Microsoft restricts Claude Fable 5 internally over 30-day data retention requirement

Microsoft has blocked internal employee access to Anthropic's Claude Fable 5, the first model from the company's new Mythos class, according to sources familiar with the matter. The restriction comes as Microsoft's legal teams evaluate Anthropic's mandatory data retention requirements.

Claude Fable 5 is not available in the model picker that Microsoft employees use for internal versions of GitHub Copilot, though all other Claude models remain accessible. According to sources, the issue centers on Anthropic's departure from Zero Data Retention (ZDR) rules that govern other Claude models.

Data retention requirements

Claude Fable 5 requires data retention to operate Anthropic's new safety classifiers. According to the policy, Anthropic retains prompts and outputs for 30 days before deletion. Content flagged as violating Anthropic's usage policy can be stored for up to two years.

Microsoft's concerns reportedly focus on customer data and confidential information. The company has been telling employees that legal teams are evaluating the changes, with no timeline for when or if Claude Fable 5 will be cleared for internal use.

External rollout continues

Despite the internal restriction, Microsoft has made Claude Fable 5 available to its GitHub Copilot and Foundry customers. The distinction highlights Microsoft's position as both a user and distributor of Claude models.

Mythos class background

Claude Fable 5 is the first broad release from Anthropic's Mythos class of AI models. Weeks before the release, Anthropic stated the family was so capable at cybersecurity tasks that it was too dangerous to release publicly. The company implemented prompt safeguards to make Fable 5 less dangerous, which according to Anthropic necessitated the data retention changes.

Microsoft did not respond to requests for comment.

What this means

This restriction represents a rare friction point between Microsoft and Anthropic, despite Microsoft's reported $4 billion investment in the company. The data retention requirement creates a fundamental conflict with enterprise security practices that typically demand zero data retention or air-gapped deployments. If Microsoft's legal teams don't approve internal use, it could signal broader enterprise adoption challenges for models that require persistent data storage for safety features. The incident also illustrates the tradeoffs between AI safety mechanisms and enterprise data governance requirements.