AWS Bedrock to require sharing data with Anthropic for Mythos and future models

> For Fable 5, Mythos 5, and future models on Bedrock with similar or higher capability levels, Anthropic will require 30-day retention for all traffic on Mythos-class models. Retaining data for a limited period allows Anthropic to detect patterns of misuse that are not visible from a single exchange. Once you opt into data retention, your data will leave AWS’s data and security boundary.

From the announcement here: https://aws.amazon.com/blogs/aws/anthropic-claude-fable-5-on-aws-mythos-class-capabilities-with-built-in-safeguards-now-available/

> After 30 days, the data is deleted automatically, except in the rare cases where it's part of a safety investigation or we're legally required to keep it.

From: https://support.claude.com/en/articles/15425996-data-retention-practices-for-mythos-class-models

201 points | by TomAnthony 5 hours ago

41 comments

pczy 47 minutes ago
This policy applies across all providers. Here is the warning in Cursor: https://i.redd.it/7sfyker2ya6h1.png
Note that Anthropic has committed not to train models on logged data, so I don’t understand some of the concerns here. What exactly is your threat model? That Anthropic would train models contrary to their terms of service? That you trust them enough not to log your data prior to this, but not enough to trust their stated limits on how logged data will be used now?
Edit: I am partially convinced by some of the replies. However, it is worth noting that this change primarily affects Enterprise users. Data from consumer plans is already retained for 30 days. Source: https://privacy.claude.com/en/articles/10023548-how-long-do-...
[-]
- krzyk 1 minute ago
  > Note that Anthropic has committed not to train models on logged data, so I don’t understand some of the concerns here. What exactly is your threat model? That Anthropic would train models contrary to their terms of service? That you trust them enough not to log your data prior to this, but not enough to trust their stated limits on how logged data will be used now?
  It is a different thing when they say they don't store your data.
  And when they say they store your data for 30 days and review it for "issues", it makes your "spider sense" tingle. Who and how will review it, what are the "issues" they are looking for, etc. It is to vague and they can keep it this "dangerous" model for themselves.
- zmmmmm 38 minutes ago
  > you trust them enough not to log your data prior to this, but not enough to trust their stated limits on how logged data will be used now
  It doesn't really matter how much you happen trust another party. In the regulatory world it only matters what contracts they will sign that guarantee their compliance. We do have those with AWS, we don't with Anthropic. If Anthropic physically captures the data, they just moved themselves outside the boundary of parties who we can do business with. Unless they want to sign a contract and implement all the corresponding compliance measures. They are insane if they think that's a good deal for them to do all that right now in every jurisdiction where AWS operates, when AWS has already spent a decade building it up.
  [-]
  - tyingq 14 minutes ago
    It will absolutely cause some non-trivial number of customers to shift their configs away from Anthropic.
    [-]
    - jerf 3 minutes ago
      Which will work for the several weeks it takes for the other commercial providers to follow suit.
      The tides are turning. AI companies are IPO'ing. They've gotten where they are by selling $5 bills for $1, to update the old VC adage. I think we can look forward to them rewriting the contracts, both literal and social, on AI going forward to capture a lot more of the value. Or, to put it in more HN-friendly terms, it may not be immediately obvious on a casual viewing, but you're looking at the beginning of the enshittification process hitting AI. The term is a bit deceptive in some sense, because it's not like anyone ever sets out with a terminal goal of making something shitty. It's downstream of trying to capture more value in the customer/vendor relationship by not giving the customer any more value than is barely necessary.
      How's coding with qwen doing? The only thing that's going to stop the AI providers from extracting all the value until it's just barely worth using is the free competition.
- kevincox 40 minutes ago
  It adds another provider that you have to trust with your data. Previously the assumption is that AWS was securely handling your data and you may have the data on AWS to start with anyways. Now you have two providers handling your data which doubles your risk if you trust them equally. If you think AWS has more robust data controls than Anthropic then it more than doubles your risk.
  You may also have data management requirements such as allowed storage and transit countries as well as various certifications and contracts that you now need to extend to the second data processor.
  Basically if you are already using AWS just adding the AWS-only bedrock model is legally easy and doesn't really change your security posture. If you need to now also log your data to Anthropic it makes the choice much more complicated.
- _jab 40 minutes ago
  Both can be true simultaneously. Anthropic can probably be trusted not to train on our Fable sessions, but eroding ZDR as the industry standard still sets a dangerous precedent.
  There's a parallel between data retention and general mass surveillance. Sure, both systems can be used for purely benign purposes, with appropriate safeguards in place. But history shows that surveillance systems are alarmingly easy to co-opt for nefarious means, and model providers do have a heck of an incentive to leverage retained data for internal means.
  This is worth protesting, even if I believe this policy itself does not immediately compromise my privacy.
- HarHarVeryFunny 40 minutes ago
  Once you start storing anything, whether credit card numbers or AI inputs, then there is possibility (if not in fact probability) that you'll be hacked and it will leak.
  Given Anthropic's failure to secure their own source code, do you really trust them to secure yours?
- zsoltkacsandi 39 minutes ago
  We shipped software to governments and some big companies where this is a big no-no. Try to explain to your clients that during the development process some pieces were sent to Antrophic, and they might keep it for whatever reasons.
dsign 1 hour ago
The root of the problem is that AI-as-a-service is corked, because companies providing it have a hell of an incentive to use all that data to out-compete their competitors, and they can do so in secret. To say nothing of salivating law-enforcement who really, really wants to tap into it. I'm hoping there will be at some point open-source and affordable hardware that can run competent models.
[-]
- miohtama 1 hour ago
  Already happening
  https://www.theguardian.com/world/2026/feb/23/openai-tumber-...
- JeremyNT 21 minutes ago
  It's all extremely dystopian and I don't see how things improve. The handful of megacorps that have access to the compute and troves of stolen IP to train their secret models on have no incentive to contribute back.
  They say their models are too dangerous for the public, so they can nerf the GA versions while allowing only their preferred megacorp or nation state partners access to the real secret good versions.
  We can hope the Chinese open weight models will catch up, but if/when they really reach parity with proprietary frontier models you can bet they'll stop releasing their weights too. They don't do this stuff out of the kindness of their hearts.
  It's tough to imagine what might possibly derail this.
OtherShrezzing 3 hours ago
This is odd behaviour, and provides some evidence that Anthropic isn't being managed by serious people. With this policy across AWS/GH/Zed/etc, they're taking their massive lead in enterprise/govt sales and handing it to any competitor who can serve a model anywhere near these capabilities with a modestly nice UI.
[-]
- cobolcomesback 58 minutes ago
  Every one of the competitors capable of a similar model have been salivating for a long time at the idea of consensual data sharing. Anthropic just opened the door for everyone to do the same thing without having to deal with being the first to do so. My bet is that OpenAI etc’s next model will have these same requirements.
  Ever since the Mythos announcement it’s been clear that we’re heading towards a future where SOTA models are no longer available to the average person, and not only cost more, but also require payment in the form of use case verification and data sharing. OpenAI’s 5.5-Cyber model requires the same, so it’s not just Anthropic.
  We’re unhappy with this because we’ve all gotten used to being able to play with the new shiny model as soon as it’s available, but what I’m seeing in this thread about Anthropic being “stupid” is emotion-based wishful thinking.
  [-]
  - calgoo 25 minutes ago
    No, we are unhappy because there is no guarantee that my corporate documents wont be shared or trained on. We are already paying plus for using bedrock instead of the API version from Anthropic, so now there is no reason to use bedrock anymore. This whole thing about this model being too powerful to share is just the usual BS. Is an advanced model that dont have guardrails, just like the models that have been shared with the US government for years.
  - iterateoften 37 minutes ago
    This narrative any criticism about Anthropic is emotional is such corporate cope that it boggles the mind to see people defend a trillion dollar corporation time and time again all while the same corporation actively makes things worse for the average person.
    Cool. Everybody is doing it. Doesn’t make it right or make it good for the people. Everyone should complain and help others wake up that Anthropic isn’t the “good guys” like their narrative in Feb/march led so many to believe.
    [-]
    - foobar_______ 21 minutes ago
      Preach. I think I left a nearly identical comment yesterday in another thread. "well, the other companies do it too so they're not that bad" is absurdity. "that got shit on my couch, but he didn't shit in my mouth so he's not really that bad" just seems so misguided.
    - cobolcomesback 24 minutes ago
      Can you please show where in my comment it’s stated that Anthropic is the “good guys” or is defending Anthropic in any way?
      Your straw man isn’t helpful here.
- jeremyjh 1 hour ago
  They are betting that without a competitor distilling their most powerful models, they can stay ahead far enough and long enough that people will accept this.
  [-]
  - calgoo 24 minutes ago
    I mean, all the competitors need to do is to have a big context window and minimal guardrails and magic, the AI can now hack your server!
- UqWBcuFx6NV4r 2 hours ago
  Let’s be real, chances are that the people with a lot of money on the line have given it more thought than the passing thought that you gave this comment.
  [-]
  - disgruntledphd2 1 hour ago
    > Let’s be real, chances are that the people with a lot of money on the line have given it more thought than the passing thought that you gave this comment.
    In theory, definitely.
    But this seems like a really, really, really no-good seriously bad decision from Anthropic. Like, I get why they want this (and can see it from their perspective), but many of their largest clients literally cannot allow this without regulator sign-off, which almost certainly won't be forthcoming.
    Like, if the Fed and the ECB say this is OK then it might work, but other than that I predict that this decision will be reversed ~soon.
    [-]
    - brookst 47 minutes ago
      I’m not sure that’s true. Do the Fed and ECB sign off on telcos keeping records of who these companies called? Of car rental companies keeping records of where employees rented cars?
      As long as it’s service telemetry, not used for model training, not inspected by humans, not analyzed except for service purposes… I don’t see the regulatory issue.
      Are there any regulations covering what telemetry your service providers can keep? I’m skeptical, but even if so it would be trivial for Anthropic to exempt certain larger customers while still keeping the policy published as universal.
      [-]
      - disgruntledphd2 23 minutes ago
        It's more that banks etc are special-cased in a lot of the law around this, which makes the Fed/ECB (more often national regulators aligned with these) really important in determining what they are and aren't allowed to do.
        By definition lots of the use of AI in these companies is gonna require personal data/PII etc (particularly in KYC/compliance or general processing usecases) which means that there's a regulatory constraint.
        I personally would've thought that said organisations and regulators would be massively opposed to this for privacy and risk reasons, which is why I think this won't happen.
        Even the companies with less sensitive data are generally paranoid about service providers getting "their" (actually their customers) data.
        > Are there any regulations covering what telemetry your service providers can keep?
        In the EU, this should be proportionate and should avoid special categories of personal data (which FIs will have a lot of).
    - Aurornis 23 minutes ago
      > but many of their largest clients literally cannot allow this without regulator sign-off,
      Their largest clients can negotiate their own deals with their own terms.
      They do not have to go through the same public Amazon Bedrock deal that you and I sign up for.
  - chatmasta 2 hours ago
    They give it some thought, but Anthropic and AWS have the whole menu of compliance and security checkboxes needed to reassure CISO it doesn’t need to be “the office of no” and can allow the AI onboarding. The pressure to adopt and adapt to AI is so high right now that there’s nothing a CISO or CFO can say to stop its adoption. And the more they say “no” or “wait,” the more at-risk they put their job.
    [-]
    - realusername 1 hour ago
      I know the only reason we are using Claude right now in my large org was because of this policy and another model would have been picked otherwise
      [-]
      - flir 1 hour ago
        A model that opens the slightest gap for a leak would be unacceptable to the org I work for. We are very paranoid about losing vulnerable customers' data.
        [-]
        chatmasta 1 hour ago
        Anthropic has all the answers for that. You’ll go through some compliance exercises and classify them as a subprocessor of highest tier of data sensitivity.
        [-]
        calgoo 21 minutes ago
        Except they are an American corpo and there is no guarantee that the data will stay on EU servers, so that is a giant NO at the moment. This was the main reason to stick with Bedrock, as it supposedly stays within your aws account on the EU servers. Now? Whats the points in using Bedrock anymore apart from paying more.
        realusername 19 minutes ago
        There's no way to do that with EU laws, the data has to stay on EU servers.
        That might work in some countries but Anthropic approach here doesn't fit the legal requirements in the EU.
  - embedding-shape 1 hour ago
    > chances are that the people with a lot of money on the line have given it more thought
    Sure, but considering the average person and how short-term their thinking tends to be, I'm not sure I'd jump straight into "think about how much money they could lose, of course they think long-term".
  - lijok 2 hours ago
    You would be very, very surprised
    [-]
    - j-bos 2 hours ago
      Yeah, seen some downright facepalm moves from execs regarding AI and security.
      [-]
      - embedding-shape 1 hour ago
        Don't even need to involve AI or security to be able to highlight some very strange decisions that seem more like intentional sabotage from the inside than anything else. Of course, people are more likely just dumb and lack long-term thinking.
  - wqaatwt 1 hour ago
    Intelligent individuals tend to make rational decisions very often this doesn’t result in rational behavior on the organizational level.
    Large corporations like Microslop, Google, Meta etc. were frequently behave like headless chickens
  - panny 1 hour ago
    You've mistaken "a lot of money" with "intelligence." Which is why I think the AI crowd really really wants this magical machine god thing to succeed. Then they can really have money = intelligence whilst keeping the rest of us poor and stupid. You know, like how they used to prevent literacy among the slaves.
  - ReptileMan 2 hours ago
    Counter point - Marisa Mayer and Stephen Elop.
  - cyanydeez 2 hours ago
    right, and they realize the money doesnt exist unless they inflate the values in shadow circles of flow.
- HarHarVeryFunny 17 minutes ago
  > This is odd behaviour, and provides some evidence that Anthropic isn't being managed by serious people
  It's hard to tell how much of what Anthropic are currently saying is just pre-IPO marketing bullshit, or how much will be their long-term policy.
  If this is just marketing bullshit ("our models are so powerful we need to keep them chained up at night"), then it does seems massively ill-conceived. I can't think of a better way to break hard-earned customer trust than to say:
  1) If we don't like what you're working on - if we think it may complete with ourselves - they we will silently fuck-up the code you're paying us to generate for you
  2) Much reduced privacy guarantee. We will now retain everything you send us for an unspecified amount of time while we investigate it
  Both of these seem especially self-defeating given that Anthropic has been very successful at courting corporate use, especially coding, and also still seem interested in courting military use.
  The silently refusing to comply one (do they just mean deliberately dumbed down, not giving you what you are paying for, or actively sabotaging the generated code?) is really quite extraordinary. Why not just refuse the request? Perhaps they want to claim that gives too much signal as to what they think is valuable, although I think this "recursive self-improvement" story is 100% bullshit trying to juice the IPO. Are they really so arrogant to think that every other company developing LLMs hasn't figured out things like basic development infra?
  IMO just the fact that Anthropic think it's in any way acceptable to silently fail requests that might reflect someone else trying to build anything that competes with them is bad enough, but the massive incompetence in what "Fable" is refusing shows that any such decision making is going to be causing them to silently fail a lot more than what they are trying to do.
  The Anthropic model names "Mythos", "Fable" seem to have been conceived by a 14-year old thinking that "epic" names will convince people that the model is powerful. It's a bit like putting racing stripes and a loud farting exhaust on your Honda Civic.
- RA_Fisher 2 hours ago
  I don’t think there are other models near Fable’s capabilities.
  [-]
  - HarHarVeryFunny 5 minutes ago
    That remains to be seen.
    It's notable that Anthropic are still using SWEBench as a coding benchmark rather than the newer more difficult DeepSWE which shows them well behind GPT 5.5
    https://deepswe.datacurve.ai/
    Bear in mind that all the marketing efforts such as solving Erdos problem are the result of concerted RL training to impart those narrow capabilities, and how much of any benchmark results, or paid shill vibe reports, reflect improved performance for more general real-world use cases remains to be seen.
  - fc417fc802 1 hour ago
    For how long though? The past two months have seen a ridiculous number of model releases.
  - ImPostingOnHN 39 minutes ago
    Why don't you think that? What I've read is that other models can find the same bugs.
- pitched 2 hours ago
  OpenAI just added their own models to Bedrock recently too, making that an easy switch.
  [-]
  - voxic11 2 hours ago
    Bedrock doesn't offer zero data retention for OpenAI's latest models either
    > For OpenAI GPT-5.4 and GPT-5.5, classifier-flagged traffic will be retained for up to 30 days for automated offline abuse detection
    https://docs.aws.amazon.com/bedrock/latest/userguide/abuse-d...
    [-]
    - easton 1 hour ago
      I think that’s by AWS though. For Fable you need to flip an account wide flag that says “I want to share my prompts with the model vendor.”
      [-]
      - justinclift 1 hour ago
        The Fable announcement page on the Anthropic site says this data sharing will be applied regardless of the sharing setting of the company account.
        https://www.anthropic.com/news/claude-fable-5-mythos-5#a-new...
        ---
        ## A new data retention policy Finally, we’re making a change to the way we handle business customer data for Fable 5, Mythos 5, and future models with similar or higher capability levels. We will require 30-day retention for all traffic on Mythos-class models, on both first- and third-party surfaces. [...]
        [-]
        voxic11 35 minutes ago
        No it says sharing is required. If you don't change the setting on your account then you simply can't access Fable, its not like the setting is ignored. I just tried this on my account and it blocks API requests to Fable.
- scottmcmac 1 hour ago
  I mean, they were already capacity constrained and just introduced a larger model that takes more capacity to run... They were gonna have to hand some business to competitor one way or another.
  [-]
  - disgruntledphd2 1 hour ago
    > I mean, they were already capacity constrained and just introduced a larger model that takes more capacity to run
    I am willing to bet that the SpaceX deal is probably why Fable's launching now, as they are much less compute constrained than they were a month ago.
  - irthomasthomas 1 hour ago
    Is it a larger model or just better trained? Anthropic does not actually claim it is a larger model anywhere that I can see.
    [-]
    - ChrisLTD 1 hour ago
      If it’s not larger, it’d be tough to justify the massive price increase for using it.
      [-]
      - brookst 41 minutes ago
        Price is based on perceived value, not cost to produce. There is no international court of price justifications; if customers are willing to pay $X you can charge $X.
      - BoorishBears 59 minutes ago
        Opus 4.7 was smaller and people still paid 4.6 prices.
        gpt-5.5 isn't larger than gpt-5.4 but costs double.
storus 1 hour ago
This smells like an advanced version of corporate espionage. Assuming most companies will use their AI in the future, this will be fed directly to an Echelon-like network that will be leaking "interesting info" to friendly parties, like the Boeing vs Airbus scandal that was first widely reported and then swept under the rug officially.
[-]
- Aurornis 19 minutes ago
  Why would a secret espionage program be partially publicized?
  If they were doing some secret espionage or government surveillance with the data, they would just do it all in secret.
  [-]
  - boysenberry 4 minutes ago
    Limited hangout. There's a Netflix documentary about Danny Casolaro that does a decent job summarising events, but I'm surprised I don't see much about Inslaw/PROMIS, and more than a decade on, it's as if Snowden never happened.
- thisisauserid 1 hour ago
  Smells more like a secret agreement with the government.
rohansood15 4 hours ago
Pretty sure this doesn't work for any regulated enterprise or government client. But AWS knows this, so I am curious why they'd agree to it.
[-]
- baq 3 hours ago
  > why they'd agree to it
  that's obvious, but perhaps worth stating: it's worth it, demand for the model is unprecedented and the only downside for Anthropic if AWS rejected would be some revenue pushed a quarter away as they get Fable ready on their recently acquired compute from xAI and Google.
- whynotmaybe 2 hours ago
  It's the same for girthub copilot [1] which is more present in gov than aws's solutions.
  Anthropic is trying, well see if it's a bold strategy.
  1. https://github.blog/changelog/2026-06-09-claude-fable-5-is-g...
jreynar 1 hour ago
Ugh. I'm sure we're not the only company that's going to face the difficult decision to either stay with Opus 4.8, switch to a different model provider or update and significantly weaken our terms of service around no model re-training, not sending data to third parties and the like. I understand why Anthropic wants to do this but I'd be much more comfortable with it if the data never made it to Anthropic unless an analysis Amazon ran, maybe even using tools from Anthropic, determined that there was something to look at. That'd be an easier carve out in an enterprise Terms Of Service / Privacy Policy.
[-]
- jstummbillig 58 minutes ago
  Can you explain what AWS supposedly guarantees currently that your company values? I am not super familiar with the platform but I would assume, just like any other US company, that they will provide data to US agencies upon legal request as per CLOUD act, regardless of place of storage etc.
  [-]
  - calgoo 10 minutes ago
    First of all, the servers i run this on sits in the EU. While the Cloud Act can and would effect this that is not the concern from corporate.
    If we as a company allow the data to be copied to other regions outside the EU then WE are not compliant with the rules and can be punished for it. That is what corporate is worried about. Just like we have a deal with OpenAI, but no documentation etc is allowed to be shared and that is being monitored by our SIEM platforms.
    [-]
    - jstummbillig 2 minutes ago
      That sounds like it's mostly just collective whitewashing, in face of essentially no guarantees when push comes to shove?
thefounder 1 hour ago
They want your data like you everybody else and enterprise data is juicy to say at least
stuaxo 2 hours ago
That rules it out for all sorts of apps.
I've worked on a few apps for UKGov and I would absolutely be raising this as a massive red flag.
[-]
- ttemae 1 hour ago
  Thank you!
htrp 2 hours ago
you've got to respect anthropic being willing to shoot themselves in the foot over a belief around Mythos performance
1313ed01 3 hours ago
Same as for GitHub Copilot?
"For more on how Anthropic handles this data, see Anthropic’s commercial terms and data retention policy. Enabling the Claude Fable 5 policy constitutes acknowledgement of this requirement. Leaving it off keeps Claude Fable 5 unavailable to your organization."
https://github.blog/changelog/2026-06-09-claude-fable-5-is-g...
throwfaraway4 20 minutes ago
Things like siphoning your data and using it to train while nerfing the model for everyone else is just the beginning of shady, rug-pulling, enshitification behavior we should expect. The dev community more than ever now needs to focus on being self-reliant and supporting open source models. They're counting on our skills atrophying over time to where you need their models to get work done. Ask yourself, do you actually need a frontier model to do this work? I think in many cases the answer is no. Don't support hostile behavior like this. Also, you can bet they're going to front government surveillance if not by choice, by regulation and political pressure.
xnx 2 hours ago
Is this also the case for Google Cloud? https://docs.cloud.google.com/gemini-enterprise-agent-platfo...
[-]
- lima 2 hours ago
  Fable on GCP requires accepting a 60-day retention policy: https://cloud.google.com/terms/advanced-ai-safety-addendum
  I don't think it mentions sharing the data with third parties such as Anthropic?
  [-]
  - Sayrus 2 hours ago
    > Through Google Cloud's Agent Platform: Retention will need to be enabled for your new covered model, and retained data stays in your GCP environment. When models become available, onboarding details will be shared.
    From https://support.claude.com/en/articles/15425996-data-retenti...
    [-]
    - walthamstow 1 hour ago
      At least it stays in your GCP environment, AWS disclosure says that it will leave your data privacy and security boundary.
      [-]
      - cobolcomesback 1 hour ago
        That Claude support page says the exact same thing about AWS (“retained data stays in your AWS environment”). AWS’s docs say differently, though, so it seems one of them has incorrect documentation. I wouldn’t necessarily trust the Claude docs to be correct even regarding GCP until some of this is ironed out.
        edit: Google’s own docs also say zero data retention isn’t possible with Fable and your data will be retained for 60 days “outside of your account”. I’m doubtful that this data sharing is an AWS-only thing.
        [-]
        Sayrus 31 minutes ago
        The data-sharing surely is for all providers. I think the sentence "When models become available, onboarding details will be shared." hides a lot of things.
officialchicken 4 hours ago
"Legally required" ... gotcha, script writing on Melania Movie 3 has begun in exchange for a national security letter requiring Amazon to both keep the data and not exclude it from training.
gdiamos 1 hour ago
What I do is route general data to Mythos, and my own IP to a local model.
I expect them to train on their traffic, and I train on mine.
avereveard 27 minutes ago
*Anthropic requires it
rozumbrada 4 hours ago
They say it's opt-in but since they are capable of agreeing to this, I am just waiting until they hide this opt-in into the regular ToS when asking for a new model access...
zmmmmm 3 hours ago
OpenAI ... your move. The enterprise market just cracked wide open. Do you want it?
[-]
- pitched 2 hours ago
  It looks like they’ve been preparing: https://www.aboutamazon.com/news/aws/bedrock-openai-models
  [-]
  - afavour 1 hour ago
    > For OpenAI GPT-5.4 and GPT-5.5, classifier-flagged traffic will be retained for up to 30 days for automated offline abuse detection.
    https://docs.aws.amazon.com/bedrock/latest/userguide/abuse-d...
    [-]
    - rohansood15 1 hour ago
      It is only abuse flagged data and there too for OpenAI they're not sharing that data with them. But for Anthropic they are.
    - disgruntledphd2 1 hour ago
      That's different though. Anthropic want everything for 30 days, not just flagged prompts/interactions.
cherryteastain 1 hour ago
I guess this is an anti-distillation move?
_bobm 1 hour ago
Very confident. But will it stick? And if it doesn't -- what then? Back to scheming?
_pdp_ 4 hours ago
This is not going to fly in EU.
[-]
- dathinab 7 minutes ago
  no, it's very much compatible with GDPR and other laws, as
  it clearly (enough, kinda) communicated
  1. what data they keep/collect
  2. what they do with it (and that there is a reason to have it)
  3. with whom they share it
  4. how long they keep it
  ---
  GDPR might require data minimalism, but that doesn't mean you can't keep "all" conversations/data. It just means you have to have a reason of why exactly need all of it (they have), only keep it as long as strictly necessary (they do) and not use it for other purposes (they claim to do that).
  Also from a legal POV you can't really argue that collecting all conversations for detecting abuse patterns is "unreasonable"/"unnecessary" or similar, as to some degree the AI Act requires exactly that for "high risk" AIs/use cases. And while by the definition of the AI Act AWS Bedrock likely doesn't fall under "high risk" they can argue that some people could (against TOS) use it for "high risk" or "illegal" AI use cases which is part of the "misuse detection" thing for which they keep conversations for a month.
  Lastly GDRP deletion requests still apply. But need to be processed within ... 1 month (wich AFIK in a generic duration context you can treat as 30 days, even through there is a single shorter month). So they "auto comply" with this, too.
- UqWBcuFx6NV4r 2 hours ago
  Americans’ increased awareness of and expectations of the EU is hilarious. This is not how it works.
- jstummbillig 3 hours ago
  I suspect they will simply not offer it, for as long as they maintain that it has to in fact fly. Anthropic appears to be somewhat principled here.
  [-]
- lima 2 hours ago
  Yes it will, there's a clear purpose and the customer explicitly agrees.
- dhruvrrp 3 hours ago
  This will fly in EU. As long as the company states the time period for which it will keep data and clean it afterwards, gdpr has no issues with the data retention.
  Their carve-outs for safety (public interest) and legal are also valid exceptions in gdpr as well.
  [-]
  - LunaSea 46 minutes ago
    But companies will have to request consent from there users for their data to be shared to Anthropic.
    Since Anthropic is a US company the GDPR compliance claims would be dubious and open to litigation by entities like NOYB.
  - Vespasian 1 hour ago
    Yeah it'll fly legally.
    Everybody should just assume that they are lying about data retention and learning anyway.
    They showed zero respect for intellectual property in the past and they will show zero respect now or in the future. A few thousand Euros/dollars in subscription doesn't matter when several trillions are in play (at least in their plans).
    [-]
    - stalfie 8 minutes ago
      Honestly, I have yet to see any evidence of data leak from private sources. I think one of the better example is "simple-bench", which at least used to be a low-key benchmark that I would assume would have been saturated quickly if the labs were secretly scooping up data from API requests. Yet it's been years and it has yet to be saturated.
      It's easy to catch a data leak if you have private data. You know what the model is supposed to not know, and you can just ask to see if it does. Yet I have not seen or heard of a single case of this being documented. As far as I can tell the labs do in fact respect the request to opt out of training.
- baq 1 hour ago
  us europoors have a choice of using or not using Fable.
BoorishBears 1 hour ago
Similar for GCP if anyone's wondering, and in fact a bit further in some ways: https://cloud.google.com/terms/advanced-ai-safety-addendum
60 days.
adithyaharish 4 hours ago
Woah, if anthropic does it, even OpenAI would start doing the same with Azure models
romanovcode 4 hours ago
> except in the rare cases where it's part of a safety investigation or we're legally required to keep it
So basically all your data will flow to NSA/CIA/Mossad if they show even slight interest in your org or you as a person. Gotcha.
[-]
- baq 1 hour ago
  always has been, they're explicitly warning you about this now.
rvz 19 minutes ago
Imagine still believing that local models do not have a use-case after seeing policies like this.
Anthropic does not care about you.
razieloren 3 hours ago
it's either this or playing x30 for a token, anyhow i physically can't write code again
[-]
- dwedge 1 hour ago
  I mean being priced put of sota AI has been on the cards for a year it's mostly a question of when. If that will affect you maybe you should use the chance to resharpen your skills
shevy-java 3 hours ago
They want your data.
> After 30 days, the data is deleted automatically
Do we believe that?
> or we're legally required to keep it.
Aha - so, data is forever.
[-]
- toasty228 3 hours ago
  > Do we believe that?
  If you don't believe them now why would you have believed them earlier when they said "no data is retained" ?
drcongo 4 hours ago
Got an email from Zed about the same this morning.
themafia 4 hours ago
What a "frontier."
[-]
- wewewedxfgdf 3 hours ago
  Space.
  Well, that's the final frontier anyway.
  [-]
  - skeledrew 1 hour ago
    That's what they say, but is it really?
- Hamuko 4 hours ago
  It's wild!
TZubiri 3 hours ago
My thesis is that in software you don't want aggregators. They provide the promise of vendor neutrality, but it comes at the expense of increased supply chain compromise risk, small print technically legal data exfiltration.
Even in the happy case where nothing bad happens, you get a badly integrated product, because you integrate not against the actual vendor, but against a abstraction layer that commoditizes the actual product, effectively forcing you to either use the least common denominator of features, or circumventing the actual aggregation model itself with some kind of 'vendor_specific_parameters' parameter in the aggregator API.
My thesis is drop the vendor neutrality, and build your integration with the vendor directly.
dhavd 3 hours ago
lol
codeduck 4 hours ago
aaaand there it is.
gauravvij137 1 hour ago
The data leaving AWS boundary kills this for any regulated workload. We've been running side-by-side evals of open models against Claude on private test suites, using Neo as the orchestration layer. Keeps everything in-house and gives us objective comparison data.
lufiya01 46 minutes ago
[dead]
chattermate 3 hours ago
The regulated-enterprise angle is the interesting part. Bedrock's whole pitch to those customers was "your data never leaves your AWS boundary" — that's the line that gets it through procurement and compliance reviews. A 30-day retention requirement where traffic crosses into the vendor's boundary quietly invalidates that, and for healthcare/finance/gov it's not a knob they can flip no matter how good the model is. This is exactly why we keep our LLM layer provider-agnostic with a self-hosted fallback (Ollama-class models) for data-sensitive paths — you eat a capability hit, but you keep the option of not sending regulated data anywhere. The risk TZubiri names is real: the moment you're reaching for "vendor_specific_parameters," the neutrality you bought the aggregator for is already gone.
lufiya01 45 minutes ago
[dead]
Torikul007 4 hours ago
I understand the safety/misuse argument, but I wonder where enterprises will draw the line here. “30-day retention for advanced models” sounds reasonable in isolation, until you remember many teams are sending proprietary code, internal docs, or customer-sensitive context through these systems.
cboyardee 2 hours ago
[dead]
wyynoapp 2 hours ago
[flagged]
malephex 2 hours ago
This is BS. They want to train on user data.
[-]
- GHanku 1 hour ago
  [dead]
jedisct1 3 hours ago
Because they didn't store data before? Don't be so naive.
[-]
- tybit 3 hours ago
  Zero data retention was an enterprise agreement that Anthropic and Amazon agreed with customers and delivered on. There’s no way AWS would trade in their reputation with enterprises just to soak up some slop.
  [-]
  - fc417fc802 1 hour ago
    > Zero data retention was an enterprise agreement
    Also broadly available to us plebs via openrouter and similar. Claude is available on there under ZDR terms via the Google Vertex and Amazon Bedrock providers.
wewewedxfgdf 3 hours ago
Note that if you use AWS Bedrock then you're choosing to pay 10X to 20X because you trust AWS more than Anthropic.
It is literally 10X to 20-X cheaper to directly buy Anthropic subscriptions for your devs.
[-]
- pridkett 1 hour ago
  There’s a few things mixed up in this comment. But the 10-20x cheaper, I’m assuming comes from the difference between the number of tokens you can use on a $200 Claude Max subscription and the cost of those via the API. That’s neither here nor there for this topic around data retention as Fable has that on all providers.
  And for the cost, if you’re an enterprise with more than 150 people, you’re on the token plan.
- weberer 2 hours ago
  The token price is exactly the same on AWS as it is directly from Anthropic. This is the one service that AWS doesn't charge a huge markup for.
- Qhemlomo 2 hours ago
  Yeah thats not the point though.
  We 'trust' Amazon already and Amazon has no incentive at all to collect the data to finetune claude because they don't own claude.
  [-]
  - kgwgk 2 hours ago
    What is the point then of a submission about how you will be required to share data with Anthropic? I’d say that the point is precisely that it’s an issue when you don’t trust them as much as Amazon.
    [-]
    - Qhemlomo 2 hours ago
      Not sure if i follow you tbh.
      I only told a commentor why a business would pay more to Amazon than going directly to Anthropic.
      The announcement itself is def problematic and either leads to big companies accepting this and then going directly to anthropic or some talks in the background we don't know yet what it will entail.
      [-]
      - kgwgk 1 hour ago
        If you were just repeating the commenter’s point about « choosing to pay 10X to 20X because you trust AWS more than Anthropic » what was not the point?
  - 63stack 2 hours ago
    Amazon's incentive is to fine tune their own possible future model
    [-]
    - Qhemlomo 2 hours ago
      Amazon/AWS knows how to handle this conflict in a way that customers trust them enough.
      Amazon has more to loose than Anthropic
- fp64 1 hour ago
  I can't use "Claude Max" subscription and the likes with my own software, can I? Using OpenCode instead of ClaudeCode violates the ToS, doesn't it? How would I go about permissions and integrating with my other services I already run on AWS? IAM roles for Bedrock are pretty nice. You appear very confident and concerned about my spending, so please help me here!
  [-]
  - wewewedxfgdf 1 hour ago
    I grant you the right to spend 10X to 20X on Bedrock. Use it wisely.
- pitched 2 hours ago
  The security boundary that AWS maintains is important in a lot areas, like medical, where the datacenter has to support some specific certifications. It isn’t a choice to pay 10x more in those cases, it is the only option allowed.
  [-]
- sheeshkebab 1 hour ago
  Pro/max subs are not as flexible as bedrock in api use and don’t seem to run the same models either - often times they are notably dumber (quantized I guess) than bedrock equivalent.
  [-]
  - wewewedxfgdf 1 hour ago
    Huh, I felt the inverse.
- htrp 2 hours ago
  is the 10x the difference between a sub and api token pricing?
- UqWBcuFx6NV4r 2 hours ago
  I mean, no. Even ignoring the very real benefit (for some) that comes with not needing to trust another party, there are use-cases beyond what you can do with “subscriptions”. Apples and oranges. People just have use cases that aren’t yours.