Events & Conferences
AWS VP of AI and data on computer vision research at Amazon
At this year’s Computer Vision and Pattern Recognition Conference (CVPR) — the premier computer vision conference — Amazon Web Services’ vice president for AI and data, Swami Sivasubramanian, gave a keynote address titled “Computer vision at scale: Driving customer innovation and industry adoption”. What follows is an edited version of that talk.
Amazon has been working on AI for more than 25 years, and that includes our ongoing innovations in computer vision. Computer vision is part of Amazon’s heritage, ethos, and future — and today, we’re using it in many parts of the company.
Computer vision technology helps power our e-commerce recommendations engine on Amazon.com, as well as the customer reviews you see on our product pages. Our Prime Air drones use computer vision and deep learning, and the Amazon Show uses computer vision to streamline customer interactions with Alexa. Every day, more than half a million vision-enabled robots assist with stocking inventory, filling orders, and sorting packages for delivery.
I’d like to take a closer look at a few such applications, starting with Amazon Ads.
Amazon Ads Image Generator
Advertisers often struggle to create visually appealing and effective ads, especially when it comes to generating multiple variations and optimizing for different placements and audiences. That’s why we developed an AI-powered image generation tool called Amazon Ads Image Generator.
With this tool, advertisers can input product images, logos, and text prompts, and an AI model will generate multiple versions of visually appealing ads tailored to their brands and messaging. The tool aims to simplify and streamline the ad creation process for advertisers, allowing them to produce engaging visuals more efficiently and cost effectively.
To build the Image Generator, we used both Amazon machine learning services such as Amazon SageMaker and Amazon SageMaker Jumpstart and human-in-the-loop workflows that ensure high-quality and appropriate images. The architecture consists of modular microservices and separate components for model development, registry, model lifecycle management, selecting the appropriate model, and tracking the job throughout the service, as well as a customer-facing API.
Amazon One
In the retail setting, we’re reimagining identification, entry, and payment with Amazon One, a fast, convenient, and contactless experience that lets customers leave their wallets — and even their phones — at home. Instead, they can use the palms of their hands to enter a facility, identify themselves, pay, present loyalty cards or event tickets, and even verify their ages.
Amazon One is able to recognize the unique lines, grooves, and ridges of your palm and the pattern of veins just under the skin using infrared light. At registration, proprietary algorithms capture and encrypt your palm image within seconds. The Amazon One device uses this information to create your palm signature and connect it to your credit card or your Amazon account.
To ensure Amazon One’s accuracy, we trained it on millions of synthetically generated images with subtle variations, such as illumination conditions and hand poses. We also trained our system to detect fake hands, such as a highly detailed silicon hand replica, and reject them.
Protecting customer data and safeguarding privacy are foundational design principles with Amazon One. Palm images are never stored on-device. Rather, the images are immediately encrypted and sent to a highly secure zone in the Amazon Web Services (AWS) cloud, custom-built for Amazon One, where the customer’s palm signature is created.
Customers like Crunch Fitness are taking advantage of Amazon One and features like the membership linking capability, which addresses a traditional pain point for both customers and the fitness industry. Crunch Fitness announced that it was the first fitness brand to introduce Amazon One as an entry option for its members at select locations nationwide.
NFL Next Gen Stats
Twenty-five years ago, the height of innovation in NFL broadcasts was the superimposition of a yellow line on the field to mark the first-down distance. These types of on-screen fan experiences have come a long way since then, thanks in large part to AI and machine learning (ML) technologies.
For example, as part of our ongoing partnership with the NFL, we’re delivering Prime Vision with Next Gen Stats during Thursday Night Football to provide insights gleaned by tracking RFID chips embedded in players’ shoulder pads.
One of our most recent innovations is the Defensive Alerts feature shown below, which tracks the movements of defensive players before the snap and uses an ML model to identify “players of interest” most likely to rush the quarterback (circled in red). This unique capability came out of a collaboration between the Thursday Night Football producers, engineers, and our computer vision team.
In recent months, Amazon Science has profiled a range of other Amazon computer vision projects, from Project P.I., a fulfillment center technology that uses generative AI and computer vision to help spot, isolate, and remove imperfect products before they’re delivered to customers, to Virtual Try-All, which enables customers to visualize any product in any personal setting.
But for now, I’d like to turn from Amazon products and services that rely on computer vision to the ways in which AWS puts computer vision technologies directly into our customers’ hands.
The AWS ML stack
At AWS, our mission is to make it easy for every developer, data scientist, and researcher to build intelligent applications and leverage AI-enabled services that unlock new value from their data. We do this with the industry’s most comprehensive set of ML tools, which we think of as constituting a three-layer stack.
At the top of the stack are applications that rely on large language models (LLMs), like Amazon Q, our generative-AI-powered assistant for accelerating software development and helping customers extract useful information from their data.
At the middle layer, we offer a wide variety of services that enable developers to build powerful AI applications, from our computer vision services and devices to Amazon Bedrock, a secure and easy way to build generative-AI apps with the latest and greatest foundation models and the broadest set of capabilities for security, privacy, and responsible AI.
And at the bottom layer, we provide high-performance, cost-effective infrastructure that is purpose-built for ML.
Let’s look at few examples in more detail, starting with one our most popular vision services: Amazon Rekognition.
Amazon Rekognition
Amazon Rekognition is a fully managed service that uses ML to automatically extract information from images and video files so that customers can build computer vision models and apps more quickly, at lower cost, and with customization for different business needs.
This includes support for a variety of use cases, from content moderation, which enables the detection of unsafe or inappropriate content across images and videos, to custom labels that enable customers to detect objects like brand logos. And most recently we introduced an anti-spoofing feature to help customers verify that only real users, and not spoofs or bad actors, can access their services.
Amazon Textract
Amazon Textract uses optical character recognition to convert images or text — whether from a scanned document, PDF, or a photo of a document — into machine-encoded text. But it goes beyond traditional OCR technology by not only identifying each character, word, and letter but also the contents of fields in forms and information stored in tables.
For example, when presented with queries like the ones below, Textract can create specialized response objects by leveraging a combination of visual, spatial, and language cues. Each object assigns its query a short label, or “alias”. It then provides an answer to the query, the confidence it has in that answer, and the location of the answer on the page.
Amazon Bedrock
Finally, let’s look at how we’re enabling computer vision technologies with Amazon Bedrock, a fully managed service that makes it easy for customers to build and scale generative-AI applications. Tens of thousands of customers have already selected Amazon Bedrock as the foundation for their generative-AI strategies because it gives them access to the broadest selection of first- and third-party LLMs and foundation models. This includes models from AI21 Labs, Anthropic, Cohere, Meta, Mistral AI, and Stability AI, as well as our own Titan family of models.
One of those models is the Titan Image Generator, which enables customers to produce high-quality, realistic images or enhance existing images using natural-language prompts. Amazon Science reported on the Titan Image Generator when we launched it last year at our re:Invent conference.
Responsible AI
We remain committed to the responsible development and deployment of AI technology, around which we made a series of voluntary commitments at the White House last year. To that end, we’ve launched new features and techniques such as invisible watermarks and a new method for assessing “hallucinations” in generative models.
By default, all Titan-generated images contain invisible watermarks, which are designed to help reduce the spread of misinformation by providing a discreet mechanism for identifying AI-generated images. AWS is among the first model providers to widely release built-in invisible watermarks that are integrated into the image outputs and are designed to be tamper-resistant.
Hallucination occurs when the data generated by a generative model do not align with reality, as represented by a knowledge base of “facts”. The alignment between representation and fact is referred to as grounding. In the case of vision-language models, the knowledge base to which generated text must align is the evidence provided in images. There is a considerable amount of work ongoing at Amazon on visual grounding, some of which was presented at CVPR.
One of the necessary elements of controlling hallucinations is to be able to measure them. Consider, for example, the following image-prompt pair and the output generated by a vision-language (VL) model. If the model extends its output with the highest-probability next word, it will hallucinate a fridge where the image includes none:
Existing datasets for evaluating hallucinations typically consist of specific questions like “Is there a refrigerator in this image?” But at CVPR, our team presented a paper describing a new benchmark called THRONE, which leverages LLMs themselves to evaluate hallucinations in response to free-form, open-ended prompts such as “Describe what you see”.
In other work, AWS researchers have found that one of the reasons modern transformer-based vision-language models hallucinate is that they cannot retain information about the input image prompt: they progressively “forget” it as more tokens are generated and longer contexts used.
Recently, state space models have resurfaced ideas from the ’70s in a modern key, stacking dynamical models into modular architectures that have arbitrarily long memory residing in their state. But that memory — much like human memory — grows lossier over time, so it cannot be used effectively for grounding. Hybrid models that combine state space models and attention-based networks (such as transformers) are also gaining popularity, given their high recall capabilities over longer contexts. Literally every week, a growing number of variants appear in the literature.
At Amazon, we want to not only make the existing models available for builders to use but also empower researchers to explore and expand the current set of hybrid models. For this reason, we plan to open-source a class of modular hybrid architectures that are designed to make both memory and inference computation more efficient.
To enable efficient memory, these architectures use a more general elementary module that seamlessly integrates both eidetic (exact) and fading (lossy) memory, so the model can learn the optimal tradeoff. To make inference more efficient, we optimize core modules to run on the most efficient hardware — specifically, AWS Trainium, our purpose-built chip for training machine learning models.
It’s an exciting time for AI research, with innovations emerging at a breakneck pace. Amazon is committed to making those innovations available to our customers, both indirectly, in the AI-enabled products and services we offer, and directly, through AWS’s commitment to democratize AI.
Have you ever worked is legacy code? Are you curious what it takes to modernize systems at a massive scale?
Pascal Hartig is joined on the latest Meta Tech Podcast by Elaine and Buping, two software engineers working on a bold project to rewrite the decades-old C code in one of Meta’s core messaging libraries in Rust. It’s an ambitious effort that will transform a central messaging library that is shared across Messenger, Facebook, Instagram, and Meta’s AR/VR platforms.
They discuss taking on a project of this scope – even without a background in Rust, how they’re approaching it, and what it means to optimize for ‘developer happiness.’
Download or listen to the episode below:
You can also find the episode wherever you get your podcasts, including:
The Meta Tech Podcast is a podcast, brought to you by Meta, where we highlight the work Meta’s engineers are doing at every level – from low-level frameworks to end-user features.
Send us feedback on Instagram, Threads, or X.
And if you’re interested in learning more about career opportunities at Meta visit the Meta Careers page.
Amazon Research Awards (ARA) provides unrestricted funds and AWS Promotional Credits to academic researchers investigating various research topics in multiple disciplines. This cycle, ARA received many excellent research proposals from across the world and today is publicly announcing 73 award recipients who represent 46 universities in 10 countries.
This announcement includes awards funded under five call for proposals during the fall 2024 cycle: AI for Information Security, Automated Reasoning, AWS AI, AWS Cryptography, and Sustainability. Proposals were reviewed for the quality of their scientific content and their potential to impact both the research community and society. Additionally, Amazon encourages the publication of research results, presentations of research at Amazon offices worldwide, and the release of related code under open-source licenses.
Recipients have access to more than 700 Amazon public datasets and can utilize AWS AI/ML services and tools through their AWS Promotional Credits. Recipients also are assigned an Amazon research contact who offers consultation and advice, along with opportunities to participate in Amazon events and training sessions.
“Automated Reasoning is an important area of research for Amazon, with potential applications across various features and applications to help improve security, reliability, and performance for our customers. Through the ARA program, we collaborate with leading academic researchers to explore challenges in this field,” said Robert Jones, senior principal scientist with the Cloud Automated Reasoning Group. “We were again impressed by the exceptional response to our Automated Reasoning call for proposals this year, receiving numerous high-quality submissions. Congratulations to the recipients! We’re excited to support their work and partner with them as they develop new science and technology in this important area.”
“At Amazon, we believe that solving the world’s toughest sustainability challenges benefits from both breakthrough scientific research and open and bold collaboration. Through programs like the Amazon Research Awards program, we aim to support academic research that could contribute to our understanding of these complex issues,” said Kommy Weldemariam, Director of Science and Innovation Sustainability. “The selected proposals represent innovative projects that we hope will help advance knowledge in this field, potentially benefiting customers, communities, and the environment.”
ARA funds proposals throughout the year in a variety of research areas. Applicants are encouraged to visit the ARA call for proposals page for more information or send an email to be notified of future open calls.
The tables below list, in alphabetical order by last name, fall 2024 cycle call-for-proposal recipients, sorted by research area.
AI for Information Security
| Recipient | University | Research title |
| Christopher Amato | Northeastern University | Multi-Agent Reinforcement Learning Cyber Defense for Securing Cloud Computing Platforms |
| Bernd Bischl | Ludwig Maximilian University of Munich | Improving Generative and Foundation Models Reliability via Uncertainty-awareness |
| Shiqing Ma | University Of Massachusetts Amherst | LLM and Domain Adaptation for Attack Detection |
| Alina Oprea | Northeastern University | Multi-Agent Reinforcement Learning Cyber Defense for Securing Cloud Computing Platforms |
| Roberto Perdisci | University of Georgia | ContextADBench: A Comprehensive Benchmark Suite for Contextual Anomaly Detection |
Automated Reasoning
| Recipient | University | Research title |
| Nada Amin | Harvard University | LLM-Augmented Semi-Automated Proofs for Interactive Verification |
| Suguman Bansal | Georgia Institute of Technology | Certified Inductive Generalization in Reinforcement Learning |
| Ioana Boureanu | University of Surrey | Phoebe+: An Automated-Reasoning Tool for Provable Privacy in Cryptographic Systems |
| Omar Haider Chowdhury | Stony Brook University | Restricter: An Automatic Tool for Authoring Amazon Cedar Access Control Policies with the Principle of Least Privilege |
| Stefan Ciobaca | Alexandru Ioan Cuza University | An Interactive Proof Mode for Dafny |
| João Ferreira | INESC-ID | Polyglot Automated Program Repair for Infrastructure as Code |
| Sicun Gao | University Of California, San Diego | Monte Carlo Trees with Conflict Models for Proof Search |
| Mirco Giacobbe | University of Birmingham | Neural Software Verification |
| Tobias Grosser | University of Cambridge | Synthesis-based Symbolic BitVector Simplification for Lean |
| Ronghui Gu | Columbia University | Scaling Formal Verification of Security Properties for Unmodified System Software |
| Alexey Ignatiev | Monash University | Huub: Next-Gen Lazy Clause Generation |
| Kenneth McMillan | University of Texas At Austin | Synthesis of Auxiliary Variables and Invariants for Distributed Protocol Verification |
| Alexandra Mendes | University of Porto | Overcoming Barriers to the Adoption of Verification-Aware Languages |
| Jason Nieh | Columbia University | Scaling Formal Verification of Security Properties for Unmodified System Software |
| Rohan Padhye | Carnegie Mellon University | Automated Synthesis and Evaluation of Property-Based Tests |
| Nadia Polikarpova | University Of California, San Diego | Discovering and Proving Critical System Properties with LLMs |
| Fortunat Rajaona | University of Surrey | Phoebe+: An Automated-Reasoning Tool for Provable Privacy in Cryptographic Systems |
| Subhajit Roy | Indian Institute of Technology Kanpur | Theorem Proving Modulo LLM |
| Gagandeep Singh | University of Illinois At Urbana–Champaign | Trustworthy LLM Systems using Formal Contracts |
| Scott Stoller | Stony Brook University | Restricter: An Automatic Tool for Authoring Amazon Cedar Access Control Policies with the Principle of Least Privilege |
| Peter Stuckey | Monash University | Huub: Next-Gen Lazy Clause Generation |
| Yulei Sui | University of New South Wales | Path-Sensitive Typestate Analysis through Sparse Abstract Execution |
| Nikos Vasilakis | Brown University | Semantics-Driven Static Analysis for the Unix/Linux Shell |
| Ping Wang | Stevens Institute of Technology | Leveraging Large Language Models for Reasoning Augmented Searching on Domain-specific NoSQL Database |
| John Wawrzynek | University of California, Berkeley | GPU-Accelerated High-Throughput SAT Sampling |
AWS AI
| Recipient | University | Research title |
| Panagiotis Adamopoulos | Emory University | Generative AI solutions for The Spillover Effect of Fraudulent Reviews on Product Recommendations |
| Vikram Adve | University of Illinois at Urbana–Champaign | Fellini: Differentiable ML Compiler for Full-Graph Optimization for LLM Models |
| Frances Arnold | California Institute of Technology | Closed-loop Generative Machine Learning for De Novo Enzyme Discovery and Optimization |
| Yonatan Bisk | Carnegie Mellon University | Useful, Safe, and Robust Multiturn Interactions with LLMs |
| Shiyu Chang | University of California, Santa Barbara | Cut the Crap: Advancing the Efficient Communication of Multi-Agent Systems via Spatial-Temporal Topology Design and KV Cache Sharing |
| Yuxin Chen | University of Pennsylvania | Provable Acceleration of Diffusion Models for Modern Generative AI |
| Tianlong Chen | University of North Carolina at Chapel Hill | Cut the Crap: Advancing the Efficient Communication of Multi-Agent Systems via Spatial-Temporal Topology Design and KV Cache Sharing |
| Mingyu Ding | University of North Carolina at Chapel Hill | Aligning Long Videos and Language as Long-Horizon World Models |
| Nikhil Garg | Cornell University | Market Design for Responsible Multi-agent LLMs |
| Jessica Hullman | Northwestern University | Human-Aligned Uncertainty Quantification in High Dimensions |
| Christopher Jermaine | Rice University | Fast, Trusted AI Using the EINSUMMABLE Compiler |
| Yunzhu Li | Columbia University | Physics-Informed Foundation Models Through Embodied Interactions |
| Pattie Maes | Massachusetts Institute of Technology | Understanding How LLM Agents Deviate from Human Choices |
| Sasa Misailovic | University of Illinois at Urbana–Champaign | Fellini: Differentiable ML Compiler for Full-Graph Optimization for LLM Models |
| Kristina Monakhova | Cornell University | Trustworthy extreme imaging for science using interpretable uncertainty quantification |
| Todd Mowry | Carnegie Mellon University | Efficient LLM Serving on Trainium via Kernel Generation |
| Min-hwan Oh | Seoul National University | Mutually Beneficial Interplay Between Selection Fairness and Context Diversity in Contextual Bandits |
| Patrick Rebeschini | University of Oxford | Optimal Regularization for LLM Alignment |
| Jose Renau | University of California, Santa Cruz | Verification Constrained Hardware Optimization using Intelligent Design Agentic Programming |
| Vilma Todri | Emory University | Generative AI solutions for The Spillover Effect of Fraudulent Reviews on Product Recommendations |
| Aravindan Vijayaraghavan | Northwestern University | Human-Aligned Uncertainty Quantification in High Dimensions |
| Wei Yang | University of Texas at Dallas | Optimizing RISC-V Compilers with RISC-LLM and Syntax Parsing |
| Huaxiu Yao | University of North Carolina at Chapel Hill | Aligning Long Videos and Language as Long-Horizon World Models |
| Amy Zhang | University of Washington | Tools for Governing AI Agent Autonomy |
| Ruqi Zhang | Purdue University | Efficient Test-time Alignment for Large Language Models and Large Multimodal Models |
| Zheng Zhang | Rutgers University-New Brunswick | AlphaQC: An AI-powered Quantum Circuit Optimizer and Denoiser |
AWS Cryptography
| Recipient | University | Research title |
| Alexandra Boldyreva | Georgia Institute of Technology | Quantifying Information Leakage in Searchable Encryption Protocols |
| Maria Eichlseder | Graz University of Technology, Austria | SALAD – Systematic Analysis of Lightweight Ascon-based Designs |
| Venkatesan Guruswami | University of California, Berkeley | Obfuscation, Proof Systems, and Secure Computation: A Research Program on Cryptography at the Simons Institute for the Theory of Computing |
| Joseph Jaeger | Georgia Institute of Technology | Analyzing Chat Encryption for Group Messaging |
| Aayush Jain | Carnegie Mellon | Large Scale Multiparty Silent Preprocessing for MPC from LPN |
| Huijia Lin | University of Washington | Large Scale Multiparty Silent Preprocessing for MPC from LPN |
| Hamed Nemati | KTH Royal Institute of Technology | Trustworthy Automatic Verification of Side-Channel Countermeasures for Binary Cryptographic Programs using the HoIBA libary |
| Karl Palmskog | KTH Royal Institute of Technology | Trustworthy Automatic Verification of Side-Channel Countermeasures for Binary Cryptographic Programs using the HoIBA libary |
| Chris Peikert | University of Michigan, Ann Arbor | Practical Third-Generation FHE and Bootstrapping |
| Dimitrios Skarlatos | Carnegie Mellon University | Scale-Out FHE LLMs on GPUs |
| Vinod Vaikuntanathan | Massachusetts Institute of Technology | Can Quantum Computers (Really) Factor? |
| Daniel Wichs | Northeastern University | Obfuscation, Proof Systems, and Secure Computation: A Research Program on Cryptography at the Simons Institute for the Theory of Computing |
| David Wu | University Of Texas At Austin | Fast Private Information Retrieval and More using Homomorphic Encryption |
Sustainability
| Recipient | University | Research title |
| Meeyoung Cha | Max Planck Institute | Forest-Blossom (Flossom): A New Framework for Sustaining Forest Biodiversity Through Outcome-Driven Remote Sensing Monitoring |
| Jingrui He | University of Illinois at Urbana–Champaign | Foundation Model Enabled Earth’s Ecosystem Monitoring |
| Pedro Lopes | University of Chicago | AI-powered Tools that Enable Engineers to Make & Re-make Sustainable Hardware |
| Cheng Yaw Low | Max Planck Institute | Forest-Blossom (Flossom): A New Framework for Sustaining Forest Biodiversity Through Outcome-Driven Remote Sensing Monitoring |
AI safety is a priority at Amazon. Our investment in safe, transparent, and responsible AI (RAI) includes collaboration with the global community and policymakers. We are members of and collaborate with organizations such as the Frontier Model Forum, the Partnership on AI, and other forums organized by government agencies such as the National Institute of Standards and Technology (NIST). Consistent with Amazon’s endorsement of the Korea Frontier AI Safety Commitments, we published our Frontier Model Safety Framework earlier this year.
During the development of the Nova Premier model, we conducted a comprehensive evaluation to assess its performance and safety. This included testing on both internal and public benchmarks and internal/automated and third-party red-teaming exercises. Once the final model was ready, we prioritized obtaining unbiased, third-party evaluations of the model’s robustness against RAI controls. In this post, we outline the key findings from these evaluations, demonstrating the strength of our testing approach and Amazon Premier’s standing as a safe model. Specifically, we cover our evaluations with two third-party evaluators: PRISM AI and ActiveFence.
Evaluation of Nova Premier against PRISM AI
PRISM Eval’s Behavior Elicitation Tool (BET) dynamically and systematically stress-tests AI models’ safety guardrails. The methodology focuses on measuring how many adversarial attempts (steps) it takes to get a model to generate harmful content across several key risk dimensions. The central metric is “steps to elicit” — the number of increasingly sophisticated prompting attempts required before a model generates an inappropriate response. A higher number of steps indicates stronger safety measures, as the model is more resistant to manipulation. The PRISM risk dimensions (inspired by the MLCommons AI Safety Benchmarks) include CBRNE weapons, violent crimes, non-violent crimes, defamation, and hate, amongst several others.
Using the BET Eval tool and its V1.0 metric, which is tailored toward non-reasoning models, we compared the recently released Nova models (Pro and Premier) to the latest models in the same class: Claude (3.5 v2 and 3.7 non-reasoning) and Llama4 Maverick, all available through Amazon Bedrock. PRISM BET conducts black-box evaluations (where model developers don’t have access to the test prompts) of models integrated with their API. The evaluation conducted with BET Eval MAX, PRISM’s most comprehensive/aggressive testing suite, revealed significant variations in safety against malicious instructions. Nova models demonstrated superior overall safety performance, with an average of 43 steps for Premier and 52 steps for Pro, compared to 37.7 for Claude 3.5 v2 and fewer than 12 steps for other models in the comparison set (namely, 9.9 for Claude3.7, 11.5 for Claude 3.7 thinking, and 6.5 for Maverick). This higher step count suggests that on average, Nova’s safety guardrails are more sophisticated and harder to circumvent through adversarial prompting. The figure below presents the number of steps per harm category evaluated through BET Eval MAX.
The PRISM evaluation provides valuable insights into the relative safety of different Amazon Bedrock models. Nova’s strong performance, particularly in hate speech and defamation resistance, represents meaningful progress in AI safety. However, the results also highlight the ongoing challenge of building truly robust safety measures into AI systems. As the field continues to evolve, frameworks like BET will play an increasingly important role in benchmarking and improving AI safety. As a part of this collaboration Nicolas Miailhe, CEO of PRISM Eval, said, “It’s incredibly rewarding for us to see Nova outperforming strong baselines using the BET Eval MAX; our aim is to build a long-term partnership toward safer-by-design models and to make BET available to various model providers.” Organizations deploying AI systems should carefully consider these safety metrics when selecting models for their applications.
Manual red teaming with ActiveFence
The AI safety & security company ActiveFence benchmarked Nova Premier on Bedrock on prompts distributed across Amazon’s eight core RAI categories. ActiveFence also evaluated Claude 3.7 (non-reasoning mode) and GPT 4.1 API on the same set. The flag rate on Nova Premier was lower than that on the other two models, indicating that Nova Premier is the safest of the three.
| Model | 3P Flag Rate [↓ is better] |
| Nova Premier | 12.0% |
| Sonnet 3.7 (non-reasoning) | 20.6% |
| GPT4.1 API | 22.4% |
“Our role is to think like an adversary but act in service of safety,” said Guy Paltieli from ActiveFence. “By conducting a blind stress test of Nova Premier under realistic threat scenarios, we helped evaluate its security posture in support of Amazon’s broader responsible-AI goals, ensuring the model could be deployed with greater confidence.”
These evaluations conducted with PRISM and ActiveFence give us confidence in the strength of our guardrails and our ability to protect our customers’ safety when they use our models. While these evaluations demonstrate strong safety performance, we recognize that AI safety is an ongoing challenge requiring continuous improvement. These assessments represent a point-in-time snapshot, and we remain committed to regular testing and enhancement of our safety measures. No AI system can guarantee perfect safety in all scenarios, which is why we maintain monitoring and response systems after deployment.
Acknowledgments: Vincent Ponzo, Elyssa Vincent
-
Funding & Business7 days agoKayak and Expedia race to build AI travel agents that turn social posts into itineraries
-
Jobs & Careers6 days ago
Mumbai-based Perplexity Alternative Has 60k+ Users Without Funding
-
Mergers & Acquisitions6 days ago
Donald Trump suggests US government review subsidies to Elon Musk’s companies
-
Funding & Business6 days ago
Rethinking Venture Capital’s Talent Pipeline
-
Jobs & Careers6 days ago
Why Agentic AI Isn’t Pure Hype (And What Skeptics Aren’t Seeing Yet)
-
Funding & Business4 days ago
Sakana AI’s TreeQuest: Deploy multi-model teams that outperform individual LLMs by 30%
-
Funding & Business7 days agoFrom chatbots to collaborators: How AI agents are reshaping enterprise work
-
Jobs & Careers6 days ago
Astrophel Aerospace Raises ₹6.84 Crore to Build Reusable Launch Vehicle
-
Funding & Business4 days ago
Dust hits $6M ARR helping enterprises build AI agents that actually do stuff instead of just talking
-
Funding & Business6 days ago
Europe’s Most Ambitious Startups Aren’t Becoming Global; They’re Starting That Way
