AWS Bedrock to require sharing data with Anthropic for Mythos and future models

74 points by TomAnthony 2 hours ago

> For Fable 5, Mythos 5, and future models on Bedrock with similar or higher capability levels, Anthropic will require 30-day retention for all traffic on Mythos-class models. Retaining data for a limited period allows Anthropic to detect patterns of misuse that are not visible from a single exchange. Once you opt into data retention, your data will leave AWS’s data and security boundary.

From the announcement here: https://aws.amazon.com/blogs/aws/anthropic-claude-fable-5-on-aws-mythos-class-capabilities-with-built-in-safeguards-now-available/

> After 30 days, the data is deleted automatically, except in the rare cases where it's part of a safety investigation or we're legally required to keep it.

From: https://support.claude.com/en/articles/15425996-data-retention-practices-for-mythos-class-models

OtherShrezzing 10 minutes ago

This is odd behaviour, and provides some evidence that Anthropic isn't being managed by serious people. With this policy across AWS/GH/Zed/etc, they're taking their massive lead in enterprise/govt sales and handing it to any competitor who can serve a model anywhere near these capabilities with a modestly nice UI.

rohansood15 1 hour ago

Pretty sure this doesn't work for any regulated enterprise or government client. But AWS knows this, so I am curious why they'd agree to it.

  • baq 25 minutes ago

    > why they'd agree to it

    that's obvious, but perhaps worth stating: it's worth it, demand for the model is unprecedented and the only downside for Anthropic if AWS rejected would be some revenue pushed a quarter away as they get Fable ready on their recently acquired compute from xAI and Google.

wewewedxfgdf 11 minutes ago

Note that if you use AWS Bedrock then you're choosing to pay 10X to 20X because you trust AWS more than Anthropic.

It is literally 10X to 20-X cheaper to directly buy Anthropic subscriptions for your devs.

1313ed01 45 minutes ago

Same as for GitHub Copilot?

"For more on how Anthropic handles this data, see Anthropic’s commercial terms and data retention policy. Enabling the Claude Fable 5 policy constitutes acknowledgement of this requirement. Leaving it off keeps Claude Fable 5 unavailable to your organization."

https://github.blog/changelog/2026-06-09-claude-fable-5-is-g...

rozumbrada 1 hour ago

They say it's opt-in but since they are capable of agreeing to this, I am just waiting until they hide this opt-in into the regular ToS when asking for a new model access...

zmmmmm 22 minutes ago

OpenAI ... your move. The enterprise market just cracked wide open. Do you want it?

_pdp_ 1 hour ago

This is not going to fly in EU.

  • jstummbillig 53 minutes ago

    I suspect they will simply not offer it, for as long as they maintain that it has to in fact fly. Anthropic appears to be somewhat principled here.

  • dhruvrrp 13 minutes ago

    This will fly in EU. As long as the company states the time period for which it will keep data and clean it afterwards, gdpr has no issues with the data retention.

    Their carve-outs for safety (public interest) and legal are also valid exceptions in gdpr as well.

officialchicken 1 hour ago

"Legally required" ... gotcha, script writing on Melania Movie 3 has begun in exchange for a national security letter requiring Amazon to both keep the data and not exclude it from training.

jedisct1 16 minutes ago

Because they didn't store data before? Don't be so naive.

  • tybit 11 minutes ago

    Zero data retention was an enterprise agreement that Anthropic and Amazon agreed with customers and delivered on. There’s no way AWS would trade in their reputation with enterprises just to soak up some slop.

adithyaharish 1 hour ago

Woah, if anthropic does it, even OpenAI would start doing the same with Azure models

TZubiri 1 hour ago

My thesis is that in software you don't want aggregators. They provide the promise of vendor neutrality, but it comes at the expense of increased supply chain compromise risk, small print technically legal data exfiltration.

Even in the happy case where nothing bad happens, you get a badly integrated product, because you integrate not against the actual vendor, but against a abstraction layer that commoditizes the actual product, effectively forcing you to either use the least common denominator of features, or circumventing the actual aggregation model itself with some kind of 'vendor_specific_parameters' parameter in the aggregator API.

My thesis is drop the vendor neutrality, and build your integration with the vendor directly.

razieloren 27 minutes ago

it's either this or playing x30 for a token, anyhow i physically can't write code again

drcongo 1 hour ago

Got an email from Zed about the same this morning.

themafia 1 hour ago

What a "frontier."

  • wewewedxfgdf 10 minutes ago

    Space.

    Well, that's the final frontier anyway.

shevy-java 42 minutes ago

They want your data.

> After 30 days, the data is deleted automatically

Do we believe that?

> or we're legally required to keep it.

Aha - so, data is forever.

  • toasty228 37 minutes ago

    > Do we believe that?

    If you don't believe them now why would you have believed them earlier when they said "no data is retained" ?

romanovcode 1 hour ago

> except in the rare cases where it's part of a safety investigation or we're legally required to keep it

So basically all your data will flow to NSA/CIA/Mossad if they show even slight interest in your org or you as a person. Gotcha.

codeduck 1 hour ago

aaaand there it is.