{"slug": "claude-fable-5-on-bedrock-requires-sharing-inference-data-with-anthropic", "title": "Claude Fable 5 on Bedrock Requires Sharing Inference Data with Anthropic", "summary": "Amazon Bedrock now requires customers using Anthropic's Claude Fable 5 or Mythos 5 models to opt into provider_data_share, sending prompts and outputs to Anthropic for 30-day human-reviewed retention. This breaks Bedrock's previous guarantee that inference data stayed within AWS's boundary, raising immediate compliance concerns for regulated industries, especially in healthcare and Europe. Security researchers and practitioners warn the change undermines Bedrock's core value proposition as a neutral, data-resident AI platform.", "body_md": "Using Anthropic's Claude Fable 5 or Mythos 5 on [Amazon Bedrock](https://aws.amazon.com/blogs/aws/anthropic-claude-fable-5-on-aws-mythos-class-capabilities-with-built-in-safeguards-now-available/) requires opting into provider_data_share, a data retention mode that sends prompts and outputs to Anthropic for 30-day retention with human review. There is no alternative mode. The allowed_modes field for these models contains exactly one value.\n\nFor every previous model on Bedrock, including Opus 4.8, Sonnet, and Haiku, inference data stayed inside the AWS boundary, and model providers never saw it. That guarantee is what got Bedrock through procurement, legal review, and the security questionnaires that sit between a proof of concept and production. Fable 5 changes the deal.\n\nThe [AWS blog post](https://aws.amazon.com/blogs/aws/anthropic-claude-fable-5-on-aws-mythos-class-capabilities-with-built-in-safeguards-now-available/) states it plainly at the bottom:\n\nOnce you opt into data retention, your data will leave AWS's data and security boundary.\n\nAnthropic frames the 30-day retention as a safety requirement for Mythos-class models, needed to catch novel attacks and jailbreaks through their blocking classifiers. The company has indicated that future models at this capability tier will carry the same requirement. This is not an AWS decision. It is Anthropic's policy applied consistently across all platforms where Fable 5 and Mythos 5 are offered.\n\nOn [Reddit](https://www.reddit.com/r/aws/comments/1u1yt4k/aws_bedrock_to_require_sharing_data_with/), one commenter pushed back on conflating safety review with training data collection:\n\nThe key distinction worth parsing: this is for safety evaluation, not training the next model's weights. Anthropic retains inference data temporarily to detect misuse and research model behavior, not to fold it back into pretraining. Still a legitimate compliance concern for healthcare/finance, but it's a different threat model than \"our prompts become part of future Claude.\"\n\nChris Farris, a cloud security researcher at [Securosis](https://securosis.com/blog/aws-destroyed-the-value-proposition-for-bedrock/), published a detailed critique arguing that AWS broke the core value proposition of Bedrock:\n\nThe entire value of AWS Bedrock was that it sat as the neutral place between companies and model providers. It guaranteed data and inference residency, and there was no possibility of your organization's data used by the model providers for their own purposes. Strip that away and AWS Bedrock is first-party Anthropic, with fewer features.\n\nThe governance implications are immediate. Anthropic becomes a sub-processor with access to inputs and outputs, including human review of flagged content. For regulated organizations, that means DPA amendments, an updated sub-processor list, a revisit of records of processing, and a fresh look at the legal basis for every workload pointed at these models. For European organizations specifically, Farris raised a concern about the CLOUD Act: Anthropic is a US company now deploying its most capable model in collaboration with the US government, putting retained data within reach of US legal requests.\n\nOne German practitioner on [Reddit](https://www.reddit.com/r/aws/comments/1u1yt4k/aws_bedrock_to_require_sharing_data_with/) confirmed the impact:\n\nThis will be a deal breaker for us. And I would guess for a lot of German/European-based companies.\n\nHealthcare organizations face an additional compliance gap. One Reddit commenter raised the question directly:\n\nWill Anthropic provide a way to acquire a BAA with them via Bedrock then? We have health data and we can't legally share PII/PHI without a BAA. We have one with AWS which is why we use Bedrock.\n\nTeams with an existing AWS BAA covering Bedrock inference now need to determine whether Anthropic's sub-processor status requires a separate agreement, one that may not yet exist for this data path.\n\nThe way it shipped drew the sharpest criticism. The data retention API call went live the same minute the models launched. There was no advance notice to security teams. The SCP pattern to block data sharing org-wide exists, using the bedrock-mantle:DataRetentionMode condition key, but it was buried in a docs subsection that got no announcement. Farris noted:\n\nThe capability got a megaphone. The guardrail didn't even get a footnote.\n\nA separate monitoring gap compounds the problem. Here's the monitoring gap that makes this worse: bedrock-mantle logs to a completely different CloudTrail event source (bedrock-mantle.amazonaws.com) than regular Bedrock (bedrock.amazonaws.com). If your CSPM rules and security detectors are watching for Bedrock activity, they won't catch the data retention change. You have to add the Mantle event source explicitly.\n\nAWS has since published [isolation guidance](https://builder.aws.com/content/3F2mpnIhuSEHC4SDFrqoINtipZD/isolate-claude-fable-5-data-retention-with-mantle-projects) through the Builder Center, recommending dedicated Bedrock projects for Fable 5 with provider_data_share while keeping production workloads under zero-retention. Farris documented an [SCP pattern](https://securosis.com/blog/aws-destroyed-the-value-proposition-for-bedrock/) using the bedrock-mantle:DataRetentionMode condition key to deny any retention mode other than none org-wide, with exceptions scoped to specific accounts where an approved use case and signed-off DPA exist.\n\nIn a further development, on June 12, AWS [updated the blog post](https://aws.amazon.com/blogs/aws/anthropic-claude-fable-5-on-aws-mythos-class-capabilities-with-built-in-safeguards-now-available/) to note that Anthropic has asked AWS to revoke access to Claude Fable 5 and Claude Mythos 5 for all users, citing compliance with a US Government export control directive. All other models, including Opus 4.8, remain unaffected. Teams that had already enabled provider_data_share at the account level during the three days the models were available should deploy Farris's SCP pattern to restore the default zero-retention posture.\n\nThe broader question for enterprises is whether this is a one-time exception for frontier safety models or a new normal. Anthropic has signaled it is the latter. Teams that chose Bedrock specifically because data never left the AWS boundary now face a choice: stay on Opus 4.8 and accept the capability gap, or move to frontier models and accept a fundamentally different data governance posture. That is a conversation for architects, legal, and compliance together, and it should have started before launch day, not after.", "url": "https://wpnews.pro/news/claude-fable-5-on-bedrock-requires-sharing-inference-data-with-anthropic", "canonical_source": "https://www.infoq.com/news/2026/06/bedrock-fable-5-data-sharing/?utm_campaign=infoq_content&utm_source=infoq&utm_medium=feed&utm_term=global", "published_at": "2026-06-20 09:03:00+00:00", "updated_at": "2026-06-20 09:14:39.917926+00:00", "lang": "en", "topics": ["ai-safety", "ai-policy", "ai-products", "ai-infrastructure"], "entities": ["Amazon Bedrock", "Anthropic", "Claude Fable 5", "Mythos 5", "AWS", "Chris Farris", "Securosis", "CLOUD Act"], "alternates": {"html": "https://wpnews.pro/news/claude-fable-5-on-bedrock-requires-sharing-inference-data-with-anthropic", "markdown": "https://wpnews.pro/news/claude-fable-5-on-bedrock-requires-sharing-inference-data-with-anthropic.md", "text": "https://wpnews.pro/news/claude-fable-5-on-bedrock-requires-sharing-inference-data-with-anthropic.txt", "jsonld": "https://wpnews.pro/news/claude-fable-5-on-bedrock-requires-sharing-inference-data-with-anthropic.jsonld"}}