Anthropic’s Claude Fable 5 requires 30-day data retention, overriding enterprise deals

Anthropic’s Claude Fable 5 Launch Comes With Mandatory 30-Day Data Retention, Overriding Enterprise Zero-Retention Agreements

Anthropic on Tuesday launched Claude Fable 5, its most powerful AI model available to the general public, but the release came with a notable policy shift: a mandatory 30-day data retention requirement for all Mythos-class model traffic that overrides existing zero-data-retention agreements held by enterprise and API customers.thehackernews

What Changed

Every prompt sent to Fable 5 and every output it generates will be retained by Anthropic for 30 days, regardless of what data handling terms an organization previously negotiated. The policy applies across both first-party surfaces like claude.ai and Claude Code, and third-party platforms including AWS Bedrock, Google Cloud, and Microsoft Azure. On AWS, organizations must explicitly acknowledge the retention requirement to enable access to the model; leaving it off keeps Fable 5 unavailable.substack

Attorney Jessica Eaves Mathews, writing on Substack, noted that while other Claude models — including Opus 4.8, Sonnet 4.6, and Haiku 4.5 — can still operate under zero-data-retention agreements, Fable 5 cannot. “If your organization previously had a ZDR agreement with Anthropic, that agreement does not apply to Fable 5 traffic,” she wrote. “This is a policy change that overrides existing enterprise commitments for this specific model class.”substack

Anthropic’s Rationale

Anthropic said the retained data will not be used for model training or any non-safety purpose. The company framed the requirement as necessary to defend against novel attacks, including jailbreak attempts, distillation campaigns, and state-sponsored threats. Human reviewers can access flagged conversations, though Anthropic says access is restricted to approved personnel using scoped tools that prevent export or copying, with all access logged.techcrunch

Data is automatically deleted after 30 days, with exceptions for active safety investigations or legal obligations. Organizations can add customer-managed encryption keys and access transparency audit logs.thehackernews

Industry Implications

As TechCrunch noted, the policy could set an industry precedent in which access to increasingly powerful models comes with mandatory data-retention requirements framed as safety measures. The move reflects the broader tension accompanying the Fable 5 launch: Anthropic is releasing a Mythos-class model — one capable of finding and exploiting zero-day vulnerabilities when directed — to the general public, but is layering safety classifiers and data monitoring on top to manage the risk. For enterprises that built workflows around zero-retention guarantees, the tradeoff is now explicit: access to Anthropic’s most capable model requires accepting surveillance of that usage for 30 days.cnbc