← All posts
June 14, 2026 · 6 min read

"Trust Us, We'll Delete It Later" Is Not a Privacy Policy

This week's All-In podcast spent a long segment on Anthropic's newest flagship model, and the backlash that followed says more about where AI is heading than the model itself does.

What Happened

Anthropic shipped a new "mythos-class" model with aggressive new guardrails. Buried on page 200+ of a 300-page policy document: the model now retains every prompt and every output you send it for at least 30 days. No exceptions. Even enterprise customers who had signed zero-data-retention agreements don't get a choice, beyond not using the new model at all.

It gets sharper. The model can detect if it thinks you're doing "frontier AI research" (i.e. using it to build a competing model) and quietly downgrade your access, without disclosing that it happened. Developers found out by accident, mid-session.

The hosts didn't hold back: a company that has spent the last year warning everyone about the dangers of government surveillance just built mandatory surveillance into its own product, with no opt-out, and didn't tell anyone until it leaked.

Why This Matters Beyond One Company

The second-order effect, debated live on the show, is the real story. As frontier labs tighten restrictions like this, developers and companies who need serious capability without the surveillance get pushed toward open-source models they can run themselves. Right now, the best open-source models are Chinese. So the restriction doesn't make AI safer. It just moves the capability, and the leverage, somewhere else.

This isn't a one-off PR misstep. It's what happens when "privacy" is implemented as a policy decision sitting on top of an architecture that was never built to need one. Policies can change. They get buried in document 200. They get walked back only after the backlash makes the news.

What Ownership Looks Like as Architecture, Not Policy

ZDrive starts from a different premise: don't promise to handle data responsibly, build a system that structurally cannot do otherwise.

Every conversation on ZDrive is encrypted client-side with AES-256-GCM before it ever leaves your device. Inference runs inside a GPU Trusted Execution Environment (Intel TDX + NVIDIA Hopper), and every response ships with a cryptographic proof of computation, verifiable on-chain via Base. Your documents live permanently on Arweave: yours, not ours, not anyone's training set.

We can't quietly retain your prompts for 30 days. We can't flag you for asking the wrong question. We can't see what you're working on well enough to decide if you're a threat to our roadmap. The architecture doesn't give us that option, by design.

ZDrive: The Comparison

Cloud Frontier AI (typical)ZDrive
Data retentionPolicy-based, can change without noticeClient-side encrypted — operator never sees plaintext
Zero-data-retention contractsCan be overridden by new model termsNot applicable — nothing to retain
Usage monitoringPossible, sometimes undisclosedStructurally impossible inside the TEE
Proof of the claimA policy documentOn-chain attestation per inference
StorageProvider-controlled, can be revokedPermanent on Arweave, owned by you

The Bigger Point

"Trust us, we'll delete it later" is a policy. Policies change, get buried in document 200, and get walked back only after the backlash. Ownership is not a policy. It's a property of the system.

Your prompts, your documents, your thinking: yours. Not stored. Not flagged. Not training anyone else's model.

Try It

zdrive.io. Free to start, no wallet needed. Connect a Base Wallet when you're ready for more.

10 free queries. No account needed. Connect a wallet for 25/day.

Try ZDrive free →