain to your clients that during the development process some pieces were sent to Antrophic, and they might keep it for whatever reasons.
here's how they train on your data:
an inference request comes in
claude fable RESTful API service does the stuff, some backend systems run the prefill and batch decode, and your conversation is cached for 5 minutes in some prefix cache.
the request is also sent to claude paraphraser, which does almost exactly the same thing as the compactor and rewrites your conversation.
then they record the paraphrased conversation and train on that. it keeps the salient parts of the conversation, like whatever internal knowledge you have, and disposes of anything that could have been correlated with the earlier conversation, which is easy to do because verification is a string comparison.
Pretty sure this doesn't work for any regulated enterprise or government client. But AWS knows this, so I am curious why they'd agree to it.
> why they'd agree to it
that's obvious, but perhaps worth stating: it's worth it, demand for the model is unprecedented and the only downside for Anthropic if AWS rejected would be some revenue pushed a quarter away as they get Fable ready on their recently acquired compute from xAI and Google.
It's the same for girthub copilot [1] which is more present in gov than aws's solutions.
Anthropic is trying, well see if it's a bold strategy.
1. https://github.blog/changelog/2026-06-09-claude-fable-5-is-g...
This smells like an advanced version of corporate espionage. Assuming most companies will use their AI in the future, this will be fed directly to an Echelon-like network that will be leaking "interesting info" to friendly parties, like the Boeing vs Airbus scandal that was first widely reported and then swept under the rug officially.
Why would a secret espionage program be partially publicized?
If they were doing some secret espionage or government surveillance with the data, they would just do it all in secret.
When there is a precise and legally defined boundary (i.e. ZDR means your data with Bedrock stays within the Amazon security and legal boundary), it becomes significantly more difficult to hide full data egress; without alarm bells being raised / mechanisms being accidentally discovered.
When you have a black box that sends the full stream to Anthropic, then everything (including what actually happens with the data) stays on the Anthropic side.
It's much harder to hide egress/exfil-at-scale completely; even if we assume NSA-level kernel rootkits, someone's still gonna notice "hey, why is this pipe saturated even though `nload` looks normal.
It's much easier to hide what you do with the full data when you have explanations for why you're doing egress/exfil.
Limited hangout. There's a Netflix documentary about Danny Casolaro that does a decent job summarising events, but I'm surprised I don't see much about Inslaw/PROMIS, and more than a decade on, it's as if Snowden never happened.
Smells more like a secret agreement with the government.
Not a sub processor for us, so insta banned. Also spiked the ball on us updating our sub processor list. If they'd done something in-cloud we wouldn't have blinked, but no governance or controls, non starter.
Wonder why Anthropic wants all those data? Isn't it a good company?
Ugh. I'm sure we're not the only company that's going to face the difficult decision to either stay with Opus 4.8, switch to a different model provider or update and significantly weaken our terms of service around no model re-training, not sending data to third parties and the like. I understand why Anthropic wants to do this but I'd be much more comfortable with it if the data never made it to Anthropic unless an analysis Amazon ran, maybe even using tools from Anthropic, determined that there was something to look at. That'd be an easier carve out in an enterprise Terms Of Service / Privacy Policy.
Can you explain what AWS supposedly guarantees currently that your company values? I am not super familiar with the platform but I would assume, just like any other US company, that they will provide data to US agencies upon legal request as per CLOUD act, regardless of place of storage etc.
First of all, the servers i run this on sits in the EU. While the Cloud Act can and would effect this that is not the concern from corporate.
If we as a company allow the data to be copied to other regions outside the EU then WE are not compliant with the rules and can be punished for it. That is what corporate is worried about. Just like we have a deal with OpenAI, but no documentation etc is allowed to be shared and that is being monitored by our SIEM platforms.
That sounds like it's mostly just collective whitewashing, in face of essentially no guarantees when push comes to shove?
Cancel your subscriptions, or you are to blame. Simple.
If you aren't voting with your wallet, you can't cry when the world ends.
Sure, but that's the recycling argument all over again, putting the onus on individuals when the real problem are the ultra wealthy, and in this case, the large corporations mandating AI usage and buying from the frontier labs.
Me, or even me + a ton of other individual devs cancelling their personal $100/month Claude plans are a drop in the bucket of the billions of dollars of enterprise revenue they bring in.
To enact change here, the answer is to unionize, and put an AI usage ban into union contracts. Coerce the companies into not buying.
That's it. If you have confidential data that you're running with Fable, you're giving that away for free. Maybe you have always been, but now they explicitly ask for it.
Is this related to the pricing for these models, since these are not going to be subsidised, they do not have much incentive to offer zdr.
My current thought is that many businesses use claude code on API based pricing opposed to subscriptions due to the zdr. However, these models are already not being subsidised?
One very important point here is that it looks like Anthropic is becoming GDPR controller for all submitted data. So data subjects have Article 15 right to request information about processing and possibly a copy of the data. Latter might be contested under "rights of others", but former is more absolute.
What this means it that if someone makes an Article 15 request, they would be entitled to know if Anthropic holds personal data about them and also from who they received this data at minimum.
If someone wants to do that, I would recommend combining it with Article 18 request to forbid deleting the data for legal claim in case you contest Anthropic's reply. Otherwise they could just delete the data per their retention policy and DPA would find much later that they no longer hold the data.
That rules it out for all sorts of apps.
I've worked on a few apps for UKGov and I would absolutely be raising this as a massive red flag.
Thank you!
you've got to respect anthropic being willing to shoot themselves in the foot over a belief around Mythos performance
What's stranger is that these models will be unrestricted to only corporates and still they need data to be stored?
What's the game plan?
So all HIPAA workloads are now going to be an issue? They should at least allow us to “retain data” per API key or login so the non-PHI workloads can use Fable and PHI can remain on other models and respect the ZDR.
They want your data like you everybody else and enterprise data is juicy to say at least
Who would have thought that our saviors will be the Chinese!?
I guess this is an anti-distillation move?
Same as for GitHub Copilot?
"For more on how Anthropic handles this data, see Anthropic’s commercial terms and data retention policy. Enabling the Claude Fable 5 policy constitutes acknowledgement of this requirement. Leaving it off keeps Claude Fable 5 unavailable to your organization."
https://github.blog/changelog/2026-06-09-claude-fable-5-is-g...
"Legally required" ... gotcha, script writing on Melania Movie 3 has begun in exchange for a national security letter requiring Amazon to both keep the data and not exclude it from training.
Is this also the case for Google Cloud? https://docs.cloud.google.com/gemini-enterprise-agent-platfo...
Fable on GCP requires accepting a 60-day retention policy: https://cloud.google.com/terms/advanced-ai-safety-addendum
I don't think it mentions sharing the data with third parties such as Anthropic?
> Through Google Cloud's Agent Platform: Retention will need to be enabled for your new covered model, and retained data stays in your GCP environment. When models become available, onboarding details will be shared.
From https://support.claude.com/en/articles/15425996-data-retenti...
At least it stays in your GCP environment, AWS disclosure says that it will leave your data privacy and security boundary.
That Claude support page says the exact same thing about AWS (“retained data stays in your AWS environment”). AWS’s docs say differently, though, so it seems one of them has incorrect documentation. I wouldn’t necessarily trust the Claude docs to be correct even regarding GCP until some of this is ironed out.
edit: Google’s own docs also say zero data retention isn’t possible with Fable and your data will be retained for 60 days “outside of your account”. I’m doubtful that this data sharing is an AWS-only thing.
The data-sharing surely is for all providers. I think the sentence "When models become available, onboarding details will be shared." hides a lot of things.
OpenAI ... your move. The enterprise market just cracked wide open. Do you want it?
It looks like they’ve been preparing: https://www.aboutamazon.com/news/aws/bedrock-openai-models
> For OpenAI GPT-5.4 and GPT-5.5, classifier-flagged traffic will be retained for up to 30 days for automated offline abuse detection.
https://docs.aws.amazon.com/bedrock/latest/userguide/abuse-d...
It is only abuse flagged data and there too for OpenAI they're not sharing that data with them. But for Anthropic they are.
That's different though. Anthropic want everything for 30 days, not just flagged prompts/interactions.
Why can't they flag everything?
Thank you! I missed this part in all the announcements
OpenAI won't be able to train competitive models without user data collection. The moat is data.
This is not going to fly in EU.
Americans’ increased awareness of and expectations of the EU is hilarious. This is not how it works.
I suspect they will simply not offer it, for as long as they maintain that it has to in fact fly. Anthropic appears to be somewhat principled here.
Yes it will, there's a clear purpose and the customer explicitly agrees.
This will fly in EU. As long as the company states the time period for which it will keep data and clean it afterwards, gdpr has no issues with the data retention.
Their carve-outs for safety (public interest) and legal are also valid exceptions in gdpr as well.
> As long as the company states the time period
But they don't, they have the "30 days", but just after that they add "unless ....". So the time period is vague.
But companies will have to request consent from there users for their data to be shared to Anthropic.
Since Anthropic is a US company the GDPR compliance claims would be dubious and open to litigation by entities like NOYB.
Yeah it'll fly legally.
Everybody should just assume that they are lying about data retention and learning anyway.
They showed zero respect for intellectual property in the past and they will show zero respect now or in the future. A few thousand Euros/dollars in subscription doesn't matter when several trillions are in play (at least in their plans).
Honestly, I have yet to see any evidence of data leak from private sources. I think one of the better example is "simple-bench", which at least used to be a low-key benchmark that I would assume would have been saturated quickly if the labs were secretly scooping up data from API requests. Yet it's been years and it has yet to be saturated.
It's easy to catch a data leak if you have private data. You know what the model is supposed to not know, and you can just ask to see if it does. Yet I have not seen or heard of a single case of this being documented. As far as I can tell the labs do in fact respect the request to opt out of training.
no, it's very much compatible with GDPR and other laws, as
it clearly (enough, kinda) communicated
1. what data they keep/collect
2. what they do with it (and that there is a reason to have it)
3. with whom they share it
4. how long they keep it
---
GDPR might require data minimalism, but that doesn't mean you can't keep "all" conversations/data. It just means you have to have a reason of why exactly need all of it (they have), only keep it as long as strictly necessary (they do) and not use it for other purposes (they claim to do that).
Also from a legal POV you can't really argue that collecting all conversations for detecting abuse patterns is "unreasonable"/"unnecessary" or similar, as to some degree the AI Act requires exactly that for "high risk" AIs/use cases. And while by the definition of the AI Act AWS Bedrock likely doesn't fall under "high risk" they can argue that some people could (against TOS) use it for "high risk" or "illegal" AI use cases which is part of the "misuse detection" thing for which they keep conversations for a month.
Lastly GDRP deletion requests still apply. But need to be processed within ... 1 month (wich AFIK in a generic duration context you can treat as 30 days, even through there is a single shorter month). So they "auto comply" with this, too.
> how long they keep it
AFAIR it is not clear, because they write it is "30 days, but ...":
> After 30 days, the data is deleted automatically, except in the rare cases where it's part of a safety investigation or we're legally required to keep it.
So you have a vague clause saying "when" and vague clause saying for "how long". If it will fly I would be surprised.
This is all pretty standard with GDPR.
"Also from a legal POV you can't really argue that collecting all conversations for detecting abuse patterns is "unreasonable"/"unnecessary" or similar"
It is also worth remembering that the entity that you are explaining this GDPR retention reasoning to is the government. I don't see the EU telling Anthropic or another AI company they can't do this for safety reasons... what I see is future legislation requiring them to give the EU access to these logs so they can enforce they own definitions of safety on it.
us europoors have a choice of using or not using Fable.
They say it's opt-in but since they are capable of agreeing to this, I am just waiting until they hide this opt-in into the regular ToS when asking for a new model access...
Simple solution here is to not use AI?
It’s worth noting that Anthropic has made some very odd moves in the last few months in which Claude Code reviews your usage of it and penalizes you for mentions of some short strings that don’t even indicate TOS violations. And if they’re going to insist on retaining all data for 30 days for nebulously defined “safety”, then I’m not particularly interested in doing business with them.
Imagine if they interpret “safety” such that they scan for the string “com.openai” and, if found, ask an LLM to summarize your entire session and send it for human review?
Things like siphoning your data and using it to train while nerfing the model for everyone else is just the beginning of shady, rug-pulling, enshitification behavior we should expect. The dev community more than ever now needs to focus on being self-reliant and supporting open source models. They're counting on our skills atrophying over time to where you need their models to get work done. Ask yourself, do you actually need a frontier model to do this work? I think in many cases the answer is no. Don't support hostile behavior like this. Also, you can bet they're going to front government surveillance if not by choice, by regulation and political pressure.
What I do is route general data to Mythos, and my own IP to a local model.
I expect them to train on their traffic, and I train on mine.
If it’s for future models at the same level of Sonnet and Opus, then it might become a problem for the for companies using this.
At the end of the day we will need private LLMs and Cohere might save a traço great chance here
Similar for GCP if anyone's wondering, and in fact a bit further in some ways: https://cloud.google.com/terms/advanced-ai-safety-addendum
60 days.
Very confident. But will it stick? And if it doesn't -- what then? Back to scheming?
Woah, if anthropic does it, even OpenAI would start doing the same with Azure models
*Anthropic requires it
> except in the rare cases where it's part of a safety investigation or we're legally required to keep it
So basically all your data will flow to NSA/CIA/Mossad if they show even slight interest in your org or you as a person. Gotcha.
always has been, they're explicitly warning you about this now.
They want your data.
> After 30 days, the data is deleted automatically
Do we believe that?
> or we're legally required to keep it.
Aha - so, data is forever.
> Do we believe that?
If you don't believe them now why would you have believed them earlier when they said "no data is retained" ?
it's either this or playing x30 for a token, anyhow i physically can't write code again
I mean being priced put of sota AI has been on the cards for a year it's mostly a question of when. If that will affect you maybe you should use the chance to resharpen your skills
Got an email from Zed about the same this morning.
What a "frontier."
Space.
Well, that's the final frontier anyway.
That's what they say, but is it really?
It's wild!
My thesis is that in software you don't want aggregators. They provide the promise of vendor neutrality, but it comes at the expense of increased supply chain compromise risk, small print technically legal data exfiltration.
Even in the happy case where nothing bad happens, you get a badly integrated product, because you integrate not against the actual vendor, but against a abstraction layer that commoditizes the actual product, effectively forcing you to either use the least common denominator of features, or circumventing the actual aggregation model itself with some kind of 'vendor_specific_parameters' parameter in the aggregator API.
My thesis is drop the vendor neutrality, and build your integration with the vendor directly.
Imagine still believing that local models do not have a use-case after seeing policies like this.
Anthropic does not care about you.
aaaand there it is.
lol
[flagged]
The data leaving AWS boundary kills this for any regulated workload. We've been running side-by-side evals of open models against Claude on private test suites, using Neo as the orchestration layer. Keeps everything in-house and gives us objective comparison data.
[flagged]
The regulated-enterprise angle is the interesting part. Bedrock's whole pitch to those customers was "your data never leaves your AWS boundary" — that's the line that gets it through procurement and compliance reviews. A 30-day retention requirement where traffic crosses into the vendor's boundary quietly invalidates that, and for healthcare/finance/gov it's not a knob they can flip no matter how good the model is. This is exactly why we keep our LLM layer provider-agnostic with a self-hosted fallback (Ollama-class models) for data-sensitive paths — you eat a capability hit, but you keep the option of not sending regulated data anywhere. The risk TZubiri names is real: the moment you're reaching for "vendor_specific_parameters," the neutrality you bought the aggregator for is already gone.
I understand the safety/misuse argument, but I wonder where enterprises will draw the line here. “30-day retention for advanced models” sounds reasonable in isolation, until you remember many teams are sending proprietary code, internal docs, or customer-sensitive context through these systems.
Yeah, this is quite concerning.
And FedRamp has some issues with data being sent out.
Our corp doesn't allow usage of local models because of concern about potential "agent sends out code to the net" issues.
[dead]
[dead]
[dead]
[dead]
[flagged]
This is BS. They want to train on user data.
[dead]
Because they didn't store data before? Don't be so naive.
Zero data retention was an enterprise agreement that Anthropic and Amazon agreed with customers and delivered on. There’s no way AWS would trade in their reputation with enterprises just to soak up some slop.
> Zero data retention was an enterprise agreement
Also broadly available to us plebs via openrouter and similar. Claude is available on there under ZDR terms via the Google Vertex and Amazon Bedrock providers.
Note that if you use AWS Bedrock then you're choosing to pay 10X to 20X because you trust AWS more than Anthropic.
It is literally 10X to 20-X cheaper to directly buy Anthropic subscriptions for your devs.
There’s a few things mixed up in this comment. But the 10-20x cheaper, I’m assuming comes from the difference between the number of tokens you can use on a $200 Claude Max subscription and the cost of those via the API. That’s neither here nor there for this topic around data retention as Fable has that on all providers.
And for the cost, if you’re an enterprise with more than 150 people, you’re on the token plan.
The token price is exactly the same on AWS as it is directly from Anthropic. This is the one service that AWS doesn't charge a huge markup for.
Yeah thats not the point though.
We 'trust' Amazon already and Amazon has no incentive at all to collect the data to finetune claude because they don't own claude.
What is the point then of a submission about how you will be required to share data with Anthropic? I’d say that the point is precisely that it’s an issue when you don’t trust them as much as Amazon.
Not sure if i follow you tbh.
I only told a commentor why a business would pay more to Amazon than going directly to Anthropic.
The announcement itself is def problematic and either leads to big companies accepting this and then going directly to anthropic or some talks in the background we don't know yet what it will entail.
If you were just repeating the commenter’s point about « choosing to pay 10X to 20X because you trust AWS more than Anthropic » what was not the point?
Amazon owns a large stake in Anthropic if I'm not mistaken?
Amazon's incentive is to fine tune their own possible future model
Amazon/AWS knows how to handle this conflict in a way that customers trust them enough.
Amazon has more to loose than Anthropic
Pro/max subs are not as flexible as bedrock in api use and don’t seem to run the same models either - often times they are notably dumber (quantized I guess) than bedrock equivalent.
Huh, I felt the inverse.
The security boundary that AWS maintains is important in a lot areas, like medical, where the datacenter has to support some specific certifications. It isn’t a choice to pay 10x more in those cases, it is the only option allowed.
I can't use "Claude Max" subscription and the likes with my own software, can I? Using OpenCode instead of ClaudeCode violates the ToS, doesn't it? How would I go about permissions and integrating with my other services I already run on AWS? IAM roles for Bedrock are pretty nice. You appear very confident and concerned about my spending, so please help me here!
I grant you the right to spend 10X to 20X on Bedrock. Use it wisely.
is the 10x the difference between a sub and api token pricing?
I mean, no. Even ignoring the very real benefit (for some) that comes with not needing to trust another party, there are use-cases beyond what you can do with “subscriptions”. Apples and oranges. People just have use cases that aren’t yours.