Anthropic adds mandatory 30-day traffic retention

Show Notes

Frontier AI access is starting to look like a gated system, and the price is visibility. Anthropic's latest model release makes thirty day data retention a requirement, signaling a broader shift in how advanced AI will be governed and consumed. For security and IT leaders, this is not just a policy change. It directly affects how AI can be used in sensitive workflows, what data is exposed to vendors, and how much control teams retain. At the same time, Apple is pushing automated password rotation, and CISA is redefining how vulnerability prioritization should work, both pointing toward more automation and more selective control. We also cover DTEX's push into intent level monitoring, along with key updates from Check Point, Google, Dataminr, Elastic, and JPMorgan. Learn more at https://crestvale.io

Transcript

SPEAKER_00 0:00

Advanced AI is getting more powerful and at the same time less private. The trade-off is no longer subtle. If you want access, you accept visibility into how you use it. This is the Crestvale Newsroom Daily Podcast. Anthropic just drew a clear line in the sand for how Frontier AI will be delivered. You can now access its highest capability class through a model called Claude Fable 5, but that access comes with strict conditions. The most important one is mandatory 30-day traffic retention. That means every interaction is logged, even for enterprise users who previously negotiated zero retention. This is not a temporary setting. It is part of the contract. Anthropic is also introducing tiered access based on trust, not just payment. The most capable models are reserved for vetted partners while everyone else gets a restricted version. And there is another layer, runtime guardrails. If you are working in high-risk domains like cybersecurity, the model can automatically downgrade its own capability. That limits what it will help you do, even if your use case is legitimate. So you are not just buying compute. You are operating inside a governed system. Here is why this matters. Frontier AI is consolidating into a small number of providers, and those providers are setting the rules. Data visibility is becoming a requirement, not an option. If you plan to use these models in security workflows, you now have a hard decision to make. How much control are you willing to give up for capability? Because this is the direction of travel. More power, tighter oversight, and less flexibility at the edges. Now, Apple is pushing identity in a different direction, but with a similar theme. It is turning password rotation into a one-tap action handled by an AI agent. When a compromised password is detected, Safari and the default passwords app can log in, navigate the site, and change the credential automatically. No user workflow, no manual steps. This is not entirely new, but Apple is embedding it at the platform level. That distribution changes everything. The real shift is from detection to remediation. Instead of telling users to fix problems, the system fixes them. That sounds simple, it is not. Most identity systems assume a human is in the loop. They expect friction, they expect delays. If your app breaks when passwords are rotated automatically, or flags it as suspicious behavior, you are going to see real issues as this rolls out. Credentials are becoming machine managed, and that means your identity controls need to handle software acting on behalf of users, not just the users themselves. Meanwhile, the Cybersecurity and Infrastructure Security Agency is rewriting how vulnerability management is supposed to work. A new directive is moving federal agencies away from patch everything immediately. Instead, the focus is on real risk. That means prioritizing Internet exposed systems, known exploited vulnerabilities, and attacks that can be automated. It also means getting specific about what actually matters. Not broad labels, but individual systems and their impact. This is a shift away from volume and toward precision. And it will not stay inside government. Boards and regulators tend to follow this kind of guidance. If your program still treats every high severity score the same, you are spending effort in the wrong places, and you are likely missing the vulnerabilities that actually get exploited. D-TEX is taking aim at a different gap. Not visibility, but intent. Most tools can tell you what happened. Prompts, actions, logs, that is no longer enough. D-TEX is trying to answer whether an action should have happened. It maps both human and AI-driven activity, then builds a picture of intent by correlating prompts, responses, and downstream effects. That matters because AI agents can operate within their permissions and still create risk. They can expose data without breaking any explicit rule. If your controls stop at activity logging, those actions look valid. Intent level analysis is trying to catch that earlier, before it becomes an incident. As agents get real access to systems, this becomes a core control problem, not an edge case. Here is what else is worth knowing today. Checkpoint is dealing with an actively exploited VPN authentication bypass that lets attackers skip passwords entirely. Older protocols are turning into direct entry points. Google pushed a patch for a Chrome V80 Day, already exploited in the wild. Browser level execution is still one of the fastest paths from phishing to full compromise. DataMiner is expanding distribution of its AI-driven threat intelligence through a major channel partner. External signals are being pulled closer to internal detection workflows. Elastic is moving incident response toward pre-computed analysis at alert time. The goal is to shift teams from investigation to validation. JP Morgan is preparing long-running autonomous agents for production. Non-human identity is about to become a frontline security concern. Before we close out, here is a quick look at where markets landed. Equities closed lower in the previous session, with both SPY and QQ pulling back together. The 10-year yield also moved down, easing from recent levels. In commodities and digital assets, it was broadly weaker. Bitcoin declined, and both gold and oil finished the session lower as well. Here is the takeaway. If you are adopting AI or automation, assume you are also adopting the vendor's control model and design your security around that from day one. Tomorrow we are watching how vendors start standardizing identity and audit controls for autonomous agents in production environments. If this was useful, follow the Crestvale Newsroom Daily Podcast so you don't miss it. Thanks for listening.