AWS Bedrock to require sharing data with Anthropic for Mythos and future models
Points and comments are a snapshot, not live.
Anthropic requires 30-day data retention on Bedrock's Mythos and future models, with data leaving AWS security boundaries.
Anthropic announced that users of Fable 5, Mythos 5, and future high-capability models on AWS Bedrock must opt into 30-day data retention. During this period, all traffic data leaves AWS's security boundary and goes to Anthropic for misuse detection. After 30 days, data is automatically deleted except in cases of safety investigations or legal requirements. This requirement applies to models with capability levels similar to or higher than Mythos-class.
What commenters are saying
Top concerns center on regulated enterprises and government clients. Bedrock's original pitch was that data never leaves AWS boundaries, invalidating compliance reviews for healthcare, finance, and government sectors. GDPR compliance is disputed: some argue the explicit retention period and purpose satisfy EU law; others note the "except when legally required" clause creates indefinite retention in practice. Skepticism about actual data deletion is widespread, though some note no documented cases of data leaks from API requests have surfaced. OpenAI's similar 30-day retention policy on Azure suggests industry convergence.
Commenters recommend avoiding aggregator layers entirely and integrating directly with vendors or using self-hosted fallbacks for sensitive data. One notes GitHub Copilot has identical requirements, making this a broader pattern.