Anthropic launched its powerful Fable 5 and Mythos 5 models with a quiet but significant change: organizations that paid for zero data retention will now have their prompts and outputs stored for 30 days. The company says it's necessary to police misuse, but it means "zero" no longer means zero.
Anthropic released two of its most capable AI models this week, and along with the benchmark bragging rights came a change that should make every privacy-conscious enterprise customer read the fine print. Organizations that specifically configured and paid for zero data retention will now have their prompts and the model's outputs stored for 30 days when using the new Mythos-class models.
The shift is small in word count and large in implication. "Zero data retention" is a contractual promise that nothing you send to a service gets kept after the request is processed. It is the setting companies choose when they handle regulated data, trade secrets, source code, or customer records they are legally obligated to protect. As of this release, that promise carries an asterisk.
What happened
Anthropic announced public availability of Claude Fable 5 and private, partner-only availability of Claude Mythos 5. Both are described as a tier above the company's Claude Opus models on standard benchmarks. The headline feature, depending on who you ask, is either the capability jump or the new safety scaffolding wrapped around it. Fable 5 ships with a fresh set of classifiers, separate AI models whose job is to spot misuse, and it fails over to the older Opus 4.8 for prompts touching cybersecurity, biology, chemistry, or distillation.
Buried in that safety framing is the data policy change. Per Anthropic's updated support documentation, "Prompts submitted to, and outputs generated by, Mythos-class models are retained for 30 days for trust and safety purposes, on every platform where these models are offered." The company frames this as a record-keeping measure in case a misuse investigation is ever needed.
Crucially, this is not a blanket change for all users. Consumer tiers (Claude Free, Pro, and Max) are unaffected because those plans already retain data under existing terms. The new retention specifically targets the customers who had opted out of retention entirely: organizations running zero data retention workspaces in the Claude Console, teams using Claude Code with ZDR under Claude Enterprise, and anyone accessing these models through AWS Bedrock, Google Cloud's agent platform, or Microsoft Foundry with ZDR enabled.
The legal and contractual basis
This is where it gets uncomfortable for compliance teams. Zero data retention is frequently the mechanism enterprises rely on to satisfy obligations under regimes like the EU's General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA). Under GDPR's data minimization principle (Article 5), controllers are supposed to retain personal data only as long as necessary for the stated purpose. A 30-day retention window for trust-and-safety logging is a new processing purpose layered onto data that customers may have specifically arranged to never store.
Anthropic says it will not use the retained prompts and outputs to train new models, and that the retention exists solely to prevent and investigate misuse. That distinction matters legally, training use and security logging are different processing purposes, but it does not erase the fact that data now exists where customers were told it would not.
For organizations operating under data processing agreements that promised zero retention, this likely requires a fresh look at those contracts. A DPA that guaranteed no storage may now be inconsistent with how the service actually behaves. Companies in regulated sectors, healthcare, finance, legal, that chose ZDR precisely to keep client data out of a vendor's hands will need to assess whether 30-day retention is compatible with their own downstream obligations.
Impact on users and companies
The practical effect lands hardest on enterprise buyers who built their AI governance around the ZDR guarantee. If your security architecture assumed prompts never persisted on Anthropic's infrastructure, that assumption is now wrong for Mythos-class models. Any sensitive data in a prompt, customer identifiers, internal code, confidential business information, sits in Anthropic's logs for a month.
There are a few concrete consequences worth thinking through. Data subject access and deletion requests under GDPR and CCPA may now reach into a retention store that previously did not exist. Breach exposure expands, because data that is retained is data that can be compromised; a 30-day window of stored prompts is a target that simply was not there before. And cross-border transfer analyses, already fraught for AI services, get more complicated when logs sit on multiple cloud providers across jurisdictions.
The distributed nature of the policy adds friction. Because the retention applies across AWS Bedrock, Google Cloud, and Microsoft Foundry as well as Anthropic's own console, customers cannot escape it by choosing a particular hosting path. The model itself carries the policy with it.
The capability and pricing context
The models are genuinely capable, which is partly why the safety posture tightened. Anthropic claims Fable 5 is state of the art on nearly all tested benchmarks, outperforming its own Opus 4.8, OpenAI's Codex 5.5, and Google's Gemini 3.1 Pro on the chosen suite. The company points to Stripe migrating a 50-million-line Ruby codebase in a single day, work it estimates would have taken a team two months by hand.
Pricing tells its own story. Fable 5 and Mythos 5 both run $10 per million input tokens and $50 per million output tokens, less than half the cost of the earlier Claude Mythos Preview at $25 and $125. On the safety side, Mythos 5 posted a 4.8 percent success rate for prompt injection attacks over 100 attempts according to its safety card, roughly on par with Opus 4.8.
Anthropic's own framing draws a clean line: the difference between Fable and Mythos is the safeguards, not the underlying capability. The company considers the model capable of serious harm without those guardrails, and the data retention policy is explicitly part of that protective apparatus. The logic is that you cannot investigate misuse of a dangerous tool if you keep no record of how it was used.
What changes
For most individual users, nothing. For enterprises that relied on zero data retention, several things. Review your data processing agreements against the new 30-day retention term. Re-examine any compliance attestations that referenced ZDR as a control. Decide whether sensitive workloads belong on Mythos-class models at all, or whether they should stay on models where the no-retention guarantee still holds. And update internal records of processing to reflect that prompt and output data now persists, even briefly, where it previously did not.
The broader pattern here is one privacy advocates have warned about as AI capability climbs: safety and surveillance tend to arrive together. The more powerful the tool, the stronger the vendor's argument for logging how it gets used, and the more that logging erodes the data minimization promises that made enterprise adoption palatable in the first place. Anthropic's position is defensible on safety grounds. Whether "zero data retention" should still be sold under that name when it now means thirty days is a question customers, and possibly regulators, are entitled to ask.
Comments
Please log in or register to join the discussion