Alongside the Claude Fable 5 launch on June 9, 2026, Anthropic announced a new data retention policy: all queries to Mythos-class models — including Fable 5, Mythos 5, and future models of comparable or higher capability — will be retained for 30 days. The policy applies to every distribution platform, including AWS Bedrock, GitHub Copilot, Cursor, and Zed. Data exits AWS's security boundary and flows directly to Anthropic.
Key takeaways
- 30-day retention mandatory for all Mythos-class model traffic on every platform
- Enterprise customer data exits AWS's security boundary
- No opt-out — access to Fable 5 requires accepting data retention
- Anthropic states: data will not be used for model training; retention is for abuse detection
- Policy applies to both the Anthropic API and third-party integrations (Bedrock, Copilot)
What changes and for whom
Until now, enterprise customers on Amazon Bedrock relied on Zero Data Retention (ZDR) — a guarantee that queries stayed exclusively within AWS infrastructure without Anthropic access. This was a key selling point for financial services, government, and healthcare sectors where data cannot cross certain jurisdictional boundaries.
The new policy changes this fundamentally. Anthropic's announcement states directly: "Retaining data for a limited period allows us to detect patterns of misuse that are not visible from a single exchange." The company commits to deleting data after 30 days, except in safety investigations or legal requirements. Models will not be trained on this data — that is the official commitment.
From a compliance perspective, however, this contractual commitment does not replace the infrastructure guarantees that enterprise contracts were built on. The AWS Bedrock console now allows setting an account-wide flag to permit data egress to Anthropic — without that flag, queries to Fable 5 are blocked.
Enterprise sector response
A Hacker News discussion with over 220 points and more than 150 comments within hours reflects the scale of the problem. Companies in regulated sectors — banks, insurers, healthcare providers — largely deployed Claude through Bedrock precisely because of ZDR. They now face three options: stay on Claude Opus 4.8 (no retention), switch to another provider, or update their own terms of service and privacy policies.
In the European Union, the issue is more acute: customer data stored on AWS servers in the EU cannot be transferred to the US without meeting GDPR requirements. Transferring data to a US-based company classified as a data processor requires Standard Contractual Clauses or another transfer mechanism. For many regulated entities, this is a barrier that cannot be resolved by a configuration change.
It is worth noting that OpenAI on Bedrock applies similar constraints: traffic to GPT-5.4 and GPT-5.5 flagged by an abuse classifier is retained for up to 30 days — but by AWS itself, not transferred to OpenAI. That distinction matters in compliance terms.
Anthropic's motivation and IPO context
Anthropic filed a confidential S-1 with the SEC on June 1, 2026. The retention policy arrives as the company prepares for a public listing at a valuation exceeding $965 billion following its Series H round. Observers on HN suggested that gathering enterprise production data strengthens Anthropic's position before IPO — the company gains unique access to production data from the most demanding AI deployments in the industry.
Cohere co-founder Nick Frosst commented on this trend in the context of his open-source model: "Small, cost effective, Apache 2.0, and locally deployable — this is the way LLMs should go, versus large, expensive, proprietary and hegemonic."
Why this matters
Anthropic's shift in data retention boundaries matters beyond any single contract that may not renew. It sets a precedent for the entire sector: if the most capable model requires data transfer to the model provider as a condition of access, the existing trust division model — cloud infrastructure vs. AI provider — begins to erode.
For legal and engineering teams at European corporations, this means re-classifying Anthropic as a data sub-processor with all the consequences: DPAs, data protection impact assessments, regulatory approval for special category data. That is not a matter of weeks. This policy will have a measurable effect on the adoption pace of Mythos-class models in regulated industries.
What's next?
- Enterprise AWS customers have time until further notice — Anthropic has not specified when the block will be enforced for existing accounts
- Requests to challenge the policy from CNIL, EDPB, and other European supervisory authorities are likely to follow once the first companies receive compliance inquiries
- Competing models without retention requirements (Gemini Enterprise Agent Platform, Mistral models, GPT-5.4 on Bedrock via AWS-side retention) may capture contracts from regulated sectors within the next 30–60 days
