Fable 5 on AWS Bedrock: When Your Data Leaves the AWS Boundary

A lot of enterprises chose Amazon Bedrock for one reason above all others: the data never leaves AWS. That boundary is what gets Claude through procurement, through legal review, through the security questionnaire that sits between a proof of concept and a production rollout. On June 9, 2026, that boundary got more complicated.

Last updated: June 10, 2026

Anthropic's data retention policy for Mythos-class models requires that prompts and outputs submitted to Claude Fable 5 - and future models in the same capability tier - be retained for 30 days across every platform where those models are offered. That includes AWS Bedrock. Enabling Fable 5 on Bedrock requires explicitly setting a provider_data_share mode via the Data Retention API, and once you do, your inference data crosses out of AWS's security boundary and into Anthropic's infrastructure.

This post covers the mechanics of what actually happens, which organizations are most exposed, what the Hacker News community made of it when the story hit 378 points today, and what your options are if you need to stay on the frontier without giving up the boundary.

What Actually Happens Technically

The AWS announcement is unusually direct about the mechanics. To invoke Claude Fable 5, you must first call the Data Retention API and set provider_data_share:

curl -X PUT https://bedrock.us-east-1.amazonaws.com/data-retention \
  -H "Authorization: Bearer <your_bearer_token>" \
  -H "Content-Type: application/json" \
  -d '{ "mode": "provider_data_share" }'

AWS describes what this mode does without ambiguity: "This mode allows Amazon Bedrock to retain and share your inference data with model providers per their requirements." And then, in the "Things to know" section of the same post: "Once you opt into data retention, your data will leave AWS's data and security boundary."

There is no console toggle at launch. There is no per-request opt-out. It is account-level, and it applies to all Fable 5 traffic from that point forward.

On the Anthropic side, the retained data is handled under the following controls, per the support documentation:

• Employees cannot access conversations unless flagged for potential serious harm or at a customer's written request
• Access is limited to a small set of approved reviewers using tooling that prevents export, copying, or downloading
• Every access instance is recorded in a tamper-proof audit log
• Data is deleted automatically after 30 days - except in safety investigations or when legally required to be kept

The legal carve-out in that last bullet is the one that is generating the most concern.

Why Anthropic Says It Is Necessary

The safety rationale is grounded in a real threat model. Claude Fable 5 shares the same underlying model as Claude Mythos 5, with additional safeguards layered on top - particularly in cyber and bio domains. Anthropic argues that some attack patterns are invisible at the single-request level.

Best-of-N jailbreaking sends hundreds of slight prompt variations hoping one slips through. State-sponsored espionage campaigns and data extortion operations only surface when safety classifiers can look across many requests over time. Single-request filtering misses the pattern. Retention enables pattern detection.

This is the same logic that justifies network-level threat detection in enterprise security tooling. The difference is that your SIEM sits inside your perimeter. Anthropic's safety infrastructure does not.

Who This Hits Hardest

The organizations most exposed are precisely the ones who chose Bedrock to avoid this problem. The policy only affects customers who had zero data retention (ZDR) agreements in place. If you were already on standard Bedrock terms with retention enabled, nothing changes. The ZDR customers - typically regulated enterprises in healthcare, finance, and government - are the ones now facing a choice between the frontier model and their compliance posture.

Three categories deserve specific attention:

Healthcare and life sciences - HIPAA covered entities cannot simply flip a data-sharing switch. PHI that passes through a prompt - patient context, clinical notes, anything that touches a workflow - requires a Business Associate Agreement that maps to where data actually lives. Data leaving the AWS boundary reopens BAA coverage questions that Bedrock's architecture was supposed to close.

Financial services - FINRA, SEC, and OCC-regulated firms have data residency and audit requirements that make 30-day retention at a third party's infrastructure a non-trivial compliance event. The "legally required to keep it" exception in the deletion policy is particularly sensitive here, since regulators can and do issue subpoenas to cloud providers.

Government and public sector - FedRAMP authorization is tied to specific infrastructure boundaries. AWS GovCloud operates under different rules than commercial regions. The Bedrock announcement does not mention GovCloud availability for Fable 5, and HN commenter xnx raised the same question about Google Cloud's equivalent environment. For US federal use cases, the boundary question is not a preference - it is a compliance requirement.

What the HN Community Said

The story hit 378 points on Hacker News on June 10, and the comment thread surfaced the tensions clearly. A selection of the most-cited perspectives (quoted under 15 words each where possible):

rohansood15 called out the procurement problem directly: "Pretty sure this doesn't work for any regulated enterprise or government client."

chattermate named the structural issue: "Bedrock's whole pitch to those customers was 'your data never leaves your AWS boundary' - that's the line that gets it through procurement and compliance reviews."

Torikul007 put the enterprise calculus plainly: "30-day retention for advanced models sounds reasonable in isolation, until you remember many teams are sending proprietary code, internal docs, or customer-sensitive context."

shevy-java pointed to the deletion carve-out: "After 30 days, the data is deleted automatically - or we're legally required to keep it. So, data is forever."

gauravvij137 described a practical workaround already in use: "The data leaving AWS boundary kills this for any regulated workload. We've been running side-by-side evals of open models against Claude on private test suites."

pdp raised the EU dimension in three words: "This is not going to fly in EU."

OtherShrezzing characterized the strategic cost: "With this policy across AWS/GH/Zed/etc, they're taking their massive lead in enterprise/govt sales and handing it to any competitor who can serve a model anywhere near these capabilities."

The thread also had defenders. htrp acknowledged Anthropic's position: "You've got to respect Anthropic being willing to shoot themselves in the foot over a belief around Mythos performance." The safety rationale is genuine - the friction is real on both sides.

Your Alternatives

If you need to stay on Bedrock but cannot accept the data-sharing requirement, the decision points break down as follows:

Decision Matrix

Opus 4.8 keeps ZDR - this is the most important near-term alternative. Anthropic's previous frontier model remains available on Bedrock under standard zero data retention terms. If your workflows were already running on Opus 4.8 in production, the pragmatic path is to stay there, benchmark Fable 5 in an environment where you can accept retention, and migrate only when the compliance picture clears.

For teams on the GovCloud question: as of this writing, Fable 5 is available in US East (N. Virginia) and Europe (Stockholm) commercial regions only. GovCloud availability has not been announced. Check the Bedrock model card documentation for updates.

For more on how this retention policy works across other access paths - direct API, Claude Enterprise, and third-party integrations - see our full breakdown of the Fable 5 data retention mechanics. And if you are managing a June 22 deadline for existing ZDR agreements, the timeline and transition steps are covered in the deadline post.

What to Watch

Three things will determine how this plays out over the next quarter:

GovCloud and FedRAMP clarity - AWS has not addressed whether Fable 5 will come to GovCloud, or whether a FedRAMP-compliant retention architecture is in scope. That answer will determine whether the US public sector market is simply deferred or effectively closed to Fable 5.

EU regulatory response - GDPR's data transfer restrictions apply when data moves outside an EU-adequate country. Stockholm is an EU region; the retention infrastructure at Anthropic is in the US. The legal basis for that transfer under GDPR's Chapter V is not addressed in any public documentation. Expect DPAs to ask.

Competitive response - The HN thread noted OpenAI's position and the question of whether Azure's equivalent path for GPT-class models would follow the same pattern. If a major competitor can offer comparable capability under a boundary-preserving architecture, the enterprise market will notice quickly.

FAQ

Does enabling provider_data_share affect all my Bedrock models or just Fable 5? The setting is required to access Fable 5. AWS has not published documentation indicating it applies retroactively to other models. Other models you are already running under ZDR continue under ZDR. Verify this with AWS Support before enabling it in a shared account.

Can I use a separate AWS account to isolate Fable 5 traffic? Yes, and this is the recommended architecture for organizations that want to run Fable 5 in a sandboxed evaluation environment without exposing production workloads. The provider_data_share setting is account-level, so a dedicated evaluation account gives you clean isolation.

What happens to retained data if Anthropic receives a legal request? Anthropic's policy states data is retained for 30 days and deleted "except in the rare cases where it's part of a safety investigation or we're legally required to keep it." Legal process - subpoenas, national security letters, regulatory inquiries - falls under "legally required." There is no published mechanism to challenge or be notified of such requests.

Does the Zed editor integration have the same requirement? Yes. HN commenter drcongo noted receiving an email from Zed about the same policy on June 10. The requirement applies across all platforms where Fable 5 is offered, including GitHub Copilot, Zed, and other third-party integrations.

Is Claude Mythos 5 on Bedrock subject to the same retention requirement? Yes, and then some. Mythos 5 is in limited preview on Bedrock, restricted to cybersecurity and life sciences use cases. It carries the same retention requirement and is subject to additional access controls given the dual-use sensitivity of those domains.

Official Sources

• AWS News Blog - Anthropic Claude Fable 5 on AWS announcement - June 9, 2026
• Anthropic Support - Data retention practices for Mythos-class models - Effective June 9, 2026
• Amazon Bedrock Data Retention API documentation
• Hacker News thread - AWS Bedrock to require sharing data with Anthropic for Mythos and future models - 378 points, June 10, 2026
• Anthropic Trust Center - Security and Privacy Design white paper
• Best-of-N jailbreaking research paper - Referenced in Anthropic's safety rationale