AWS Bedrock to require sharing data with Anthropic for Mythos and future models

102

TTomAnthony about 3 hours ago 42 comments

> For Fable 5, Mythos 5, and future models on Bedrock with similar or higher capability levels, Anthropic will require 30-day retention for all traffic on Mythos-class models. Retaining data for a limited period allows Anthropic to detect patterns of misuse that are not visible from a single exchange. Once you opt into data retention, your data will leave AWS’s data and security boundary.

From the announcement here: https://aws.amazon.com/blogs/aws/anthropic-claude-fable-5-on-aws-mythos-class-capabilities-with-built-in-safeguards-now-available/

> After 30 days, the data is deleted automatically, except in the rare cases where it's part of a safety investigation or we're legally required to keep it.

From: https://support.claude.com/en/articles/15425996-data-retention-practices-for-mythos-class-models

⚡ Community Insights

Discussion Sentiment

83% Positive

Analyzed from 833 words in the discussion.

Discussion (42 Comments)Read Original on HackerNews

OtherShrezzing•about 1 hour ago

This is odd behaviour, and provides some evidence that Anthropic isn't being managed by serious people. With this policy across AWS/GH/Zed/etc, they're taking their massive lead in enterprise/govt sales and handing it to any competitor who can serve a model anywhere near these capabilities with a modestly nice UI.

RA_Fisher•3 minutes ago

I don’t think there are other models near Fable’s capabilities.

UqWBcuFx6NV4r•17 minutes ago

Let’s be real, chances are that the people with a lot of money on the line have given it more thought than the passing thought that you gave this comment.

lijok•9 minutes ago

You would be very, very surprised

j-bos•8 minutes ago

Yeah, seen some downright facepalm moves from execs regarding AI and security.

cyanydeez•14 minutes ago

right, and they realize the money doesnt exist unless they inflate the values in shadow circles of flow.

pitched•35 minutes ago

OpenAI just added their own models to Bedrock recently too, making that an easy switch.

rohansood15•about 2 hours ago

Pretty sure this doesn't work for any regulated enterprise or government client. But AWS knows this, so I am curious why they'd agree to it.

baq•about 1 hour ago

> why they'd agree to it

that's obvious, but perhaps worth stating: it's worth it, demand for the model is unprecedented and the only downside for Anthropic if AWS rejected would be some revenue pushed a quarter away as they get Fable ready on their recently acquired compute from xAI and Google.

xnx•21 minutes ago

Is this also the case for Google Cloud? https://docs.cloud.google.com/gemini-enterprise-agent-platfo...

lima•5 minutes ago

Fable on GCP requires accepting a 60-day retention policy: https://cloud.google.com/terms/advanced-ai-safety-addendum

I don't think it mentions sharing the data with third parties such as Anthropic?

stuaxo•32 minutes ago

That rules it out for all sorts of apps.

I've worked on a few apps for UKGov and I would absolutely be raising this as a massive red flag.

1313ed01•about 1 hour ago

Same as for GitHub Copilot?

"For more on how Anthropic handles this data, see Anthropic’s commercial terms and data retention policy. Enabling the Claude Fable 5 policy constitutes acknowledgement of this requirement. Leaving it off keeps Claude Fable 5 unavailable to your organization."

https://github.blog/changelog/2026-06-09-claude-fable-5-is-g...

wewewedxfgdf•about 1 hour ago

Note that if you use AWS Bedrock then you're choosing to pay 10X to 20X because you trust AWS more than Anthropic.

It is literally 10X to 20-X cheaper to directly buy Anthropic subscriptions for your devs.

Qhemlomo•35 minutes ago

Yeah thats not the point though.

We 'trust' Amazon already and Amazon has no incentive at all to collect the data to finetune claude because they don't own claude.

pitched•30 minutes ago

The security boundary that AWS maintains is important in a lot areas, like medical, where the datacenter has to support some specific certifications. It isn’t a choice to pay 10x more in those cases, it is the only option allowed.

htrp•17 minutes ago

is the 10x the difference between a sub and api token pricing?

UqWBcuFx6NV4r•12 minutes ago

I mean, no. Even ignoring the very real benefit (for some) that comes with not needing to trust another party, there are use-cases beyond what you can do with “subscriptions”. Apples and oranges. People just have use cases that aren’t yours.

htrp•19 minutes ago

you've got to respect anthropic being willing to shoot themselves in the foot over a belief around Mythos performance

rozumbrada•about 2 hours ago

They say it's opt-in but since they are capable of agreeing to this, I am just waiting until they hide this opt-in into the regular ToS when asking for a new model access...

zmmmmm•about 1 hour ago

OpenAI ... your move. The enterprise market just cracked wide open. Do you want it?

pitched•28 minutes ago

It looks like they’ve been preparing: https://www.aboutamazon.com/news/aws/bedrock-openai-models

_pdp_•about 2 hours ago

This is not going to fly in EU.

UqWBcuFx6NV4r•2 minutes ago

Americans’ increased awareness of and expectations of the EU is hilarious. This is not how it works.

lima•4 minutes ago

Yes it will, there's a clear purpose and the customer explicitly agrees.

jstummbillig•about 2 hours ago

I suspect they will simply not offer it, for as long as they maintain that it has to in fact fly. Anthropic appears to be somewhat principled here.

dhruvrrp•about 1 hour ago

This will fly in EU. As long as the company states the time period for which it will keep data and clean it afterwards, gdpr has no issues with the data retention.

Their carve-outs for safety (public interest) and legal are also valid exceptions in gdpr as well.

officialchicken•about 2 hours ago

"Legally required" ... gotcha, script writing on Melania Movie 3 has begun in exchange for a national security letter requiring Amazon to both keep the data and not exclude it from training.

adithyaharish•about 2 hours ago

Woah, if anthropic does it, even OpenAI would start doing the same with Azure models

jedisct1•about 1 hour ago

Because they didn't store data before? Don't be so naive.

tybit•about 1 hour ago

Zero data retention was an enterprise agreement that Anthropic and Amazon agreed with customers and delivered on. There’s no way AWS would trade in their reputation with enterprises just to soak up some slop.

shevy-java•about 1 hour ago

They want your data.

> After 30 days, the data is deleted automatically

Do we believe that?

> or we're legally required to keep it.

Aha - so, data is forever.

toasty228•about 1 hour ago

> Do we believe that?

If you don't believe them now why would you have believed them earlier when they said "no data is retained" ?

drcongo•about 2 hours ago

Got an email from Zed about the same this morning.

themafia•about 2 hours ago

What a "frontier."

wewewedxfgdf•about 1 hour ago

Space.

Well, that's the final frontier anyway.

Hamuko•about 2 hours ago

It's wild!

razieloren•about 1 hour ago

it's either this or playing x30 for a token, anyhow i physically can't write code again

romanovcode•about 2 hours ago

> except in the rare cases where it's part of a safety investigation or we're legally required to keep it

So basically all your data will flow to NSA/CIA/Mossad if they show even slight interest in your org or you as a person. Gotcha.

TZubiri•about 2 hours ago

My thesis is that in software you don't want aggregators. They provide the promise of vendor neutrality, but it comes at the expense of increased supply chain compromise risk, small print technically legal data exfiltration.

Even in the happy case where nothing bad happens, you get a badly integrated product, because you integrate not against the actual vendor, but against a abstraction layer that commoditizes the actual product, effectively forcing you to either use the least common denominator of features, or circumventing the actual aggregation model itself with some kind of 'vendor_specific_parameters' parameter in the aggregator API.

My thesis is drop the vendor neutrality, and build your integration with the vendor directly.

dhavd•42 minutes ago

lol

codeduck•about 2 hours ago

aaaand there it is.