Anthropic's latest frontier-class Claude models have introduced a mandatory data-sharing requirement that fundamentally changes how enterprise customers can deploy AI on Amazon Web Services (AWS), forcing inference prompts and outputs to leave AWS's security boundary for 30-day retention at Anthropic. The shift marks a significant departure from every previous Claude model and has triggered urgent compliance concerns among regulated organizations, particularly in healthcare, finance, and Europe.

What Changed With Claude Fable 5 and Mythos 5?

When Anthropic launched Claude Fable 5 and Claude Mythos 5 on AWS Bedrock in mid-June 2026, both models came with a mandatory setting called "provider_data_share" that routes all inference data to Anthropic for human review and 30-day retention. Unlike every prior Claude model, including Opus 4.8, Sonnet, and Haiku, there is no alternative mode; the allowed_modes field contains exactly one value. For all previous Bedrock models, inference data remained entirely within AWS's data and security boundary, a core value proposition that attracted regulated enterprises to the platform.

The requirement lasted only three days. On June 12, 2026, Anthropic asked AWS to revoke access to both models, citing compliance with a U.S. Government export control directive. Access to all other Claude models remained unaffected, but the brief window exposed a critical governance gap for teams that had already enabled the data-sharing parameter at the account level.

Why Does This Matter for Regulated Industries?

The data-sharing architecture creates cascading compliance obligations for enterprises operating under strict data residency and privacy rules. Once Anthropic holds inference data as a sub-processor, regulated organizations must amend their data processing agreements (DPAs), update sub-processor lists, and reassess legal bases for each workload. European organizations face additional exposure through the CLOUD Act, a U.S. law that grants American authorities access to data held by U.S. companies, even when stored abroad. Healthcare organizations face a particularly acute gap: existing AWS Business Associate Agreements (BAAs) covering Bedrock inference may not extend to Anthropic's sub-processor relationship, and a separate BAA with Anthropic may not yet exist for this data path.

"The entire value of AWS Bedrock was that it sat as the neutral place between companies and model providers. It guaranteed data and inference residency, and there was no possibility of your organization's data used by the model providers for their own purposes. Strip that away and AWS Bedrock is first-party Anthropic, with fewer features," explained Chris Farris, cloud security researcher at Securosis.

Chris Farris, Cloud Security Researcher at Securosis

Anthropic frames the 30-day retention as a safety requirement for Mythos-class models, needed to catch novel attacks and jailbreaks through blocking classifiers. However, the company has also indicated that future frontier-class models will carry the same provider_data_share requirement, making this a recurring governance concern rather than a one-time exception.

How Are Organizations Responding to the Data-Sharing Risk?

Security teams and compliance officers have begun implementing defensive measures to prevent accidental data exposure. AWS has published isolation guidance recommending dedicated Bedrock Mantle projects for Fable 5 workloads, scoped away from production environments. More importantly, teams that enabled provider_data_share during the three-day launch window are advised to deploy a service control policy using the bedrock-mantle:DataRetentionMode condition key to restore the default zero-retention posture.

A secondary detection gap compounds the risk: Bedrock Mantle logs to bedrock-mantle.amazonaws.com in CloudTrail, a different event source from regular Bedrock (bedrock.amazonaws.com). Existing cloud security posture management (CSPM) rules and security detectors watching for Bedrock activity will not catch the data retention change unless the Mantle event source is added explicitly. This means organizations may not realize they have enabled data sharing without actively monitoring the correct log stream.

Steps to Protect Your Organization From Unintended Data Sharing

• Audit CloudTrail Logs: Search bedrock-mantle.amazonaws.com event logs for any DataRetentionMode settings enabled during the June 9-12 launch window, and document which teams or projects may have activated provider_data_share.
• Deploy Service Control Policies: Implement an organization-wide SCP using the bedrock-mantle:DataRetentionMode condition key to deny any retention mode other than none, preventing future accidental enablement across all AWS accounts.
• Review Sub-Processor Agreements: Audit existing AWS BAAs and DPAs to confirm whether Anthropic is listed as a sub-processor, and initiate contact with Anthropic to clarify BAA coverage for inference data if your organization processes healthcare or other regulated information.
• Isolate Frontier-Class Workloads: If your organization plans to use future Mythos-class or frontier-tier Claude models on Bedrock, deploy them in dedicated projects separate from production systems, as AWS recommends.

What Happens Next for Claude on AWS?

Three critical questions remain unanswered. First, whether Fable 5 and Mythos 5 will return to Bedrock after the export control matter resolves, and on what data-sharing terms. Second, whether Anthropic will publish a Business Associate Agreement path for healthcare organizations that need to cover inference data under HIPAA regulations. Third, whether the mandatory provider_data_share pattern will normalize across other frontier model providers as capability tiers expand, potentially making data residency guarantees obsolete across the entire cloud AI ecosystem.

Meanwhile, Claude remains the only U.S. company model in the top five for global token usage, with Claude Opus 4.7 and Claude Sonnet 4.6 ranking in the top 10 across all AI models worldwide. However, the data-sharing requirement may reshape how enterprises evaluate Claude's competitive position relative to open-source alternatives and other providers that maintain data residency guarantees. For regulated organizations, the governance overhead of managing Anthropic as a sub-processor may outweigh the performance benefits of frontier-class models, at least until clearer compliance pathways emerge.