This is odd behaviour, and provides some evidence that Anthropic isn't being managed by serious people. With this policy across AWS/GH/Zed/etc, they're taking their massive lead in enterprise/govt sales and handing it to any competitor who can serve a model anywhere near these capabilities with a modestly nice UI.
Every one of the competitors capable of a similar model have been salivating for a long time at the idea of consensual data sharing. Anthropic just opened the door for everyone to do the same thing without having to deal with being the first to do so. My bet is that OpenAI etc’s next model will have these same requirements.
Ever since the Mythos announcement it’s been clear that we’re heading towards a future where SOTA models are no longer available to the average person, and not only cost more, but also require payment in the form of use case verification and data sharing. OpenAI’s 5.5-Cyber model requires the same, so it’s not just Anthropic.
We’re unhappy with this because we’ve all gotten used to being able to play with the new shiny model as soon as it’s available, but what I’m seeing in this thread about Anthropic being “stupid” is emotion-based wishful thinking.
This makes these models unusable in the settings where people are actually benefiting from these models being on Bedrock (e.g. they have customer contracts that limit who they can share data with, etc).
If the lift from these models is high enough and no alternative springs up, people will find a way to get to yes, but if OpenAI is willing to ship a Fable-class model on Bedrock without this, all the traffic will just move there. I say this because there is not much reason to use Bedrock unless you care about data sharing limits (ok, it seems more reliable than Anthropic's serving, but I don't think that's the major reason).
Of course, they could both decide they don't want the competitive advantage that having an AWS-controlled inference stack brings, but this is basically throwing out that advantage.
Note that this announcement is not just about Mythos, but also Fable, which is restricted from doing any Cyber work in the first place.
> This makes these models unusable in the settings where people are actually benefiting from these models being on Bedrock (e.g. they have customer contracts that limit who they can share data with, etc).
Does it, though?
Does Amazon have a clause in their contracts that forbids data sharing with any and all third parties? Is all AWS support and datacenter personnel employed directly by Amazon? Do they seriously have no third-party contractors?
Presumably Fable 5 won't be made available on GovCloud Bedrock, right now it's not [1].
However what I'm not seeing discussed anywhere are government agencies that are on commercial AWS, have ATOs in place to use Bedrock, and are now being surprised with this new sharing of data with Anthropic and will have to scramble to disable(?) or institute policies banning Fable 5 usage in Bedrock. Throw in there all your sensitive industries, healthcare, insurance, etc.
> Does Amazon have a clause in their contracts that forbids data sharing with any and all third parties?
Well, for the services (including Bedrock, but presumably now excluding those particular Anthropic models) that they offer a HIPAA BAA covering, pretty much, if you enter a BAA with them.
This narrative any criticism about Anthropic is emotional is such corporate cope that it boggles the mind to see people defend a trillion dollar corporation time and time again all while the same corporation actively makes things worse for the average person.
Cool. Everybody is doing it. Doesn’t make it right or make it good for the people. Everyone should complain and help others wake up that Anthropic isn’t the “good guys” like their narrative in Feb/march led so many to believe.
Preach. I think I left a nearly identical comment yesterday in another thread. "well, the other companies do it too so they're not that bad" is absurdity. "that got shit on my couch, but he didn't shit in my mouth so he's not really that bad" just seems so misguided.
No, we are unhappy because there is no guarantee that my corporate documents wont be shared or trained on. We are already paying plus for using bedrock instead of the API version from Anthropic, so now there is no reason to use bedrock anymore. This whole thing about this model being too powerful to share is just the usual BS. Is an advanced model that dont have guardrails, just like the models that have been shared with the US government for years.
>This whole thing about this model being too powerful to share is just the usual BS.
Then stop using AI.
>But I want it all and I want it now.
Spend a trillion dollars and make your own model.
>No fair!
Then petition your government to enact laws around this. Unfortunately the US government rules are currently "Yes, we want AI to take over the world with terminators, just as long as they share data with us".
The consumers were paying for tokens with their data. If you pay for the tokens yourself the expectation is that your data doesn’t get trained on or used.
Let’s be real, chances are that the people with a lot of money on the line have given it more thought than the passing thought that you gave this comment.
> Let’s be real, chances are that the people with a lot of money on the line have given it more thought than the passing thought that you gave this comment.
In theory, definitely.
But this seems like a really, really, really no-good seriously bad decision from Anthropic. Like, I get why they want this (and can see it from their perspective), but many of their largest clients literally cannot allow this without regulator sign-off, which almost certainly won't be forthcoming.
Like, if the Fed and the ECB say this is OK then it might work, but other than that I predict that this decision will be reversed ~soon.
I’m not sure that’s true. Do the Fed and ECB sign off on telcos keeping records of who these companies called? Of car rental companies keeping records of where employees rented cars?
As long as it’s service telemetry, not used for model training, not inspected by humans, not analyzed except for service purposes… I don’t see the regulatory issue.
Are there any regulations covering what telemetry your service providers can keep? I’m skeptical, but even if so it would be trivial for Anthropic to exempt certain larger customers while still keeping the policy published as universal.
It's more that banks etc are special-cased in a lot of the law around this, which makes the Fed/ECB (more often national regulators aligned with these) really important in determining what they are and aren't allowed to do.
By definition lots of the use of AI in these companies is gonna require personal data/PII etc (particularly in KYC/compliance or general processing usecases) which means that there's a regulatory constraint.
I personally would've thought that said organisations and regulators would be massively opposed to this for privacy and risk reasons, which is why I think this won't happen.
Even the companies with less sensitive data are generally paranoid about service providers getting "their" (actually their customers) data.
> Are there any regulations covering what telemetry your service providers can keep?
In the EU, this should be proportionate and should avoid special categories of personal data (which FIs will have a lot of).
They give it some thought, but Anthropic and AWS have the whole menu of compliance and security checkboxes needed to reassure CISO it doesn’t need to be “the office of no” and can allow the AI onboarding. The pressure to adopt and adapt to AI is so high right now that there’s nothing a CISO or CFO can say to stop its adoption. And the more they say “no” or “wait,” the more at-risk they put their job.
A model that opens the slightest gap for a leak would be unacceptable to the org I work for. We are very paranoid about losing vulnerable customers' data.
Anthropic has all the answers for that. You’ll go through some compliance exercises and classify them as a subprocessor of highest tier of data sensitivity.
There are a significant number of extremely large companies that are wholly interested in such a sub-processor. The tier of data sensitivity is irrelevant.
Almost all companies are content to engage with data sub-processors with respect to customer data or some form of PII.
But there are many that will absolutely not let their IP visit or reside on systems they do not control.
This is absolutely a deal breaker for a ton of organizations and it's not going to trigger industry wide adoption like other comments here suggest. Instead another provider will offer a more appetizing deal and they will win market share.
Is it possible that Anthropic is fully aware of this, and will either negotiate special contracts with these clients on a case by case basis, or has determined that they don't make enough money by supporting them that they should care about alienating them? I'm sure there will be Oracle and SAP AI and IBM products for those specific customers, if there aren't already. Perhaps Anthropic simply doesn't need them.
Except they are an American corpo and there is no guarantee that the data will stay on EU servers, so that is a giant NO at the moment. This was the main reason to stick with Bedrock, as it supposedly stays within your aws account on the EU servers. Now? Whats the points in using Bedrock anymore apart from paying more.
> The pressure to adopt and adapt to AI is so high right now that there’s nothing a CISO or CFO can say to stop its adoption. And the more they say “no” or “wait,” the more at-risk they put their job.
I am not saying you're wrong, but man that's so crazy. "We have these people whose very jobs are to make sure the company prospers, but we're going to ignore them because hype hype hype". Wild, man.
Yeah it’s wild. But I think the attitude is more like “everyone is taking the same risks together, so we won’t be alone if the ship hits an iceberg.” Nobody got fired for buying Frontier AI.
You've mistaken "a lot of money" with "intelligence." Which is why I think the AI crowd really really wants this magical machine god thing to succeed. Then they can really have money = intelligence whilst keeping the rest of us poor and stupid. You know, like how they used to prevent literacy among the slaves.
Don't even need to involve AI or security to be able to highlight some very strange decisions that seem more like intentional sabotage from the inside than anything else. Of course, people are more likely just dumb and lack long-term thinking.
> chances are that the people with a lot of money on the line have given it more thought
Sure, but considering the average person and how short-term their thinking tends to be, I'm not sure I'd jump straight into "think about how much money they could lose, of course they think long-term".
They are betting that without a competitor distilling their most powerful models, they can stay ahead far enough and long enough that people will accept this.
## A new data retention policy
Finally, we’re making a change to the way we handle business
customer data for Fable 5, Mythos 5, and future models with
similar or higher capability levels. We will require 30-day
retention for all traffic on Mythos-class models, on both
first- and third-party surfaces. [...]
No it says sharing is required. If you don't change the setting on your account then you simply can't access Fable, its not like the setting is ignored. I just tried this on my account and it blocks API requests to Fable.
Interesting. When I tried switching to it yesterday from Opus 4.8 ("/model" command) it didn't complain, but I didn't actually send anything to it when I saw the cost was like 2x Opus 4.8. ie switched back
I'll try to remember to actually try it tomorrow and see what happens.
> This is odd behaviour, and provides some evidence that Anthropic isn't being managed by serious people
It's hard to tell how much of what Anthropic are currently saying is just pre-IPO marketing bullshit, or how much will be their long-term policy.
If this is just marketing bullshit ("our models are so powerful we need to keep them chained up at night"), then it does seems massively ill-conceived. I can't think of a better way to break hard-earned customer trust than to say:
1) If we don't like what you're working on - if we think it may complete with ourselves - then we will silently fuck-up the code you're paying us to generate for you
2) Much reduced privacy guarantee. We will now retain everything you send us for an unspecified amount of time while we investigate it
Both of these seem especially self-defeating given that Anthropic has been very successful at courting corporate use, especially coding, and also still seem interested in courting military use.
The silently refusing to comply one (do they just mean deliberately dumbed down, not giving you what you are paying for, or actively sabotaging the generated code?) is really quite extraordinary. Why not just refuse the request? Perhaps they want to claim that gives too much signal as to what they think is valuable, although I think this "recursive self-improvement" story is 100% bullshit trying to juice the IPO. Are they really so arrogant to think that every other company developing LLMs hasn't figured out things like basic development infra?
IMO just the fact that Anthropic think it's in any way acceptable to silently fail requests that might reflect someone else trying to build anything that competes with them is bad enough, but the massive incompetence in what "Fable" is refusing shows that any such decision making is going to be causing them to silently fail a lot more than what they are trying to do.
The Anthropic model names "Mythos", "Fable" seem to have been conceived by a 14-year old thinking that "epic" names will convince people that the model is powerful. It's a bit like putting racing stripes and a loud farting exhaust on your Honda Civic.
It's notable that Anthropic are still using SWEBench as a coding benchmark rather than the newer more difficult DeepSWE which shows them well behind GPT 5.5
Bear in mind that all the marketing efforts such as solving Erdos problem are the result of concerted RL training to impart those narrow capabilities, and how much of any benchmark results, or "early access" paid shill vibe reports, reflect improved performance for more general real-world use cases remains to be seen.
Well I have just tested it and GPT 5.5 is still smarter. It catches bugs that Fable doesn’t. Anthropic Fable is basically still sloppy like Opus 4.x. And I got also the downgrade for “cyber violations” trying to build a custom Debian ISO…that tells me their safeguards are sh**. I didn’t ask it to hack anything. Just to make a script that builds a custom Debian distribution with various settings…so this Fable thing seems like a flop&slop already. That warning plus the privacy change is the wake up call to move from Anthropic
Ah yes. Mythical capabilities that are nerfed to the point that they are completely unusable because "cybersecurity" or "bio research" or other bullshit.
That's for the long term. Anthropic only needs short term solutions for the sake of IPO. They will do whatever they can to sabotage other companies (specially the Chinese ones) to reach the same parity with best claude models.
>they're taking their massive lead in enterprise/govt sales
We're an HR startup and likely can't use these models because _we_ have enterprise customers who want zero data retention (ZDR) and have added it to contract language
I mean, they were already capacity constrained and just introduced a larger model that takes more capacity to run... They were gonna have to hand some business to competitor one way or another.
Price is based on perceived value, not cost to produce. There is no international court of price justifications; if customers are willing to pay $X you can charge $X.
Exactly. The company should care because it drives margins. But pricing to customers should not change unless it was artificially high (competitors offer more value for same money) due to profitability concerns.
