Mythos Has a Hidden Price: 30-Day Mandatory Retention, Shifted Onto Enterprises

Summary

Starting June 9, 2026, Anthropic mandates 30-day data retention for Mythos-class models (Claude Mythos 5, the Claude Fable 5 that shares its underlying model, and future models it designates as “covered models”). Prompts submitted to and outputs generated by these models are retained for 30 days, on every platform where the models are offered, for trust and safety review. The number is not the point. Who it applies to is: organizations that had set up zero data retention (ZDR), and enterprises accessing Claude through AWS Bedrock, Google Cloud Agent Platform, or Microsoft Foundry.

Reading this as “retain data for safety” only reads the surface. What is actually happening is a cost transfer. Anthropic is shifting the data-governance and compliance burden needed to detect misuse onto the enterprise customers buying its strongest models. That is Mythos’s hidden price. The sticker price sits in the token rate; this part hides in compliance-team hours, in procurement promises that get overturned, and in that “deleted after 30 days, except when” carve-out. If you are weighing whether to run Mythos through Bedrock, work out the data flow and the compliance gap first, then talk about how strong the model is.

The move

The doc is specific about the rules. Only three kinds of organization are affected: those with a ZDR workspace in Claude Console, those running Claude Code with ZDR in Claude Enterprise, and those accessing Claude through Bedrock, GCP Agent Platform, or Azure Foundry with ZDR. Consumer plans (Free, Pro, Max) and the web, desktop, and mobile surfaces of Claude.ai and Claude Code are unaffected, because they already retain inputs and outputs for safety. So the cut lands squarely on the customers who had previously paid for “no retention.”

To use a Mythos-class model, retention is not optional. The doc puts it plainly: organizations on zero retention today “need to set up data retention in order to use designated models.” Direct Claude API users turn on retention per workspace in the developer console. Bedrock users must enable retention for the new model. On Azure Foundry, if you have ZDR configured, you have to create a separate Azure Subscription to access these models. Claude Code through Bedrock or GCP follows your cloud environment’s retention setting, which must be turned on. In short, to touch this generation of models, you hand over 30 days of data visibility.

There is one inconsistency that has to be named. Anthropic’s help doc says retained data through Bedrock “stays in AWS,” handled by Anthropic under the same controls. But the policy text quoted at the top of the 403-point Hacker News thread reads: “Once you opt into data retention, your data will leave AWS’s data and security boundary.” The two statements point to opposite compliance outcomes, data staying inside your cloud boundary versus crossing into the vendor’s hands. Before any rollout, an enterprise has to get this one point confirmed in writing, not guess it from a help article.

The real motive

The stated reason is safety, and the reason holds. The doc explains that Mythos 5 is a substantial capability jump, and that some attacks only become visible across multiple requests. Best-of-N jailbreaking sends hundreds of slight prompt variations hoping one works; larger patterns like state-sponsored espionage or data-extortion campaigns only surface when classifiers can zoom out across many requests. Doing that cross-request analysis requires temporarily retaining prompts and outputs to look at them together rather than one at a time. This is a real threat model, not a pretext.

But a safety motive does not answer who pays for it. Detecting misuse is Anthropic’s internal need for deploying strong models; the cost lands on the customer. The enterprise’s compliance team has to re-assess the data flow, the enterprise has to explain the carve-out to its regulator, the enterprise has to spin up an extra Azure subscription and amend procurement contracts. One HN comment put it sharply: demand is unprecedented, and Anthropic’s only downside if AWS had refused would be “some revenue pushed a quarter away.” When demand is that hard, pushing the governance burden onto customers carries almost no commercial cost. That is the real economics of the move: the safety is real, and so is the transfer. Both are true at once.

Who is threatened

The most direct casualty is Bedrock’s core pitch to regulated customers. The line that won over healthcare, finance, and government was “your data never leaves your AWS boundary,” and that line is the crux of passing procurement and compliance reviews. A retention requirement that pushes traffic across into the vendor’s boundary (per the policy text the HN thread quotes) quietly invalidates that promise, and for FedRAMP settings it is not even a knob teams can flip. As one HN comment said bluntly, this does not really work for any regulated enterprise or government client.

Next at risk is Anthropic’s own competitive position on the clouds. One commenter noted that with OpenAI now on AWS too, this policy does not change AWS’s competitive posture much, but it does change Anthropic’s. Once a competitor ships a comparable model without this gate, customers will switch their configs over. The value of a neutral aggregation layer like Bedrock rests on the credibility of “data stays inside your boundary”; once a vendor’s retention requirement pierces that trust, the neutrality is discounted. The teams that get hit are the ones who only dared send proprietary code, internal docs, and customer-sensitive context into a model because of ZDR. They either swallow retention or stay locked out of the strongest model.

What to ignore

Do not read this as “Anthropic wants your data for training.” The doc is explicit: the 30 days are for trust and safety, Anthropic employees cannot access your conversations unless flagged for potential serious harm or upon a customer’s written request, reviews are done by a small set of approved reviewers through tooling that blocks export, copying, or downloading, every access is logged in a tamper-proof record reviewers cannot suppress or modify, and data is deleted automatically after 30 days. Equating this with “taken for training” misreads a controlled safety retention as data grabbing. That step has no support in the doc.

Do not be lulled by the “30 days” number either. The carve-out, not deleted when it is part of a safety investigation or legally required, is what changes the nature of the thing. It turns 30 days from a hard ceiling into a default. For an enterprise that must give a regulator a definite period, the “except when” makes the real retention period indeterminate. That is a point to press in compliance review, not a footnote to wave past.

Finally, do not treat the HN heat (403 points) as a conclusion in itself. The emotional side-taking, the “your data is forever” jokes, the NSA speculation, are noise, not signal. The real signal is two concrete disputes. First, whether retained data actually leaves your cloud boundary (the official doc and the quoted policy text contradict each other). Second, whether opt-in is nominally voluntary but effectively a required gate for Mythos. Those two are what an enterprise has to nail down before rollout.

Sources

1. Data retention practices for Mythos-class models (Claude Help Center) / official
2. AWS Bedrock to require sharing data with Anthropic for Mythos and future models (Hacker News, 403 points) / hn