Microsoft recently restricted employees from using Anthropic's newly released Mythos-level large model Claude Fable 5 internally due to concerns about the compliance and confidentiality risks that its data retention policy may bring. According to people familiar with the matter, after Anthropic updated its data retention requirements for Claude Fable 5, Microsoft's legal team has stepped in to evaluate and temporarily removed the model from the GitHub Copilot model selection list used by employees within the company.

Anthropic officially launched its first Mythos-level model, Claude Fable, yesterday. Fable 5 is the core version of this release and has been quickly integrated into customer-facing products and services such as GitHub Copilot and Foundry by Microsoft. However, unlike the rapid launch for external customers, Microsoft's internal employees are temporarily unable to choose Claude Fable 5 in their own GitHub Copilot environment, and can still only access other Claude series models that continue to implement the "Zero Data Retention" (ZDR) strategy.

It is reported that Microsoft’s internal explanation to employees is that the legal team is evaluating Anthropic’s latest data retention requirements for the Mythos series models. The core concerns focus on how customer data and confidential information are stored and processed. It's unclear what the legal review will be and whether Claude Fable 5 will be reopened for use by Microsoft employees in the future.

According to the policy announced by Anthropic, the operation of Claude Fable 5 relies on a new security classifier, which requires the server to retain user prompts and output content for security analysis and violation detection. According to current rules, this data will be retained for 30 days by default and deleted after expiration; if the relevant content is flagged as violating Anthropic's usage policy, it may be retained for up to two years for continued security and compliance purposes. It is this "required retention" mechanism that has triggered a series of concerns about legal liability, customer privacy and corporate confidentiality protection on Microsoft's part.

The Claude Fable 5 is the first large-scale public release of the Anthropic Mythos family of models, which the company has previously said are "too dangerous for a full public release" when it comes to sensitive tasks such as cybersecurity. To reduce the risk of abuse, Anthropic introduced stricter prompt word security protection and content review mechanisms for Fable 5, which also technically contributed to the current data retention design, creating a new tension between product security and data compliance.

The media has sought comment from Microsoft regarding the current use of Claude Fable 5 within Microsoft and its subsequent plans, but Microsoft has not responded before deadline.

Related articles:

Anthropic releases Claude Fable 5, public version of Mythos without cybersecurity features