Bottom line: Claude Fable 5 does not permit zero-data-retention contracts and retains all prompts and outputs for 30 days for security purposes, even where organizations have ZDR agreements with older Claude models.
With its new Claude Fable 5 model, Anthropic mandates 30-day retention of inputs and outputs for security audits — creating exceptions to existing zero-data-retention agreements. This affects compliance requirements for enterprises in regulated industries.
With the launch of Claude Fable 5 (Mythic tier), Anthropic has released a powerful new AI model that promises high performance for software development and agent-based tasks. The company’s official support documentation requires that inputs and outputs from Mythic-tier models be retained for 30 days. According to Anthropic, this retention occurs exclusively for purposes of “Trust & Safety”: the data is not used to train new models, usage is limited to security-related reviews, and access restrictions and logging mechanisms apply. The 30-day retention applies across platforms, regardless of whether Fable 5 is accessed through Amazon Bedrock, Google Cloud Agent Platform, or Microsoft Foundry.
This approach differs fundamentally from other Claude models. Claude Opus 4.8, Claude Sonnet 4.6, and Claude Haiku 4.5 can operate under enterprise contracts with Zero Data Retention (ZDR) — Fable 5 explicitly does not offer this option. According to Anthropic, this exception applies even to organizations that already have existing ZDR agreements for other Claude models. For the Mythic tier, mandatory 30-day retention applies instead.
Anthropic explains that retained content may be reviewed by authorized personnel under certain conditions. The company points to restricted access circles, no export capability, tamper-proof logging, and a limited number of trained reviewers. However, Jessica Eaves Mathews, a legal specialist in AI law, has publicly cautioned that the mere possibility of human access to data may have legal significance in certain regulated industries — for instance with regard to confidentiality or third-party access.
For Chief Data Officers and compliance professionals in regulated industries, this distinction is material. Organizations with high compliance requirements in law, financial services, healthcare, critical infrastructure, M&A transactions, and proprietary software development must incorporate mandatory data retention into their risk assessment. Before deploying Fable 5, organizations should verify whether internal policies, regulatory requirements, or contractual obligations are compatible with this data policy. Anthropic positions the measure itself as part of responsible deployment of particularly capable models.
Source: www.it-daily.net · Published June 11, 2026
Lumi AI News — AI-assisted curation in accordance with Article 50 EU AI Act. Paraphrase and classification via Lumi News Pipeline v1.6.5.