Observability, Usage & Analytics

Vertex AI Tamper-Proof Log Sharing with Anthropic for Advanced AI Models

Vertex AI's most capable Claude models come with an unusual observability feature: the option to share your request and response logs directly with Anthropic's trust-and-safety team, in real time, in a form neither side can quietly edit.

Claude 3P 101 · Updated July 2026 · Unofficial guide

Most logging features exist so you can see what your application did. Vertex AI's tamper-proof log sharing is different: it exists so the model provider can see it. For a specific set of Anthropic's most advanced models, Google Cloud lets you opt in to sharing request-response logs "in a tamper-proof manner" with the partner's trust-and-safety team. If your organization is deploying frontier-class models under Anthropic's Advanced AI terms, this is a setting your security and legal teams will want to understand before anyone flips it on.

What it is, and which models it covers

Tamper-proof log sharing is a Vertex AI feature for what Google calls Advanced AI models from Model-as-a-Service (MaaS) partners. For Anthropic, the documented supported models are Claude Mythos Preview, Claude Mythos 5, and Claude Fable 5 on Google Cloud. Use of Anthropic Advanced AI on Vertex is governed by Section F of Anthropic's Service Specific Terms, and the feature itself is in Preview.

The purpose is safety oversight: while sharing is active, logged requests and responses from your project are shared with Anthropic's trust-and-safety team in real time. "Tamper-proof" is the operative word — the mechanism is designed so the log stream cannot be selectively altered after the fact, which is what makes it useful as a safety-monitoring channel rather than an ordinary export.

How you turn it on: dataSharingEnabledProvider

Sharing is configured through the same setPublisherModelConfig REST surface used for Vertex's BigQuery request-response logging, via a field called dataSharingEnabledProvider inside publisherModelConfig:

One nuance catches almost everyone: this is separate from BigQuery request-response logging. You do not need BigQuery logging enabled — no dataset, no table, no sampling rate — for sharing to work. Google documents explicitly that BigQuery request-response logging "does not need to be enabled" for the tamper-proof sharing pathway to function. The two features share a configuration API and both deal in request-response logs, but they are independent switches with independent destinations: one writes to a BigQuery table you own, the other streams to Anthropic.

Rule of thumb: treat loggingConfig and dataSharingEnabledProvider as two different decisions with two different reviewers. BigQuery logging is a data-engineering decision. Data sharing with a model provider is a legal and security decision.

The consent prerequisite: the Advanced AI Safety Addendum

Before sharing can be enabled, your organization must consent to the Advanced AI Safety Addendum. This is not a click-through inside the API call — it is a documented prerequisite, and it frames what the sharing actually is: a contractual safety arrangement, not a telemetry checkbox. Prompts and completions are sensitive data (they can contain customer records, source code, or anything else your application handles), so consenting to real-time sharing with a third party deserves the same review you would give any data-processing agreement. Our companion article on prompt-log content privacy covers the broader hygiene questions; confirm the specifics of the addendum with Google Cloud and Anthropic rather than relying on any summary, including this one.

VPC Service Controls blocks sharing by default

If your Vertex project sits inside a VPC Service Controls perimeter — as many regulated enterprises' projects do — there is a hard interaction to know about: VPC-SC-protected projects are prevented from sharing logs by default, and configuring an egress rule to permit it is not supported. That combination is unusual. Normally VPC-SC blocks an egress path and you punch a deliberate hole with an egress rule; here, the documented path is different — enabling sharing from a VPC-SC-protected project requires opening a support case with Google Cloud.

This is arguably the right design for a safety feature: a data flow out of a security perimeter to an external party should be an explicit, human-reviewed exception rather than a self-service rule. But it means your rollout plan for Fable 5 or Mythos-class models on Vertex needs to account for support-case lead time if your projects are perimeter-protected.

What this means in practice

A reasonable checklist before enabling sharing:

Where to go next

For the logs you keep for yourself, see the BigQuery log schema for Vertex request-response logging and the pre-built model observability dashboard. The platform overview places Vertex among the four 3P routes to Claude.

Sources