AWS Bedrock to require sharing data with Anthropic for Mythos and future models

427 points by TomAnthony ↗ HN
> For Fable 5, Mythos 5, and future models on Bedrock with similar or higher capability levels, Anthropic will require 30-day retention for all traffic on Mythos-class models. Retaining data for a limited period allows Anthropic to detect patterns of misuse that are not visible from a single exchange. Once you opt into data retention, your data will leave AWS’s data and security boundary.

From the announcement here: https://aws.amazon.com/blogs/aws/anthropic-claude-fable-5-on...

> After 30 days, the data is deleted automatically, except in the rare cases where it's part of a safety investigation or we're legally required to keep it.

From: https://support.claude.com/en/articles/15425996-data-retenti...

65 comments

[ 4.1 ms ] story [ 76.4 ms ] thread
Pretty sure this doesn't work for any regulated enterprise or government client. But AWS knows this, so I am curious why they'd agree to it.
"Legally required" ... gotcha, script writing on Melania Movie 3 has begun in exchange for a national security letter requiring Amazon to both keep the data and not exclude it from training.
I understand the safety/misuse argument, but I wonder where enterprises will draw the line here. “30-day retention for advanced models” sounds reasonable in isolation, until you remember many teams are sending proprietary code, internal docs, or customer-sensitive context through these systems.
> except in the rare cases where it's part of a safety investigation or we're legally required to keep it

So basically all your data will flow to NSA/CIA/Mossad if they show even slight interest in your org or you as a person. Gotcha.

This is not going to fly in EU.
Woah, if anthropic does it, even OpenAI would start doing the same with Azure models
They say it's opt-in but since they are capable of agreeing to this, I am just waiting until they hide this opt-in into the regular ToS when asking for a new model access...
Got an email from Zed about the same this morning.
My thesis is that in software you don't want aggregators. They provide the promise of vendor neutrality, but it comes at the expense of increased supply chain compromise risk, small print technically legal data exfiltration.

Even in the happy case where nothing bad happens, you get a badly integrated product, because you integrate not against the actual vendor, but against a abstraction layer that commoditizes the actual product, effectively forcing you to either use the least common denominator of features, or circumventing the actual aggregation model itself with some kind of 'vendor_specific_parameters' parameter in the aggregator API.

My thesis is drop the vendor neutrality, and build your integration with the vendor directly.

The regulated-enterprise angle is the interesting part. Bedrock's whole pitch to those customers was "your data never leaves your AWS boundary" — that's the line that gets it through procurement and compliance reviews. A 30-day retention requirement where traffic crosses into the vendor's boundary quietly invalidates that, and for healthcare/finance/gov it's not a knob they can flip no matter how good the model is. This is exactly why we keep our LLM layer provider-agnostic with a self-hosted fallback (Ollama-class models) for data-sensitive paths — you eat a capability hit, but you keep the option of not sending regulated data anywhere. The risk TZubiri names is real: the moment you're reaching for "vendor_specific_parameters," the neutrality you bought the aggregator for is already gone.
Same as for GitHub Copilot?

"For more on how Anthropic handles this data, see Anthropic’s commercial terms and data retention policy. Enabling the Claude Fable 5 policy constitutes acknowledgement of this requirement. Leaving it off keeps Claude Fable 5 unavailable to your organization."

https://github.blog/changelog/2026-06-09-claude-fable-5-is-g...

They want your data.

> After 30 days, the data is deleted automatically

Do we believe that?

> or we're legally required to keep it.

Aha - so, data is forever.

it's either this or playing x30 for a token, anyhow i physically can't write code again
OpenAI ... your move. The enterprise market just cracked wide open. Do you want it?
Because they didn't store data before? Don't be so naive.
Note that if you use AWS Bedrock then you're choosing to pay 10X to 20X because you trust AWS more than Anthropic.

It is literally 10X to 20-X cheaper to directly buy Anthropic subscriptions for your devs.

This is odd behaviour, and provides some evidence that Anthropic isn't being managed by serious people. With this policy across AWS/GH/Zed/etc, they're taking their massive lead in enterprise/govt sales and handing it to any competitor who can serve a model anywhere near these capabilities with a modestly nice UI.
That rules it out for all sorts of apps.

I've worked on a few apps for UKGov and I would absolutely be raising this as a massive red flag.

you've got to respect anthropic being willing to shoot themselves in the foot over a belief around Mythos performance