Microsoft is not the only company ‘warning’ about using Anthropic Claude Fable, other companies too are worried that…
When Anthropic flipped the switch on Claude Fable 5—its first publicly available Mythos-class model— on June 9, the AI giant quietly rewrote a clause enterprises had been counting on. Every prompt and every output now sits on Anthropic’s servers for 30 days. No opt-out. No Zero Data Retention carve-out, even for the enterprise customers who had specifically negotiated one. Microsoft was the first big name to flinch—but it isn’t the only one.The Verge first reported this week that Microsoft has restricted Claude Fable 5 from the internal model picker its employees use inside GitHub Copilot, even as the company rolled out the same model to its Copilot and Foundry customers. The reason, per sources cited by The Verge: Microsoft’s legal teams are still evaluating whether the new retention rules sit comfortably with the company’s customer data and confidentiality obligations.But Microsoft isn’t the only company pumping the brakes. A new report from The Information says several AI legal firms are warning that the policy could create problems for attorney-client privilege—the rule that shields communications between lawyers and their clients from disclosure.
A retention policy Microsoft and other Anthropic clients can’t switch off
Etay Maor, vice president of threat intelligence at security firm Cato Networks, told The Information that Anthropic’s approach looks unusual from a security architecture standpoint. Maor said the safeguards will stop some attackers but introduce tradeoffs enterprises need to weigh, noting that data retention “is typically configurable and controlled by the client, not the provider.”That’s the crux of the discomfort. Every other Claude model in the API—Opus 4.8, Sonnet 4.6, Haiku 4.5—can still run under Zero Data Retention agreements. Fable 5 cannot. Any existing ZDR contract does not apply to Fable 5 traffic, which means law firms, healthcare providers, and regulated enterprises now have to think twice before piping sensitive prompts through the model.
Why Anthropic says the 30-day window has to stay
Anthropic’s own support page lays out the logic. Mythos-class models are powerful enough—particularly in cyber and bio domains—that the company wants to watch for patterns of abuse that only surface across multiple requests. Best-of-N jailbreaks. State-sponsored espionage campaigns. Data extortion attempts. Retained prompts and outputs get analysed for misuse signals, and most are deleted after 30 days. Flagged content, however, can be held for up to two years.For general counsels at the world’s biggest companies, that’s the math they’re now being asked to sign off on—and many, going by the Microsoft precedent, are not yet ready to do so.
