Bedrock Data Sharing Sends Fable 5 Inference Data to Anthropic

InfoQ reports that using Claude Fable 5 or Mythos 5 on Amazon Bedrock requires enabling provider_data_share, a data retention mode that routes inference prompts and model outputs to Anthropic for 30-day retention with human review. Critically, InfoQ notes there is no alternative mode - the allowed_modes field for these models contains exactly one value. For every previous Bedrock model, including Opus 4.8, Sonnet, and Haiku, inference data stayed inside the AWS boundary. The AWS blog post states: "Once you opt into data retention, your data will leave AWS's data and security boundary." Anthropic frames the 30-day retention as a safety requirement for Mythos-class models, needed to catch novel attacks and jailbreaks through blocking classifiers.

On June 12, 2026, three days after launch, Anthropic asked AWS to revoke access to Claude Fable 5 and Claude Mythos 5 for all users, citing compliance with a US Government export control directive, per the AWS blog update. Access to all other models, including Opus 4.8, remains unaffected.

Anthropics has indicated that future models at the Mythos-class capability tier will carry the same provider_data_share requirement. The three-day window during which the models were live was sufficient for some teams to enable the parameter at the account level. Cloud security researcher Chris Farris of Securosis published a detailed critique: "The entire value of AWS Bedrock was that it sat as the neutral place between companies and model providers. It guaranteed data and inference residency, and there was no possibility of your organization's data used by the model providers for their own purposes. Strip that away and AWS Bedrock is first-party Anthropic, with fewer features."

Once Anthropic holds inference data as a sub-processor, regulated organizations face DPA amendments, updated sub-processor lists, fresh records of processing, and a new assessment of legal bases for each workload. European organizations face additional exposure through the CLOUD Act: Anthropic is a US company, and retained data falls within reach of US legal requests. A German practitioner quoted on Reddit confirmed: "This will be a deal breaker for us. And I would guess for a lot of German/European-based companies." Healthcare organizations face an additional gap: existing AWS BAAs covering Bedrock inference may not extend to Anthropic's sub-processor relationship, and a separate BAA with Anthropic may not yet exist for this data path.

A separate issue compounds the risk, per InfoQ and Farris: Bedrock Mantle logs to bedrock-mantle.amazonaws.com in CloudTrail, a different event source from regular Bedrock (bedrock.amazonaws.com). Existing CSPM rules and security detectors watching for Bedrock activity will not catch the data retention change unless the Mantle event source is added explicitly. Farris documented an SCP pattern using the bedrock-mantle:DataRetentionMode condition key to deny any retention mode other than none org-wide. AWS has also published isolation guidance through the Builder Center recommending dedicated Bedrock Mantle projects for Fable 5 workloads, scoped away from production.

Whether Fable 5 and Mythos 5 return to Bedrock after the export control matter resolves, and on what data-sharing terms. Whether Anthropic publishes a BAA path for healthcare organizations that need to cover inference data under HIPAA. Whether the mandatory provider_data_share pattern normalizes across other frontier model providers as capability tiers expand.