Every frontier model release follows the same script. The benchmarks are state-of-the-art. The demos are remarkable. The pricing looks aggressive. And the pressure to adopt; from boards, from competitors, from your own engineers, becomes almost irresistible within a week.
Anthropic's Claude Fable 5, released on 9 June 2026, is the latest and one of the most capable examples. It is a Mythos-class model made generally available, described as state-of-the-art on nearly every tested benchmark, priced at $10 per million input tokens and $50 per million output tokens, and built for exactly the kind of long-running, autonomous, document-heavy work that enterprises most want to delegate: multi-stage code migrations, deep research synthesis, agents that reason over your organisation's data for hours at a time.
That last phrase is the one governance leaders should sit with. Reason over your organisation's data. Because the more capable the model and the more of your data you feed it, the more the question shifts from what can it do? to what happens to everything we put into it?
And on that question, the fine print has been moving.
The capability is real. So is the data shift.
In August 2025, Anthropic changed its consumer terms. Chats and coding sessions from Free, Pro, Max and Claude Code users would now be used to train its models unless the user actively opted out, with conversations retained for up to five years; a sharp departure from the previous default of deleting data within roughly 30 days and not training on it at all. Enterprise and commercial API agreements were carved out and kept their stronger protections.
That distinction; consumer terms versus commercial terms, is the first thing every organisation needs to understand. But it is not the end of the story.
In June 2026, reporting drew attention to a carve-out that survives the opt-out entirely. Even when a user has opted out of training, conversations that are flagged for safety review can still be retained and used: inputs and outputs for up to two years, and trust-and-safety classification scores for up to seven. There is no mechanism for a user to know whether a given conversation was flagged, no published definition of what triggers flagging, and the carve-out reportedly applies even to private or incognito sessions that breach usage policies.
None of this is unique to Anthropic, and none of it makes Anthropic an unsafe vendor; in fact Fable 5 ships with notably strong safeguards, new classifiers that refuse high-risk requests, and a documented 30-day retention window for safety analysis on its commercial surface. The point is narrower and more important: the terms under which a frontier model handles your data are now a moving target, they differ by tier, and they are not always intuitive. Capability is advertised on the front page. The data terms live in the policy you have to go looking for.
Why this is an IP and privacy problem, not just a procurement footnote
For a consultancy, a law firm, a health service or any organisation whose value lives in its information, the exposure is concrete.
1. Your inputs may be someone else's training signal
A prompt is rarely just a prompt. It carries client data, draft strategy, unreleased financials, source code, case facts, patient information. If staff use a consumer tier, or paste sensitive material into a personal account, that content can fall under retention and training terms the organisation never agreed to and cannot see. The IP you believed was confidential becomes, at best, retained; at worst, an input to a model others will use.
2. "Opted out" is not the same as "not retained"
The most dangerous assumption is that flipping a setting closes the door. The safety-review carve-out shows that opt-out controls govern the default use of data, not every use. Governance has to be built around what the contract actually permits in its exceptions, not around the reassuring headline setting.
3. The tier you bought determines the protection you have
Enterprise and API agreements typically exclude your data from training and shorten retention. Consumer tiers do not. The protection is real; but only if your people are actually inside the governed tier. Shadow usage of a free account quietly undoes the assurance your enterprise contract was supposed to provide.
4. The terms can change after you adopt
The 2025 shift happened to existing users by notification, with a deadline to respond. Adoption is not a one-time risk decision. The terms you accept today can be amended, and your governance needs a way to notice when they are.
What careful adoption actually looks like
Caution here does not mean abstention. Refusing to use frontier models is its own risk; you simply trade data exposure for competitive and capability exposure, and your staff will use the tools anyway through unmanaged channels. The goal is not to slow adoption but to make it deliberate.
Read the data terms before the benchmark scores. For any model you are considering, establish in writing what is retained, for how long, whether your inputs and outputs can be used to train or improve the model, and what exceptions survive an opt-out. Treat the commercial agreement, not the marketing page, as the source of truth.
Buy and enforce the right tier. An enterprise or API agreement with training exclusion and clear retention limits is the floor for any sensitive use. Then close the gap that undermines it: block or actively manage consumer-tier access so confidential material cannot leak through a personal login.
Classify data before it reaches the model. Decide which categories of information are permitted in which tools. Source code, client-confidential material, personal information and regulated data each need an explicit rule, not a hopeful default.
Govern the human layer, not just the contract. Most exposure comes from a well-meaning employee pasting the wrong thing into the wrong window. Clear acceptable-use guidance, training and lightweight technical guardrails do more than any clause.
Build a vendor-terms review cadence. Frontier terms change. Assign ownership for monitoring updates to data, retention and training policies, and define what triggers a reassessment.
The frontier will keep moving. Your governance has to move with it.
Fable 5 will not be the last model to reset the benchmarks, and it certainly will not be the last to quietly reset the terms beneath them. The organisations that adopt well will not be the ones that move fastest or the ones that hold back longest. They will be the ones that treat capability and data governance as a single decision; that read the fine print as carefully as the leaderboard, and that know exactly what they have agreed to before they hand their most valuable information to a model built to reason over all of it.
The model is impressive. That was never in doubt. The discipline is in adopting it with your eyes open.
