HN

Comments (198)

• Menu

  dsign
  The root of the problem is that AI-as-a-service is corked, because companies providing it have a hell of an incentive to use all that data to out-compete their competitors, and they can do so in secret. To say nothing of salivating law-enforcement who really, really wants to tap into it. I'm hoping there will be at some point open-source and affordable hardware that can run competent models.
• Menu

  OtherShrezzing
  This is odd behaviour, and provides some evidence that Anthropic isn't being managed by serious people. With this policy across AWS/GH/Zed/etc, they're taking their massive lead in enterprise/govt sales and handing it to any competitor who can serve a model anywhere near these capabilities with a modestly nice UI.
• Menu

  pczy
  This policy applies across all providers. Here is the warning in Cursor: https://i.redd.it/7sfyker2ya6h1.pngNote that Anthropic has committed not to train models on logged data, so I don’t understand some of the concerns here. What exactly is your threat model? That Anthropic would train models contrary to their terms of service? That you trust them enough not to log your data prior to this, but not enough to trust their stated limits on how logged data will be used now?Edit: I am partially convinced by some of the replies. However, it is worth noting that this change primarily affects Enterprise users. Data from consumer plans is already retained for 30 days. Source: https://privacy.claude.com/en/articles/10023548-how-long-do-...
• Menu

  rohansood15
  Pretty sure this doesn't work for any regulated enterprise or government client. But AWS knows this, so I am curious why they'd agree to it.
• Menu

  storus
  This smells like an advanced version of corporate espionage. Assuming most companies will use their AI in the future, this will be fed directly to an Echelon-like network that will be leaking "interesting info" to friendly parties, like the Boeing vs Airbus scandal that was first widely reported and then swept under the rug officially.
• abofh
  Not a sub processor for us, so insta banned. Also spiked the ball on us updating our sub processor list. If they'd done something in-cloud we wouldn't have blinked, but no governance or controls, non starter.
• Menu

  jreynar
  Ugh. I'm sure we're not the only company that's going to face the difficult decision to either stay with Opus 4.8, switch to a different model provider or update and significantly weaken our terms of service around no model re-training, not sending data to third parties and the like. I understand why Anthropic wants to do this but I'd be much more comfortable with it if the data never made it to Anthropic unless an analysis Amazon ran, maybe even using tools from Anthropic, determined that there was something to look at. That'd be an easier carve out in an enterprise Terms Of Service / Privacy Policy.
• masonwan
  Wonder why Anthropic wants all those data? Isn't it a good company?
• moezd
  That's it. If you have confidential data that you're running with Fable, you're giving that away for free. Maybe you have always been, but now they explicitly ask for it.
• Menu

  nullbio
  Cancel your subscriptions, or you are to blame. Simple.If you aren't voting with your wallet, you can't cry when the world ends.
• ramstar3000
  Is this related to the pricing for these models, since these are not going to be subsidised, they do not have much incentive to offer zdr.My current thought is that many businesses use claude code on API based pricing opposed to subscriptions due to the zdr. However, these models are already not being subsidised?
• Menu

  stuaxo
  That rules it out for all sorts of apps.I've worked on a few apps for UKGov and I would absolutely be raising this as a massive red flag.
• buzer
  One very important point here is that it looks like Anthropic is becoming GDPR controller for all submitted data. So data subjects have Article 15 right to request information about processing and possibly a copy of the data. Latter might be contested under "rights of others", but former is more absolute.What this means it that if someone makes an Article 15 request, they would be entitled to know if Anthropic holds personal data about them and also from who they received this data at minimum.If someone wants to do that, I would recommend combining it with Article 18 request to forbid deleting the data for legal claim in case you contest Anthropic's reply. Otherwise they could just delete the data per their retention policy and DPA would find much later that they no longer hold the data.
• Menu

  htrp
  you've got to respect anthropic being willing to shoot themselves in the foot over a belief around Mythos performance
• throw03172019
  So all HIPAA workloads are now going to be an issue? They should at least allow us to “retain data” per API key or login so the non-PHI workloads can use Fable and PHI can remain on other models and respect the ZDR.
• thefounder
  They want your data like you everybody else and enterprise data is juicy to say at least
• cherryteastain
  I guess this is an anti-distillation move?
• a34729t
  Who would have thought that our saviors will be the Chinese!?
• 1313ed01
  Same as for GitHub Copilot?"For more on how Anthropic handles this data, see Anthropic’s commercial terms and data retention policy. Enabling the Claude Fable 5 policy constitutes acknowledgement of this requirement. Leaving it off keeps Claude Fable 5 unavailable to your organization."https://github.blog/changelog/2026-06-09-claude-fable-5-is-g...
• officialchicken
  "Legally required" ... gotcha, script writing on Melania Movie 3 has begun in exchange for a national security letter requiring Amazon to both keep the data and not exclude it from training.
• Menu

  xnx
  Is this also the case for Google Cloud? https://docs.cloud.google.com/gemini-enterprise-agent-platfo...
• Menu

  zmmmmm
  OpenAI ... your move. The enterprise market just cracked wide open. Do you want it?
• Menu

  _pdp_
  This is not going to fly in EU.
• rozumbrada
  They say it's opt-in but since they are capable of agreeing to this, I am just waiting until they hide this opt-in into the regular ToS when asking for a new model access...
• LetsGetTechnicl
  Simple solution here is to not use AI?
• amluto
  It’s worth noting that Anthropic has made some very odd moves in the last few months in which Claude Code reviews your usage of it and penalizes you for mentions of some short strings that don’t even indicate TOS violations. And if they’re going to insist on retaining all data for 30 days for nebulously defined “safety”, then I’m not particularly interested in doing business with them.Imagine if they interpret “safety” such that they scan for the string “com.openai” and, if found, ask an LLM to summarize your entire session and send it for human review?
• throwfaraway4
  Things like siphoning your data and using it to train while nerfing the model for everyone else is just the beginning of shady, rug-pulling, enshitification behavior we should expect. The dev community more than ever now needs to focus on being self-reliant and supporting open source models. They're counting on our skills atrophying over time to where you need their models to get work done. Ask yourself, do you actually need a frontier model to do this work? I think in many cases the answer is no. Don't support hostile behavior like this. Also, you can bet they're going to front government surveillance if not by choice, by regulation and political pressure.
• gdiamos
  What I do is route general data to Mythos, and my own IP to a local model.I expect them to train on their traffic, and I train on mine.
• cloudengineer94
  If it’s for future models at the same level of Sonnet and Opus, then it might become a problem for the for companies using this.At the end of the day we will need private LLMs and Cohere might save a traço great chance here
• BoorishBears
  Similar for GCP if anyone's wondering, and in fact a bit further in some ways: https://cloud.google.com/terms/advanced-ai-safety-addendum60 days.
• _bobm
  Very confident. But will it stick? And if it doesn't -- what then? Back to scheming?
• adithyaharish
  Woah, if anthropic does it, even OpenAI would start doing the same with Azure models
• avereveard
  *Anthropic requires it
• Menu

  romanovcode
  > except in the rare cases where it's part of a safety investigation or we're legally required to keep itSo basically all your data will flow to NSA/CIA/Mossad if they show even slight interest in your org or you as a person. Gotcha.
• Menu

  shevy-java
  They want your data.> After 30 days, the data is deleted automaticallyDo we believe that?> or we're legally required to keep it.Aha - so, data is forever.
• Menu

  razieloren
  it's either this or playing x30 for a token, anyhow i physically can't write code again
• drcongo
  Got an email from Zed about the same this morning.
• Menu

  themafia
  What a "frontier."
• TZubiri
  My thesis is that in software you don't want aggregators. They provide the promise of vendor neutrality, but it comes at the expense of increased supply chain compromise risk, small print technically legal data exfiltration.Even in the happy case where nothing bad happens, you get a badly integrated product, because you integrate not against the actual vendor, but against a abstraction layer that commoditizes the actual product, effectively forcing you to either use the least common denominator of features, or circumventing the actual aggregation model itself with some kind of 'vendor_specific_parameters' parameter in the aggregator API.My thesis is drop the vendor neutrality, and build your integration with the vendor directly.
• rvz
  Imagine still believing that local models do not have a use-case after seeing policies like this.Anthropic does not care about you.
• codeduck
  aaaand there it is.
• dhavd
  lol
• shakeelhussain5
  [flagged]
• gauravvij137
  The data leaving AWS boundary kills this for any regulated workload. We've been running side-by-side evals of open models against Claude on private test suites, using Neo as the orchestration layer. Keeps everything in-house and gives us objective comparison data.
• weavoapp
  [flagged]
• chattermate
  The regulated-enterprise angle is the interesting part. Bedrock's whole pitch to those customers was "your data never leaves your AWS boundary" — that's the line that gets it through procurement and compliance reviews. A 30-day retention requirement where traffic crosses into the vendor's boundary quietly invalidates that, and for healthcare/finance/gov it's not a knob they can flip no matter how good the model is. This is exactly why we keep our LLM layer provider-agnostic with a self-hosted fallback (Ollama-class models) for data-sensitive paths — you eat a capability hit, but you keep the option of not sending regulated data anywhere. The risk TZubiri names is real: the moment you're reaching for "vendor_specific_parameters," the neutrality you bought the aggregator for is already gone.
• Menu

  Torikul007
  I understand the safety/misuse argument, but I wonder where enterprises will draw the line here. “30-day retention for advanced models” sounds reasonable in isolation, until you remember many teams are sending proprietary code, internal docs, or customer-sensitive context through these systems.
• lufiya01
  [dead]
• lufiya01
  [dead]
• MagicMoonlight
  [dead]
• cboyardee
  [dead]
• wyynoapp
  [flagged]
• Menu

  malephex
  This is BS. They want to train on user data.
• Menu

  jedisct1
  Because they didn't store data before? Don't be so naive.
• Menu

  wewewedxfgdf
  Note that if you use AWS Bedrock then you're choosing to pay 10X to 20X because you trust AWS more than Anthropic.It is literally 10X to 20-X cheaper to directly buy Anthropic subscriptions for your devs.