Anthropic requires 30 day data retention for Fable and Mythos

AI
Privacy
Security
Cloud
Developer Tools

The linked policy says Anthropic will retain traffic for its new Mythos-class models for roughly 30 days so it can investigate jailbreaks, multi-step attacks, and false positives. It says the data is not used to train future Claude models and adds controls like logging human access, but it applies across first-party and third-party surfaces. People quickly connected that to AWS Bedrock and Google Cloud’s Model Garden, where many teams had treated Anthropic access as effectively zero-retention and contractually fenced off.

If you use frontier coding or agentic models for regulated, NDA-bound, or sensitive work, you now need to re-check every vendor path and retention setting instead of assuming cloud wrappers preserve prior privacy terms. The practical fallback is narrowing usage to less sensitive tasks, self-hosted models, or providers whose retention and access terms are still contractually clear.

June 10, 2026
support.claude.com
Discuss on HN

Discussion mood

Strongly negative. Most comments saw this as a trust-breaking policy change that undercuts enterprise privacy expectations around Bedrock, Vertex, and coding agents, with extra frustration over vague language like "almost all cases" and the mismatch between premium model adoption and stricter retention.

Key insights

The policy language leaves a real carveout

The worry is not just 30-day retention. It is that Anthropic says deletion happens after 30 days in "almost all cases," which reads like permission to keep data longer when it wants to. That turned a bounded retention window into an open-ended trust problem, especially because Anthropic also highlighted new logging of human access rather than saying such access was structurally impossible before.

Do not treat this as a simple 30-day timer. Ask vendors to spell out the exceptions, the approval path for extended retention, and whether staff access can be technically blocked instead of merely logged.

Attribution:

pseudosavant #1
bagels #1
codebje #1

Coding agents widen the blast radius

The strongest operational point was that agentic coding tools do not just send a single prompt. They can traverse repositories, docs, issue trackers, shells, and credentials, so the retained dataset can become a working copy of how the company actually operates. That makes this policy much more consequential for Claude Code style workflows than for casual chat use.

Review agent permissions and context collection now. If you keep using these models, limit repository scope, strip secrets aggressively, and separate high-sensitivity projects from AI-assisted workflows.

Attribution:

connorboyle #1
drchaim #1
Ifkaluva #1

Cloud middlemen no longer preserve old privacy assumptions

People called out Google Cloud Model Garden and Bedrock because those had become the preferred path for enterprises that wanted Anthropic capability without direct retention risk. The complaint here is not theoretical. Teams said they are already switching agent settings from inherited defaults to explicit no-retention modes where possible and digging through cloud docs to see what still applies.

Map each model to its actual serving path and terms. A provider wrapper is no longer proof of zero retention, so procurement and engineering need a model-by-model data handling inventory.

Attribution:

hmokiguess #1
pbgcp2026 #1 #2
Daedren #1

NDA exposure depends on your normal toolchain

The NDA discussion cut through a lot of hand-wringing. For many companies, sending confidential material to a hosted model is legally similar to using SaaS tools like email, docs, or ticketing systems, because vendors are already part of normal operations. But commenters working in stricter environments said that is not universal at all. Some projects require on-prem systems, local development, or end-to-end encrypted external communications, and this policy clearly collides with that world.

Do not ask the abstract question of whether AI violates an NDA. Compare the model vendor to the exact handling rules your project already imposes on email, storage, messaging, and development environments.

Attribution:

thekevan #1
FiloSottile #1
layer8 #1 #2

The bigger fear is leaks, not Anthropic stealing your startup

A useful corrective was that most large vendors are unlikely to rifle through a small company’s code to clone its product. The more credible risk is accidental exposure through breach, misuse of personal data, or broad internal access to retained logs. That shifts the analysis from dramatic IP theft stories to ordinary data governance and incident response.

Frame this as a security and compliance problem, not a movie plot about provider espionage. Evaluate retention, access controls, auditability, and breach exposure the same way you would for any other sensitive SaaS.

Attribution:

ai-x #1
hnlmorg #1
switchbak #1

Against the grain

If you already send prompts, retention changes little

This view says the meaningful privacy decision happened the moment you chose a hosted model. Once your data is going to the provider anyway, temporary safety retention is not a categorical shift. On that framing, the outrage is misplaced unless your contracts specifically promised zero retention or your use case is sensitive enough that any cloud processing was already off limits.

Separate principle from threshold. If your policy already allows hosted inference for a workflow, decide whether 30-day storage actually changes the risk enough to block it instead of reacting as if this created an entirely new exposure.

Attribution:

keithnz #1
zb3 #1

The model may be risky enough to justify stricter logging

One commenter argued the retention is warranted if you have actually probed what these models can do. The implication is that Anthropic is reacting to real misuse and safety monitoring needs rather than grabbing data casually. That does not solve the enterprise trust issue, but it does explain why the company may see retention as operationally necessary for this model class.

Expect the best-performing models to come with tighter safety controls, not fewer. When evaluating frontier systems, budget for policy constraints as part of the product, not as a temporary annoyance.

Attribution:

lvl155 #1

In plain english

agentic coding ↩

Using an AI coding system that can take multi-step actions such as reading files, editing code, running tools, or navigating a repository with some autonomy.

AWS Bedrock ↩

Amazon Web Services Bedrock, a cloud service for accessing foundation models from multiple providers through AWS.

Google Cloud Model Garden ↩

Google Cloud’s catalog and deployment interface for using machine learning and foundation models.

IP ↩

Intellectual property, such as proprietary code, designs, trade secrets, or other protected business assets.

Mythos-class models ↩

Anthropic’s label for a category of Claude models that the policy says require retained traffic for safety monitoring.

NDA ↩

Non-disclosure agreement, a contract that restricts sharing confidential information.

Vertex ↩

Google Cloud Vertex AI, Google’s managed machine learning platform that includes access to external models.

Reference links

Primary reporting and policy

Anthropic data retention practices for Mythos-class models
The policy document at the center of the story that describes 30-day retention and related safeguards.
The Verge report on Microsoft restricting Claude Fable internally
Linked from the post text as related reporting around the model and its restrictions.

Cloud platform terms and related discussion

Google Cloud Advanced AI Safety Addendum
Shared as evidence that Google Cloud also requires customers to accept safety-related terms for deploying Fable 5.
AWS Bedrock to require sharing data with Anthropic for Mythos and future models
Referenced as an earlier active discussion of the same policy change through AWS Bedrock.