Amazon Bedrock breaks its data-boundary guarantee to host Claude Fable 5 and Mythos 5
A 2026-06-20 InfoQ breakdown of Claude Fable 5 on Amazon Bedrock confirms the model's only allowed mode routes prompts and outputs to Anthropic for 30-day retention, breaking the boundary guarantee that has carried Bedrock through enterprise procurement.
Amazon Bedrock has, for the first time, started routing a hosted
model’s prompts and outputs back to the model provider for 30-day
retention with human review. A 2026-06-20 InfoQ breakdown of the
Claude Fable 5 launch architecture confirmed that AWS’s
allowed_modes field for Anthropic’s two newest models contains
exactly one value, provider_data_share, and that there is no
opt-out. The change is small in code (one API field), and large
in posture: Bedrock has just broken the boundary guarantee that
has carried it through enterprise procurement.
What changed
For every previous Bedrock model, including Claude Opus 4.8, Sonnet,
Haiku, and the OpenAI frontier line that reached GA on 2026-06-03,
AWS told customers their inference data stayed inside the AWS
security boundary and the model provider never saw it. That promise
sat in the procurement deck, in the legal-review template, and in
the security-questionnaire response that wins the deal against
direct-API competitors. With Claude Fable 5 and the restricted
Mythos 5, the contract changes. Customers must call the Data
Retention API, agree to the provider_data_share mode, and accept
that prompts and outputs flow to Anthropic for up to 30 days,
before invocation works at all. The AWS blog post puts it plainly:
“Once you opt into data retention, your data will leave AWS’s data
and security boundary.” Zero Data Retention agreements (including
Claude Enterprise, Bedrock, Google Cloud Agent Platform, and
Microsoft Foundry) do not apply. The mode is not configurable from
the AWS console UI; it has to be set through the API.
Where this lands in the market
The policy lands on the same two models that the US export-control
directive forced AWS to disable on 2026-06-12, three days after
launch. That timing has obscured the data-boundary shift in the
public conversation, but the two stories are different decisions on
the same release. Anthropic frames the retention as a safety
requirement: Mythos-class models are strong enough at finding and
exploiting software vulnerabilities (Anthropic’s own framing is
“the strongest cybersecurity model in the world”) that the
blocking classifiers need a 30-day window to catch jailbreaks and
novel attacks. Whatever the rationale, the practical effect on
hyperscaler procurement is that “Bedrock keeps your data” is no
longer a universal claim; it is now per-model, governed by an
allowed_modes field that varies model by model. AWS has signalled
in the Fable 5 documentation that “future models on Bedrock with
similar or higher capability levels” will follow the same pattern,
which means GPT-class and Gemini-class peers are likely to ship
with similar safety-driven retention requirements over the next
year. The org-wide guardrail pattern (an SCP that denies any
retention mode other than none and scopes exceptions to accounts
with a signed DPA) is now table-stakes for security teams that
plan to evaluate any Mythos-class model in production.
What’s worth watching
- A first-party SCP template. Whether AWS publishes a
recommended Service Control Policy template for the
bedrock-mantle:DataRetentionModecondition key, the way it did for KMS and S3 in their formative years. A first-party template legitimizes the deny-by-default posture; its absence pushes the work onto every customer’s security team and slows the path from proof of concept to production. - Cross-region inference and data residency. AWS has noted that if cross-region inference is enabled, retained inputs and outputs sit in the destination region. That changes the residency story for EU and UK customers in particular. Watch whether Anthropic or AWS publishes region-locked retention scopes ahead of any Fable 5 re-enablement, since the export-control freeze has bought both sides time to address it.
- The Bedrock-vs-direct-API decision. Bedrock’s wedge over Anthropic’s first-party API has historically been the boundary guarantee plus IAM integration. With the boundary guarantee gone for Mythos-class traffic, the wedge narrows to IAM, billing, and observability. The Bedrock-vs-direct calculation now flips for any team whose differentiator was data residency more than identity model.
- AWS Blog: Anthropic Claude Fable 5 on AWS aws.amazon.com
- AWS Docs: Data retention for Amazon Bedrock docs.aws.amazon.com
- InfoQ: Claude Fable 5 on Bedrock Requires Sharing Inference Data with Anthropic www.infoq.com
- Cybernews: Companies using Fable 5 beware, it's collecting your data cybernews.com