When there is a precise and legally defined boundary (i.e. ZDR means your data with Bedrock stays within the Amazon security and legal boundary), it becomes significantly more difficult to hide full data egress; without alarm bells being raised / mechanisms being accidentally discovered.
When you have a black box that sends the full stream to Anthropic, then everything (including what actually happens with the data) stays on the Anthropic side.
It's much harder to hide egress/exfil-at-scale completely; even if we assume NSA-level kernel rootkits, someone's still gonna notice "hey, why is this pipe saturated even though `nload` looks normal.
It's much easier to hide what you do with the full data when you have explanations for why you're doing egress/exfil.
Limited hangout. There's a Netflix documentary about Danny Casolaro that does a decent job summarising events, but I'm surprised I don't see much about Inslaw/PROMIS, and more than a decade on, it's as if Snowden never happened.
If they were doing some secret espionage or government surveillance with the data, they would just do it all in secret.