Fable 5 on Bedrock requires sending prompts and outputs to Anthropic for 30-day retention
Amazon Bedrock built its enterprise reputation on a straightforward promise: your inference data stays inside the AWS boundary. Model providers never see it. That guarantee is what got Bedrock through procurement reviews, legal approval processes, and the security questionnaires that separate a proof of concept from a production deployment.
Claude Fable 5 changes that promise. And Anthropic has signaled that every future model at this capability tier will change it too.
What the data sharing requirement actually means
Using Fable 5 or Mythos 5 on Bedrock requires enabling a parameter called provider_data_share. This mode routes inference prompts and model outputs to Anthropic for 30-day retention, including human review of flagged content. There is no alternative configuration. The field that specifies which data modes are allowed contains exactly one value.
For every previous model on Bedrock, including Opus 4.8, Sonnet, and Haiku, that data never left the AWS environment. The AWS documentation states the change directly: once data retention is enabled, the data will leave AWS’s data and security boundary.
Anthropic frames the requirement as a safety measure specific to its most capable models, designed to identify novel attacks and jailbreak attempts through its blocking classifiers. The company has been clear that this is not an AWS decision. It is Anthropic’s policy applied across every platform where these models are available.
Why compliance teams are treating this as a significant event
The governance implications arrive immediately once Anthropic holds inference data as a sub-processor. Regulated organizations face a series of required actions: amending data processing agreements, updating sub-processor lists, revisiting records of processing activities, and reassessing the legal basis for every workload pointed at these models.
European organizations face an additional layer of exposure. Anthropic is a US company, which means retained inference data falls within reach of US legal requests under the CLOUD Act. For organizations operating under GDPR, that exposure is not theoretical. Practitioners in Germany have described the requirement as a deal breaker, and the sentiment extends to regulated industries across the European market.
Healthcare organizations face a specific gap. Existing business associate agreements covering Bedrock inference may not extend to Anthropic’s new sub-processor relationship. A separate agreement covering this data path may not yet exist, leaving teams with health data in a compliance gray area that HIPAA does not allow.
The distinction between safety review and training data collection is worth holding onto. Anthropic retains inference data to detect misuse and study model behavior, not to incorporate it into future model training. That is a meaningful difference in threat model, but it does not eliminate the compliance concern for regulated industries.
How the launch created operational gaps
The data retention capability went live at the same moment the models launched. Security teams received no advance notice. A service control policy pattern exists for blocking the data sharing configuration at an organizational level, using a specific condition key in AWS CloudTrail, but it was documented in a subsection that received no formal announcement. The capability was launched with prominent attention while the guardrail was buried.
A separate monitoring issue compounds the problem. Bedrock Mantle logs to a different CloudTrail event source than standard Bedrock operations. Security tools and cloud posture management rules configured to watch for Bedrock activity will not detect data retention changes unless they are explicitly updated to include the Mantle event source. Teams that did not know to look for the difference would have no visibility into what was happening.
AWS subsequently published isolation guidance recommending that organizations run Fable 5 workloads in dedicated Bedrock projects, separated from production environments where zero-retention applies.
What happened three days after launch
On June 12, Anthropic asked AWS to revoke access to both Fable 5 and Mythos 5 for all users, citing compliance with a US government export control directive. The models were available for three days before access was suspended. All other models on Bedrock, including Opus 4.8, remain unaffected.
Teams that enabled the provider_data_share parameter at the account level during that three-day window are advised to deploy the documented service control policy to restore the default zero-retention configuration.
The question enterprises now face
The broader issue is not whether Fable 5 returns to Bedrock or on what terms. It is whether this data sharing requirement represents a one-time exception for frontier safety models or the new standard going forward. Anthropic has indicated it is the latter.
Organizations that chose Bedrock specifically because inference data never left the AWS boundary now face a decision that belongs in front of architects, legal counsel, and compliance teams simultaneously: remain on Opus 4.8 and accept the capability gap that comes with it, or adopt frontier models and accept a data governance posture that looks fundamentally different from the one they agreed to at the start.