When Anthropic launched Claude Fable 5, its first publicly available Mythos-class model, on June 9, the AI company quietly implemented a new data retention policy that has unsettled enterprise customers. Every prompt and output is now stored on Anthropic's servers for 30 days, with no option to opt out or negotiate a Zero Data Retention (ZDR) agreement, even for clients who had previously secured such terms.
Microsoft Restricts Access
According to The Verge, Microsoft has restricted Claude Fable 5 from the internal model picker used by employees within GitHub Copilot, despite rolling out the same model to Copilot and Foundry customers. Sources cited by The Verge indicate that Microsoft's legal teams are evaluating whether the new retention rules align with the company's customer data and confidentiality obligations.
Microsoft is not alone in its caution. The Information reports that several AI legal firms are warning that the policy could compromise attorney-client privilege, which protects communications between lawyers and their clients from disclosure.
Security and Compliance Concerns
Etay Maor, vice president of threat intelligence at Cato Networks, told The Information that Anthropic's approach is unusual from a security architecture perspective. He noted that data retention is typically configurable and controlled by the client, not the provider. While the safeguards may deter some attackers, they introduce tradeoffs that enterprises must evaluate.
The core issue is that all other Claude models in the API—Opus 4.8, Sonnet 4.6, Haiku 4.5—can still operate under ZDR agreements. Fable 5 cannot. Existing ZDR contracts do not apply to Fable 5 traffic, forcing law firms, healthcare providers, and regulated enterprises to reconsider using the model for sensitive prompts.
Anthropic's Justification
Anthropic's support page explains that Mythos-class models are powerful in cyber and bio domains, requiring monitoring for abuse patterns that only emerge across multiple requests, such as Best-of-N jailbreaks, state-sponsored espionage, and data extortion. Retained prompts and outputs are analyzed for misuse signals and most are deleted after 30 days, but flagged content can be held for up to two years.
For general counsels at major companies, this policy presents a legal hurdle. Many, following Microsoft's lead, are not yet ready to approve its use.
