Highlights
Unlike traditional software, AI systems generate complex data trails across prompts, outputs, logs, metadata and multiple vendors, making it difficult for enterprises to track where data goes, how long it is retained and who is responsible for it.
Microsoft’s decision to restrict employee use of Anthropic’s latest model while reviewing the policy underscores how AI procurement decisions are increasingly driven by new considerations.
As AI becomes embedded in financial, legal and operational workflows, companies are demanding greater transparency around retention periods, deletion rights, auditability, portability and contractual accountability from AI vendors.
Artificial intelligence has transformed everything about enterprise software. That’s not hyperbole.
Complete the form to unlock this article and enjoy unlimited free access to all PYMNTS content — no additional logins required.
yesSubscribe to our daily newsletter, PYMNTS Today.
By completing this form, you agree to receive marketing communications from PYMNTS and to the sharing of your information with our sponsor, if applicable, in accordance with our Privacy Policy and Terms and Conditions.
Microsoft’s decision to restrict employee access to Anthropic’s Claude Fable 5 while its legal teams review updated data retention policies is a reminder that enterprise AI adoption comes with fine print, and “everything” truly means “everything.”
Traditional enterprise software generated records that organizations generally understand. Financial systems created auditable transaction logs. Email platforms maintained archives subject to retention schedules. Customer relationship management (CRM) systems operated within established governance structures.
By contrast, every interaction with an AI model generates complex chains of data custody that extend beyond conventional software arrangements to span prompts, outputs, metadata, system logs, usage records and potential traces that are used for performance monitoring, security analysis or model improvement. In many cases, organizations are deploying AI capabilities through multiple vendors simultaneously.
While much of the public conversation around AI governance has focused on model accuracy, bias, intellectual property and cybersecurity, an equally consequential question is emerging inside the C-suite and the chief financial officer’s office. What exactly happens to the data flowing through enterprise AI systems, how long is it retained, and what liabilities does that create?
In its Tuesday (June 9) announcement of the release of the model, Anthropic said it introduced a new 30-day data retention policy for Claude Fable 5 and other models with similar or higher levels of capability. The policy applies to both first- and third-party surfaces, and the company will ensure the data’s deletion after 30 days in “almost all cases.”
Advertisement: Scroll to Continue
Read also: Good CFOs Automate but Great CFOs Anticipate
The embrace of enterprise AI is resulting in a governance environment that is harder to map. A simple employee interaction with an enterprise AI assistant can involve sensitive financial forecasts, legal analysis, strategic planning documents, customer information or intellectual property. Depending on system configurations and contractual arrangements, portions of that information may be logged, retained, archived, replicated across environments or incorporated into monitoring systems.
The challenge is that many organizations have not yet developed retention policies that account for these new data flows. Many organizations assume existing vendor risk management programs adequately address AI governance. That assumption may prove flawed as their focus on security controls, privacy protections, certifications and operational resilience can often fail to fully address retention-related questions unique to AI environments.
The complexity increases when multiple vendors participate in delivering AI capabilities. Data may move across cloud providers, foundation model developers, application providers and monitoring platforms. Determining responsibility for retention practices can become difficult, particularly when contractual language has not kept pace with technological realities.
See also: Two Years Ago vs. Today: CFOs and the ERP Shift
The enterprise AI marketplace is moving fast. On Wednesday (June 10), Visa and OpenAI partnered to make it easier for developers and merchants to accept Visa payments initiated by AI agents. The partnership will also enable Visa and OpenAI to explore enterprise applications, including developer-focused ones powered by OpenAI’s coding agent, Codex, as well as additional automated and conversational workflows.
Also on Wednesday, financial operations platform Ramp introduced its Ramp Applied AI Solutions offering, designed to help larger enterprises deploy AI agents for complex financial workflows.
PYMNTS Intelligence’s April The Enterprise AI Benchmark Report” showed that 71% of executives at companies with at least $1 billion in annual revenue said organizational readiness is the chief limitation on AI performance. Only 11% said they think AI technology itself is the primary barrier.
Read also: Telecom’s 5G Hangover Mirrors the Modernization Fatigue Facing CFOs
As generative AI becomes embedded in core business processes, retention policies are likely to become as important as model performance, pricing or productivity gains. The conversation is shifting from what AI systems can do to how they manage the information entrusted to them.
“[Data] can no longer sit in silos,” Chris Trainor, head of platform strategy and innovation at Paymentus, told PYMNTS in April. “It needs to be connected.”
“Winning the data game is not about collecting more data,” he added, “… it’s about controlling … context and execution.”
That requires a different set of questions during procurement and vendor reviews:
Organizations should also push vendors for greater transparency. Contract negotiations need to address retention periods, deletion rights, audit capabilities, backup procedures, litigation hold support and data portability. Enterprises need assurance that AI providers can support the governance obligations their customers face.
As FIS Head of Product Management, Payment Networks Mladen Vladic wrote in a new PYMNTS eBook, “AI Runs Payments. Governance Decides What Happens Next,” integration is key to ensuring effective AI governance.
For all PYMNTS AI coverage, subscribe to the daily AI Newsletter.
Anthropic’s 30-Day Data Policy Exposes Enterprise AI Governance Gaps
Banks Test Monthly Subscriptions to Make Fee Income Stick
Nvidia Accelerates Healthcare AI Race With Transcription Model
OpenAI Weighs Price Cuts as Competition With Anthropic Takes Shape
Get PYMNTS Today, AI, B2B and more.
We’re always on the lookout for opportunities to partner with innovators and disruptors.
