To ensure we’re responsibly deploying Mythos-class models, we are requiring limited data retention and review as part of our safety work. Prompts submitted to, and outputs generated by, Mythos-class models are retained for 30 days for trust and safety purposes, on every platform where these models are offered.
This applies to Mythos-class models and future models with similar capabilities that we designate as covered models. For all other models, everything you use is unaffected and stays under the current terms.
This policy, described below, goes into effect on June 9, 2026. For more information on the threat model for retained data and associated privacy controls, please see the corresponding technical white paper on our Trust Center.
Who this applies to
Consumer plans (Claude Free, Pro, and Max) across our web, desktop, and mobile apps—including Claude.ai and Claude Code—are unaffected by this update, since we already retain inputs and outputs for safety purposes on these surfaces. Learn more about how we retain data for consumer plans.
This change only applies to organizations that have set up workspaces with zero data retention (ZDR) in Claude Console, use Claude Code with ZDR in Claude Enterprise, or access Claude through AWS Bedrock, Google Cloud Agent Platform, or Microsoft Foundry with ZDR. The rest of this article applies only to these organizations.
Why we’re doing this
Claude Mythos 5 represents a substantial increase in model capabilities, some of which can be used for both benign and malicious purposes. Claude Fable 5 shares the same underlying model as Claude Mythos 5, but with additional safeguards, particularly in the cyber and bio domains. While these safeguards allow us to share this intelligence more broadly, we are taking a conservative approach that allows us to look for patterns of misuse with this class of model. Some attacks only become visible across multiple requests. Best-of-N jailbreaking, for example, sends hundreds of slight variations of a prompt in the hope that one will work. Larger patterns of misuse, such as state-sponsored espionage or data extortion campaigns, only surface when our safeguards classifiers can zoom out across many requests. Detecting these threats requires temporarily retaining prompts and outputs so they can be analyzed together, rather than one at a time.
How we protect your data
Anthropic employees cannot access your conversations unless they are flagged for potential serious harm or upon a customer’s written request. These reviews can only be performed by a small set of approved reviewers through tooling that prevents export, copying, or downloading. Every instance of access is recorded in a tamper-proof log that reviewers cannot suppress or modify. After 30 days, the data is deleted automatically, except in the rare cases where it's part of a safety investigation or we're legally required to keep it. Eligible organizations also have the option to add customer-managed encryption keys and access transparency audit logs.
Anthropic maintains a documented information security program with technical and organizational measures that are designed to protect the security, confidentiality, and integrity of customer data. Our risk-based program is built for and evolves to defend against known and anticipated threat models and is tested regularly. For more information, see the technical white paper in our Trust Center.
Here is what security leaders are saying about our approach:
“Databricks enables enterprises to build agents that reason over critical data, and new frontier models from Anthropic help our customers do that more effectively. By continuously evolving their safeguards to match new model capabilities, Anthropic is making it possible for each of us to scale intelligence responsibly. We strongly support Anthropic’s initiative to bring this new class of safeguards to the industry."
- Fermin Serna, Databricks CISO | “Trust in the financial ecosystem depends on strong security, and Stripe has used AI for years to help strengthen our defenses on behalf of our customers. As frontier AI becomes better at finding security vulnerabilities, it becomes more important to ensure those capabilities are used defensively. Anthropic is setting a strong standard for Mythos by providing transparency into data handling and retention.“
- Matthew Kemelhar, Stripe CISO |
What, if anything, do I need to configure?
This change only applies to organizations that have set up workspaces with zero data retention (ZDR) in Claude Console, use Claude Code with ZDR in Claude Enterprise, or access Claude through AWS Bedrock, Google Cloud Agent Platform, or Microsoft Foundry with ZDR. For all other organizations, there is no change and there's nothing to configure. The rest of this section is for organizations that access Claude without data retention today and need to set up data retention in order to use designated models when they become available.
If your developers use the Claude API
Directly from Anthropic through Claude Platform: Turn on retention for the workspaces where you want to use covered models in the developer console (Workspace > Manage > Privacy Controls). Your other ZDR-enabled workspaces keep ZDR. Refer to the Anthropic Trust Center for documentation.
Through Claude Platform on AWS: Retention works the same way as the direct Claude API. It's configured at the workspace level, and retained data is handled by Anthropic under the same controls.
Through Amazon Bedrock: Retention will need to be enabled to access your new covered model, and retained data stays in your AWS environment. When models become available, onboarding details will be shared.
Through Google Cloud's Agent Platform: Retention will need to be enabled for your new covered model, and retained data stays in your GCP environment. When models become available, onboarding details will be shared.
Through Claude in Azure Foundry: Retention is configured for each Azure Subscription. If you have Zero Data Retention configured, then you will need to create and use a separate Azure Subscription to access these models.
If your team uses Claude Code
Through the Anthropic API: Claude Code’s data handling practices are governed by the workspace it operates in. If that workspace has retention enabled, Claude Code can use designated models. For developers who sign in directly, enable retention at your organization’s Claude Code workspace.
Through Amazon Bedrock or Google Cloud Agent Platform: Claude Code uses your cloud credentials, so it follows your cloud environment's retention setting. Retention must be enabled in your cloud environment, and retained data stays in your provider's environment. The same applies to Cowork accessed through Amazon Bedrock or Google Cloud’s Agent Platform.
Through Claude Enterprise with ZDR: We're releasing controls in the admin console so your Primary Owner can change the retention setting directly. If you'd rather not touch your production org yet, we can help you set up a separate sandbox org.
If your team uses Claude chat or Cowork through Claude for Enterprise
These surfaces already operate with standard retention, so you'll have access to the new models as they become available.