Anthropic announced a policy effective June 9 2026 requiring retention of prompts and outputs from Mythos‑class models for 30 days for safety. Applies to organizations using zero‑data‑retention workspaces, Claude Code with ZDR, or accessing via AWS Bedrock, Google Cloud, Microsoft Foundry. Consumer plans remain unchanged on all platforms.

Reason: Claude Mythos 5 dramatically expands capabilities, usable for benign and malicious tasks. Claude Fable 5 shares the same model but adds safeguards in cyber and bio domains. Retaining data lets Anthropic spot patterns like best‑of‑N jailbreaking or state‑sponsored espionage that only emerge across many requests.

Protection measures: employees can view conversations only if flagged for serious harm or upon written customer request. Access occurs through restricted tooling that blocks export, copying or downloading, and every view logs in a tamper‑proof ledger. After 30 days the data auto‑deletes unless retained for an ongoing safety investigation or legal obligation. Eligible firms may supply their own encryption keys.

No configuration change required for organizations outside the zero‑retention scope; they continue under existing terms. Anthropic’s documented security program, regular testing, and the white‑paper in its Trust Center outline the threat model and controls. The policy tightens oversight of the most powerful models while preserving the existing workflow for other Claude offerings.