AWS Bedrock to require sharing data with Anthropic for Mythos and future models

https://www.theguardian.com/world/2026/feb/23/openai-tumber-...

Is that really true? Zero Data Retention (ZDR) is standard language in enterprise contracts and it seems quite egregious a vendor would want to take on that amount of liability and ignore the contract terms.

On top of that, Anthropic is SOC2 and ISO27001 so they've had _some_ independent auditing (although they could still try to hide such logging/recording anyway)

With that in mind, they also have a hell of an incentive to _not_ secretly collect that data.

Of course ZDR oftentimes comes with contract minimums so individuals and small corps are locked out and subject to the whims of the provider.

Essentially, this is why AWS is reporting this to begin with.

Do you care about cattle's opinions? I guess a few of us do, but most of us don't.

They say their models are too dangerous for the public, so they can nerf the GA versions while allowing only their preferred megacorp or nation state partners access to the real secret good versions.

We can hope the Chinese open weight models will catch up, but if/when they really reach parity with proprietary frontier models you can bet they'll stop releasing their weights too. They don't do this stuff out of the kindness of their hearts.

It's tough to imagine what might possibly derail this.

I've said it before and I say it again: nomatter where you stand on generative AI's usefulness, you are crazy for putting your last private space – your thoughts – in the hands of someone other than you. Going further down this line will not end well.

Ever since the Mythos announcement it’s been clear that we’re heading towards a future where SOTA models are no longer available to the average person, and not only cost more, but also require payment in the form of use case verification and data sharing. OpenAI’s 5.5-Cyber model requires the same, so it’s not just Anthropic.

We’re unhappy with this because we’ve all gotten used to being able to play with the new shiny model as soon as it’s available, but what I’m seeing in this thread about Anthropic being “stupid” is emotion-based wishful thinking.

It's hard to tell how much of what Anthropic are currently saying is just pre-IPO marketing bullshit, or how much will be their long-term policy.

If this is just marketing bullshit ("our models are so powerful we need to keep them chained up at night"), then it does seems massively ill-conceived. I can't think of a better way to break hard-earned customer trust than to say:

1) If we don't like what you're working on - if we think it may complete with ourselves - then we will silently fuck-up the code you're paying us to generate for you

2) Much reduced privacy guarantee. We will now retain everything you send us for an unspecified amount of time while we investigate it

Both of these seem especially self-defeating given that Anthropic has been very successful at courting corporate use, especially coding, and also still seem interested in courting military use.

The silently refusing to comply one (do they just mean deliberately dumbed down, not giving you what you are paying for, or actively sabotaging the generated code?) is really quite extraordinary. Why not just refuse the request? Perhaps they want to claim that gives too much signal as to what they think is valuable, although I think this "recursive self-improvement" story is 100% bullshit trying to juice the IPO. Are they really so arrogant to think that every other company developing LLMs hasn't figured out things like basic development infra?

IMO just the fact that Anthropic think it's in any way acceptable to silently fail requests that might reflect someone else trying to build anything that competes with them is bad enough, but the massive incompetence in what "Fable" is refusing shows that any such decision making is going to be causing them to silently fail a lot more than what they are trying to do.

The Anthropic model names "Mythos", "Fable" seem to have been conceived by a 14-year old thinking that "epic" names will convince people that the model is powerful. It's a bit like putting racing stripes and a loud farting exhaust on your Honda Civic.

We're an HR startup and likely can't use these models because _we_ have enterprise customers who want zero data retention (ZDR) and have added it to contract language

Shit rolls down hill, as it goes

It doesn't really matter how much you happen trust another party. In the regulatory world it only matters what contracts they will sign that guarantee their compliance. We do have those with AWS, we don't with Anthropic. If Anthropic physically captures the data, they just moved themselves outside the boundary of parties who we can do business with. Unless they want to sign a contract and implement all the corresponding compliance measures. They are insane if they think that's a good deal for them to do all that right now in every jurisdiction where AWS operates, when AWS has already spent a decade building it up.

Like Meta had committed to respect your privacy. Replace the name of the company with any of the top 50 companies in the world and go back how many have hold their promises - or just doing fine when breaking the rules. There is no legislation in the U.S. that can bankrupt the company for violating this? So there are no guarantees.

Meta openly torrented books and nobody asked them to remove/destroy their AI models. Similarly, for Anthropic, it was just a business cost. They were allowed to keep the models. No real consequences for breaking the rules.

You may also have data management requirements such as allowed storage and transit countries as well as various certifications and contracts that you now need to extend to the second data processor.

Basically if you are already using AWS just adding the AWS-only bedrock model is legally easy and doesn't really change your security posture. If you need to now also log your data to Anthropic it makes the choice much more complicated.

There's a parallel between data retention and general mass surveillance. Sure, both systems can be used for purely benign purposes, with appropriate safeguards in place. But history shows that surveillance systems are alarmingly easy to co-opt for nefarious means, and model providers do have a heck of an incentive to leverage retained data for internal means.

This is worth protesting, even if I believe this policy itself does not immediately compromise my privacy.

It is a different thing when they say they don't store your data.

And when they say they store your data for 30 days and review it for "issues", it makes your "spider sense" tingle. Who and how will review it, what are the "issues" they are looking for, etc. It is to vague and they can keep it this "dangerous" model for themselves.

Given Anthropic's failure to secure their own source code, do you really trust them to secure yours?

an inference request comes in

claude fable RESTful API service does the stuff, some backend systems run the prefill and batch decode, and your conversation is cached for 5 minutes in some prefix cache.

the request is also sent to claude paraphraser, which does almost exactly the same thing as the compactor and rewrites your conversation.

then they record the paraphrased conversation and train on that. it keeps the salient parts of the conversation, like whatever internal knowledge you have, and disposes of anything that could have been correlated with the earlier conversation, which is easy to do because verification is a string comparison.

First of all, will they respect that promise in the future? Because, you know… they already received your data and by some legal quirks they are already required to store it for so many years. “What’s your threat model”, uhh, sending confidential information to a third party.

It’s okay if you do this with your own personal property. But if you are working on client projects, what, are you going to start shipping customer data under nda without consent? Good luck in the court.

that's obvious, but perhaps worth stating: it's worth it, demand for the model is unprecedented and the only downside for Anthropic if AWS rejected would be some revenue pushed a quarter away as they get Fable ready on their recently acquired compute from xAI and Google.

Anthropic is trying, well see if it's a bold strategy.

1. https://github.blog/changelog/2026-06-09-claude-fable-5-is-g...

If they were doing some secret espionage or government surveillance with the data, they would just do it all in secret.

What's the game plan?

Their carve-outs for safety (public interest) and legal are also valid exceptions in gdpr as well.

it clearly (enough, kinda) communicated

1. what data they keep/collect

2. what they do with it (and that there is a reason to have it)

3. with whom they share it

4. how long they keep it

---

GDPR might require data minimalism, but that doesn't mean you can't keep "all" conversations/data. It just means you have to have a reason of why exactly need all of it (they have), only keep it as long as strictly necessary (they do) and not use it for other purposes (they claim to do that).

Also from a legal POV you can't really argue that collecting all conversations for detecting abuse patterns is "unreasonable"/"unnecessary" or similar, as to some degree the AI Act requires exactly that for "high risk" AIs/use cases. And while by the definition of the AI Act AWS Bedrock likely doesn't fall under "high risk" they can argue that some people could (against TOS) use it for "high risk" or "illegal" AI use cases which is part of the "misuse detection" thing for which they keep conversations for a month.

Lastly GDRP deletion requests still apply. But need to be processed within ... 1 month (wich AFIK in a generic duration context you can treat as 30 days, even through there is a single shorter month). So they "auto comply" with this, too.

I don't think it mentions sharing the data with third parties such as Anthropic?

If you don't believe them now why would you have believed them earlier when they said "no data is retained" ?

Me, or even me + a ton of other individual devs cancelling their personal $100/month Claude plans are a drop in the bucket of the billions of dollars of enterprise revenue they bring in.

To enact change here, the answer is to unionize, and put an AI usage ban into union contracts. Coerce the companies into not buying.

Well, that's the final frontier anyway.

And FedRamp has some issues with data being sent out.

Our corp doesn't allow usage of local models because of concern about potential "agent sends out code to the net" issues.

And for the cost, if you’re an enterprise with more than 150 people, you’re on the token plan.

We 'trust' Amazon already and Amazon has no incentive at all to collect the data to finetune claude because they don't own claude.