Pro
Beat report Published 24d ago ·

Amazon Bedrock breaks its data-boundary guarantee to host Claude Fable 5 and Mythos 5

A 2026-06-20 InfoQ breakdown of Claude Fable 5 on Amazon Bedrock confirms the model's only allowed mode routes prompts and outputs to Anthropic for 30-day retention, breaking the boundary guarantee that has carried Bedrock through enterprise procurement.

By Stackmaven

Amazon Bedrock has, for the first time, started routing a hosted model’s prompts and outputs back to the model provider for 30-day retention with human review. A 2026-06-20 InfoQ breakdown of the Claude Fable 5 launch architecture confirmed that AWS’s allowed_modes field for Anthropic’s two newest models contains exactly one value, provider_data_share, and that there is no opt-out. The change is small in code (one API field), and large in posture: Bedrock has just broken the boundary guarantee that has carried it through enterprise procurement.

What changed

For every previous Bedrock model, including Claude Opus 4.8, Sonnet, Haiku, and the OpenAI frontier line that reached GA on 2026-06-03, AWS told customers their inference data stayed inside the AWS security boundary and the model provider never saw it. That promise sat in the procurement deck, in the legal-review template, and in the security-questionnaire response that wins the deal against direct-API competitors. With Claude Fable 5 and the restricted Mythos 5, the contract changes. Customers must call the Data Retention API, agree to the provider_data_share mode, and accept that prompts and outputs flow to Anthropic for up to 30 days, before invocation works at all. The AWS blog post puts it plainly: “Once you opt into data retention, your data will leave AWS’s data and security boundary.” Zero Data Retention agreements (including Claude Enterprise, Bedrock, Google Cloud Agent Platform, and Microsoft Foundry) do not apply. The mode is not configurable from the AWS console UI; it has to be set through the API.

Where this lands in the market

The policy lands on the same two models that the US export-control directive forced AWS to disable on 2026-06-12, three days after launch. That timing has obscured the data-boundary shift in the public conversation, but the two stories are different decisions on the same release. Anthropic frames the retention as a safety requirement: Mythos-class models are strong enough at finding and exploiting software vulnerabilities (Anthropic’s own framing is “the strongest cybersecurity model in the world”) that the blocking classifiers need a 30-day window to catch jailbreaks and novel attacks. Whatever the rationale, the practical effect on hyperscaler procurement is that “Bedrock keeps your data” is no longer a universal claim; it is now per-model, governed by an allowed_modes field that varies model by model. AWS has signalled in the Fable 5 documentation that “future models on Bedrock with similar or higher capability levels” will follow the same pattern, which means GPT-class and Gemini-class peers are likely to ship with similar safety-driven retention requirements over the next year. The org-wide guardrail pattern (an SCP that denies any retention mode other than none and scopes exceptions to accounts with a signed DPA) is now table-stakes for security teams that plan to evaluate any Mythos-class model in production.

What’s worth watching

  1. A first-party SCP template. Whether AWS publishes a recommended Service Control Policy template for the bedrock-mantle:DataRetentionMode condition key, the way it did for KMS and S3 in their formative years. A first-party template legitimizes the deny-by-default posture; its absence pushes the work onto every customer’s security team and slows the path from proof of concept to production.
  2. Cross-region inference and data residency. AWS has noted that if cross-region inference is enabled, retained inputs and outputs sit in the destination region. That changes the residency story for EU and UK customers in particular. Watch whether Anthropic or AWS publishes region-locked retention scopes ahead of any Fable 5 re-enablement, since the export-control freeze has bought both sides time to address it.
  3. The Bedrock-vs-direct-API decision. Bedrock’s wedge over Anthropic’s first-party API has historically been the boundary guarantee plus IAM integration. With the boundary guarantee gone for Mythos-class traffic, the wedge narrows to IAM, billing, and observability. The Bedrock-vs-direct calculation now flips for any team whose differentiator was data residency more than identity model.
Sources cited
  1. AWS Blog: Anthropic Claude Fable 5 on AWS aws.amazon.com
  2. AWS Docs: Data retention for Amazon Bedrock docs.aws.amazon.com
  3. InfoQ: Claude Fable 5 on Bedrock Requires Sharing Inference Data with Anthropic www.infoq.com
  4. Cybernews: Companies using Fable 5 beware, it's collecting your data cybernews.com
esc