Claude Fable 5 on Bedrock Requires Sharing Inference Data with Anthropic

2026-06-20 · Source: InfoQ · Field: Technology & Digital — Artificial Intelligence & Machine Learning, Cloud Computing & IT Infrastructure, Cybersecurity & Data Privacy · Depth: Advanced, short

Summary

Anthropic's Claude Fable 5 and Mythos 5 models, when deployed on Amazon Bedrock, mandate an opt-in to "provider_data_share", a data retention mode that transmits user prompts and model outputs to Anthropic for 30 days, including human review. This policy marks a significant departure from previous Bedrock models like Opus 4.8, Sonnet, and Haiku, which guaranteed data residency within AWS. Anthropic justifies this as a safety measure for "Mythos-class" models to detect novel attacks, a policy consistent across all platforms. Critics argue this undermines Bedrock's core value proposition as a neutral intermediary, creating immediate governance and compliance challenges, particularly for regulated sectors like healthcare and finance due to sub-processor status and potential CLOUD Act implications. The models' launch on June 20, 2026, lacked advance notice, and monitoring for data retention changes requires explicit configuration for the "bedrock-mantle" CloudTrail event source. On June 12, Anthropic revoked access to Fable 5 and Mythos 5 due to a US Government export control directive.

Key takeaway

For AI Architects and Legal Professionals evaluating frontier models on Bedrock, understand that data residency guarantees are no longer absolute. Your organization must reassess compliance frameworks, DPA amendments, and sub-processor lists for models like Claude Fable 5 that mandate data sharing. Implement SCPs using "bedrock-mantle:DataRetentionMode" to enforce zero-retention policies by default, and explicitly configure CloudTrail to monitor "bedrock-mantle" events for data retention changes. This ensures your data governance posture aligns with evolving model provider requirements.

Key insights

The introduction of Claude Fable 5 on Bedrock fundamentally altered data residency guarantees, requiring inference data sharing with Anthropic for safety review.

Principles

• Data residency guarantees are not static.
• Frontier AI models may impose new data policies.
• Compliance frameworks must adapt to evolving sub-processor relationships.

Method

Mitigate data sharing by deploying an SCP pattern using "bedrock-mantle:DataRetentionMode" to deny all retention modes except "none" org-wide, with exceptions for approved use cases.

In practice

• Implement SCPs to control data retention modes.
• Monitor "bedrock-mantle" CloudTrail events.
• Review DPA amendments for new sub-processors.

Topics

• Amazon Bedrock
• Claude Fable 5
• Data Residency
• Data Governance
• Cloud Security
• Compliance

Best for: CTO, Executive, VP of Engineering/Data, AI Security Engineer, Legal Professional, AI Architect

Related on AIssential

• OpenAI's GPT-5.5 and Codex Reach General Availability on Amazon Bedrock — OpenAI's GPT models and Codex are now on Amazon Bedrock, integrating enterprise-grade governance and shifting the competitive AI cloud landscape.
• Claude Fable 5: Anthropic admits "wrong tradeoff" after invisibly throttling rival AI researchers — Covert performance degradation and mandatory data retention policies for AI models spark significant industry backlash.
• Data Sovereignty and Document Security: Where Does the Data Actually Live? — Data sovereignty is now a critical procurement driver, demanding transparency beyond compliance due to cloud and AI complexities.
• Anthropic blocks all public access to Claude Fable 5, Mythos 5 following US government order — what enterprises should do — Centralized frontier AI models face abrupt government intervention risks, demanding enterprise diversification and redundancy.
• Anthropic finally released Claude Fable 5, a public Mythos-class model. — Anthropic's Claude Fable 5 introduces a guarded public release model, balancing advanced capabilities with controlled access for sensitive AI research.
• The Air-Gapped Chronicles: The Sovereign Vault — Escaping the Cloud Trap — Achieving data sovereignty requires a multi-faceted architecture that ensures compliance, observability, and cost-efficiency simultaneously.

Open in AIssential →

Editorial summary, takeaway, and curation by AIssential. Original article published by InfoQ.