Anthropic Mandates 30-Day Data Retention for Mythos and Fable

As large language models grow increasingly sophisticated, AI safety and enterprise data privacy are heading toward a complex intersection. In a significant policy shift, Anthropic has announced that its upcoming highly capable models—specifically Claude Mythos 5 and Claude Fable 5—will require a mandatory 30-day data retention period.

This policy, scheduled to take effect on June 9, 2026, represents a major change for enterprise development teams. For organizations that have historically operated under strict Zero Data Retention (ZDR) agreements to comply with internal privacy policies or regulatory frameworks, accessing Anthropic's next-generation intelligence will require a deliberate architectural and compliance adjustment.

The Safety Imperative Behind the Shift

Anthropic’s decision to mandate a temporary 30-day window for data retention stems from the sheer capability of these upcoming models. According to Anthropic, Claude Mythos 5 represents a substantial leap forward in performance, introducing capabilities that can be applied to both highly beneficial and potentially malicious use cases. Claude Fable 5 shares this same powerful underlying architecture but is equipped with specialized safeguards, particularly in the cyber and biological domains.

While these safeguards are designed to prevent immediate misuse, Anthropic is taking a conservative approach to monitor for sophisticated, distributed attack vectors. The core challenge is that many modern exploitation techniques do not look like malicious prompts in isolation.

For example, "Best-of-N" jailbreaking involves sending hundreds of slight prompt variations in the hope that a single iteration bypasses safety guardrails. Similarly, larger patterns of misuse—such as state-sponsored espionage or coordinated data extortion campaigns—only become visible when safety classifiers can analyze prompts and outputs collectively over time. To detect these threats, Anthropic's safety systems must temporarily retain and analyze interaction data in aggregate rather than evaluating each API call as an isolated, ephemeral event.

Who Is Affected by the Policy?

This policy update specifically targets enterprise and API users who currently rely on Zero Data Retention configurations.

• Consumer Plans Unaffected: If your team uses Claude Free, Pro, or Max across web, desktop, or mobile applications (including Claude.ai and Claude Code under consumer terms), nothing changes. Anthropic already retains inputs and outputs on these surfaces for safety purposes.
• ZDR Workspaces Impacted: The change applies directly to organizations utilizing ZDR workspaces in the Claude Console, Claude Code with ZDR in Claude Enterprise, or those accessing Claude via cloud partner platforms with ZDR enabled.

For any other organization already operating with standard data retention enabled, no action or reconfiguration is required.

Technical Implementation Across Cloud Environments

For developers managing infrastructure, enabling this retention policy depends entirely on how your organization accesses the Anthropic API.

Direct Anthropic API

If you connect directly via the Claude Platform, developers can manage this setting at the workspace level. Within the developer console, you can navigate to Workspace > Manage > Privacy Controls to enable retention specifically for the workspaces where you intend to deploy Mythos-class models. Crucially, your other workspaces can remain on ZDR if they only run older or unaffected models.

Amazon Bedrock

For teams accessing Claude through Amazon Bedrock, retention must be enabled to unlock access to the new covered models. To satisfy strict data residency requirements, Anthropic notes that all retained data will remain securely within the AWS environment. Onboarding details will be provided as the models near availability.

Google Cloud Agent Platform

Similarly, developers deploying on Google Cloud must enable retention within their GCP environment to access Mythos-class models. Just like the AWS integration, all retained data stays localized within your GCP environment.

Microsoft Azure Foundry

If your organization accesses Claude via Azure Foundry and currently has Zero Data Retention configured, the implementation is slightly different. Because retention is configured at the Azure Subscription level, developers will need to spin up and use a separate Azure Subscription specifically to access these new models.

Claude Code and Cowork

For developers utilizing Claude Code or Cowork, data handling practices will inherit the settings of the underlying workspace or cloud credentials. If Claude Code is authenticated via an Anthropic API workspace with retention enabled, or if it uses cloud credentials from a retention-enabled AWS or GCP environment, it will be fully authorized to leverage the new models.

Enterprise Privacy Safeguards

To reassure enterprise customers concerned about data exposure, Anthropic has outlined strict security controls governing the retained data.

First, Anthropic employees are restricted from accessing customer conversations unless a prompt or output is flagged for potential serious harm, or if a customer submits a written request for review. These safety reviews are restricted to a highly vetted, limited group of approved reviewers. The review interface itself is locked down, utilizing tooling that completely prevents exporting, copying, or downloading any customer data.

Furthermore, every instance of data access is logged in a tamper-proof audit trail that reviewers cannot modify or suppress. After the 30-day window expires, the data is automatically purged from the systems, except in rare instances where it is actively involved in an ongoing safety investigation or subject to legal preservation requirements. For eligible organizations, Anthropic also supports customer-managed encryption keys (CMEK) and access transparency audit logs to provide full visibility into how and when data is handled.