The brief but turbulent launch of Anthropic’s Claude Fable 5, the public release of its Mythos-class AI model, has triggered a wave of scrutiny over data retention practices and the near-total absence of identity infrastructure around frontier AI systems, exposing risks that enterprise leaders can no longer defer.
Related articles
Anthropic’s Mythos-Class Fable Shutdown Raises Questions About Sovereignty and AI Continuity in CX
Anthropic Releases Mythos-Class Claude Fable 5 as Enterprises Struggle to Govern AI Security Risk
Anthropic Exposes the Enterprise Patch Gap as Exploitation Hits “Minus Seven Days”, Red Hat Warns
Anthropic’s “Mythos-Class” Release Plans Should Put CX Leaders on Alert as Security Risks Accelerate
What Your AI Vendor Does With Your Data and Why Most Enterprises Haven’t Asked
Under Anthropic’s retention policy for Mythos-class models, every prompt submitted and output generated is held for 30 days for trust and safety purposes, on every platform where the models are offered. If an interaction is flagged by Anthropic’s trust and safety classifiers as potentially violating its usage policy, that data can be retained for up to two years.
Anthropic removed both Fable 5 and Mythos 5 from use on June 12, less than a week after their release. But immediately after Anthropic released Claude Fable 5 on June 9, Microsoft reportedly told employees its legal teams were evaluating Anthropic’s updated data retention requirements, effectively restricting internal use of the model while the review proceeded. The concern, according to reports, centered on customer data and confidential information flowing through the model’s API.
The implications are significant for an organization the size of Microsoft. Employees routinely work with confidential product roadmaps, unreleased financial data and sensitive customer information. A blanket 30-day retention window, with the prospect of a two-year hold on flagged content, creates obvious tensions with internal data governance frameworks and client confidentiality obligations.
Ashish Nagar, Founder and CEO of customer experience AI company LevelAI, told CX Today that it’s a wake-up call for enterprises that have been treating public large language models like utility services. “Don’t be dependent on a public LLM provider for critical AI resources—this stuff can be cut off anytime. The more data security and privacy risk an enterprise has, the more it needs its underlying AI to be personalized to its own use case.”
Nagar argued that the real risk is structural.
“With public LLMs, there is very limited control over how data is being used, where it is being stored, and how it is being used for model training. That will become the gating factor for enterprise adoption.”
Nagar suggested that enterprises should work with partners that have their own purpose-built models, or develop them internally, to avoid “runaway token costs” and opaque data practices.
“When you control your own destiny, you don’t have a surprise bill of a few hundred million dollars without budgeting,” Nagar added, likening using a general-purpose frontier model for a specific CX task to “taking a Boeing 747 from Mountain View to San Francisco Airport — you just need an Uber.”
The Identity Problem No One Fixed
Fable 5’s troubles did not end with data retention. The model was withdrawn entirely following a U.S. government export control order restricting access by non-U.S. nationals, an action that exposed a more fundamental architectural flaw in that AI systems currently have no meaningful identity layer at the point of access.
“The only way to do that—because we don’t actually know who’s using a model—is to completely shut it down,” Geoffrey Mattson, Chief Executive Officer at AI-driven identity security firm SecureAuth, told CX Today. “You can get their login information, but that’s hardly rigorous.”
Export control law in the U.S. carries severe penalties, including federal prison time, for sharing dual-use technology with restricted countries or their nationals. Faced with a model that Mattson said has guardrails that are “relatively trivial” to circumvent through hidden prompt text, language-switching attacks, or other techniques, the government’s blunt instrument was a full shutdown.
Mattson believes the industry is heading toward a Know Your Customer (KYC) model for AI access, similar to the obligations that banks carry around money laundering. “The provider will have to certify, for very powerful models, that it knows the intention of the customer is good,” Mattson said.
Legitimate researchers in biology and other sensitive fields were caught in Fable 5’s safeguard net, a problem Mattson says is “solved by a more granular understanding of who the customer is.”
The challenge compounds once autonomous agents enter the picture. Modern agentic AI systems can spawn sub-agents, which can in turn spawn their own sub-agents, creating chains of delegated authority that the industry has no simple means to trace. “If an agent is using the API that Anthropic provides, there is very little standardized way to detect who is actually responsible,” Mattson said.
Mattson drew a distinction between traditional cybersecurity monitoring and what agent identity now demands:
“With an LLM, it’s a stochastic process—it can change in any moment. It can demonstrate what seems to be bad intent. Real-time cyber monitoring is what’s needed to secure the identity of these agents.”
For customer experience team, long accustomed to operating at a distance from IT and security functions, that collision is arriving faster than many organizations are prepared for. Mattson pointed to Air Canada being held legally liable for its chatbot’s hallucination on a fare policy as an early signal of what inadequate agent governance looks like in practice.
What Enterprises Should Be Asking
Both Nagar and Mattson pointed out that the questions enterprises ask AI vendors, and the contractual protections they secure, need to evolve beyond traditional SLA thinking.
Nagar recommends buyers press vendors on whether costs are dependent on what OpenAI or Anthropic charge; on their security and data privacy protocols; whether the model improves dynamically with the enterprise’s own data; whether there are vertical-specific models available; and whether the vendor has genuine ownership of its underlying AI stack.
Mattson noted that the AI companies most likely to win enterprise trust over the next 12 months will be those that “take the security concerns of using their model completely off the table” by building in KYC, scoping agent authorization tightly, certifying human oversight where needed and making the whole package deployable without requiring customers to become identity security experts. “Let’s put a buffer between the agents and what they can access and then let the innovation run wild,” Mattson said.
With U.S. President Trump making comments that indicate a softening stance towards Anthropic and Fable, the model may soon become available to users again. As enterprises deepen their dependence on AI for voice agents, customer workflows and backend analytics, the combination of opaque data retention and absent identity infrastructure is no longer an acceptable design assumption.
