Events & Conferences
“Building a model that can save as many lives as possible”
Sometimes, good luck wears bad luck’s clothing — and that was certainly the case in 2015 for the young electrical and computer engineer Supreeth Shashikumar, when his hunt for a PhD project came up empty. At the Georgia Institute of Technology, no professors were looking for students with his specialty — speech recognition and voice processing.
So Shashikumar decided to cast his net into a different field and came across a visionary mentor in Shamim Nemati, then an assistant professor in the Department of Biomedical Informatics at the Emory University in Atlanta, where he was also leading the Nemati Lab.
Today, Shashikumar and Nemati are continuing their collaboration at the University of California, San Diego (UCSD), and the medical technology they developed together, supported by an Amazon Research Award, is safeguarding and saving the lives of hospital patients. But let’s rewind for a moment.
Back in 2015, when Shashikumar was still stymied in his search, he shifted his focus slightly from speech recognition to the somewhat similar field of biomedical signal processing. The fields overlap in that both are reliant on time series data, such as voice recordings or electrocardiograms.
Shashikumar saw that the Nemati Lab was pioneering the use of time series data held in hospital patients’ electronic health records (EHRs) to develop early-warning systems that can aid clinicians by flagging patients who may be on the verge of sudden deterioration. Shashikumar found that to be a compelling idea, so he reached out to Nemati.
“It was a gamble, but it paid off,” Shashikumar says.
Taking on Shashikumar was an easy decision, says Nemati. “Georgia Tech produces some of the best engineers in the country. Add to that somebody who also enjoys bungee jumping and at the same time is extremely detail-oriented, and you’ll get a 10x engineer with a desire to push himself to the limits.” There they started on a multiyear journey toward the development of clinically actionable predictive models in healthcare. Shashikumar would later move with the Nemati Lab to its current home at UCSD.
The lab’s main focus is the onset of sepsis in hospital emergency departments (EDs), wards, and intensive-care units (ICUs). Sepsis is a sudden and life-threatening condition caused by an infection entering the bloodstream, triggering a catastrophic immune response that can lead to organ failure, septic shock, and death. It is a medical emergency that requires early and aggressive treatment with antibiotics. According to the US-based Sepsis Alliance, for every hour that treatment is delayed, the chance of sepsis moving through severe sepsis to septic shock and death rises by 4%-9%.
ED clinicians are constantly monitoring for signs of sepsis, such as fever and elevated heart rate or respiratory rate. When they suspect sepsis, they order lab tests to look for markers of organ damage. Thus detection, particularly early detection, is crucial.
Shashikumar was drawn to the fact that the Nemati Lab was focused on developing deployable technology. Many researchers take historical time-series patient data from single hospitals and create models to make predictions based on that data, but there is often a chasm between theory and practical deployment, due to the many challenges of working in the healthcare space.
“For us, whenever we pick a project, we are interested in how we can deploy a model into the real world, to do some good by making it clinically actionable,” says Shashikumar. “And, crucially, also make it generalizable.”
This generalizability of medical models is critical if machine learning is to realize its enormous potential benefit to patients.
“Generalizability is about ensuring that your claims about the performance of your model hold in other healthcare system settings,” says Nemati.
For example, say a machine learning model was trained to successfully predict the onset of sepsis in patients in hospital A, using data from that hospital. Could that model then be usefully applied to hospital B with different patient demographics, standards of care, and testing and monitoring procedures? And could it generalize again to hospitals C and D, too? It is an incredibly difficult challenge and one of the reasons for the chasm between research and implementation.
WUPERR
In 2022, in Nature Scientific Reports, Shashikumar and the Nemati team demonstrated that it was indeed possible, with a model called WUPERR (weight uncertainty propagation and episodic representation replay). The model was trained on the EHR data of more than 104,000 patients across four separate healthcare systems. The patient data included over 40 inputs, including ongoing vital signs such as blood pressure and pulse rate, lab test results such as lactate levels in the blood and white blood cell count, patient age, and comorbidities, such as cancer or liver failure.
The model overcame several big scientific and practical hurdles inherent to generalization across multiple hospitals: “catastrophic forgetting” and the necessity of keeping patient data confidential.
Catastrophic forgetting is a common problem with transfer learning. When a predictive model is successfully trained on one hospital (hospital A) and then transferred to the next (hospital B), the process will often involve fine-tuning the model on data from hospital B, as no two hospitals are the same. There’s a risk, however, that the introduction of new hospital B data will lead the model to “forget” what it learned from hospital A’s data.
In theory, one could keep the original model for hospital A and use the fine-tuned model for hospital B, and so on for hospitals C and D. However, not only is this approach impractical, but it also presents a daunting level of regulatory hurdles, according to Shashikumar. Having to deal with a growing number of different models, each of which must meet FDA evaluation and regulation, is simply not scalable.
WUPERR, however, tested a different solution using historical hospital data — a technique called “elastic weight consolidation”. This approach echoes a concept found in cognitive neuroscience, according to Shashikumar.
“There are a bunch of neurons in your brain that are trained in the tasks you’ve learned,” he explains. “When you learn a new, similar task, you build on your previous experience — but you don’t interfere with those neurons. Instead, you teach additional neurons the nuances of the new task.”
With this approach — but with neurons replaced by adjustable model parameters — the team was able to maintain high accuracy in their sepsis predictions across the board with every new hospital added to the pool. By the end, the very accurate sepsis predictions for four hospitals were successfully produced by one model — an important advance.
You may now wonder: How could this model share fiercely protected patient data between separate hospitals? This is the second hurdle that WUPERR overcame, using a technique called “episodic representation replay.” In simple terms, this means that when the model was trained on hospital A’s patient data, that data is passed through a neural network that strips away all patient identifiers and creates a representation of the data that is safe to share. The representations of the data are then shown to the model while training at the next hospital.
“I believe this was the first application of sharing neural-network representations from an older hospital with a new hospital in the context of sepsis prediction,” says Shashikumar.
The result of all this is a single, manageable model that can generalize across a whole set of hospitals, with all the institutions involved benefiting from each other’s patient data while never actually having access to it.
“There is beauty in generalizable knowledge and generalizable models, like a unified theory of everything,” says Nemati.
Things get real
Today the latest iteration of WUPERR is in live action in the ED of a UC San Diego Health hospital, providing clinicians with early warnings about patients predicted to develop sepsis in the next four hours. This version of WUPERR has also been augmented with, among other things, a statistical model that monitors its input data for quality, helping to reduce false alarms.
That’s important because false alarms are a big problem in sepsis detection. The hospital’s previous, less sophisticated system had a high rate of false alarms. Working with clinicians at the hospital, Shashikumar and his colleagues were able to tune WUPERR to predict 60% of all sepsis events. In the closely monitored environment of the ED, clinicians are expected to catch some portion of the sepsis cases with obvious signs and symptoms, and WUPERR provides a second pair of eyes to provide earlier warning and potentially catch additional cases of sepsis. What is critical to the clinicians is that false alarms, and the burdens they entail, remain low. While about half of WUPERR’s predictions were false alarms, that rate is relatively low, given the seriousness of sepsis.
Missed detections are also of great concern and are often attributable to patient complexity, inadequate monitoring, and low availability of data. Here, the team is applying active sensing to make timely recommendations for collecting sepsis-specific biomarkers in high-risk patients. The latest generation of the system combines false-alarm reduction with active sensing to achieve state-of-the-art performance.
The system has been in place for four months, with data collection ongoing. The clinicians in the ED have reported that, on average, the alarm is going off an hour or two earlier than when the doctors would have started to suspect an infection.
“They’re happy with that performance, particularly the lower false-alarm rate. It’s a very good validation of our work,” says Shashikumar. “But we still have a long way to go. In time, we want to extend this to other hospitals, intensive-care units, and hospital wards across the US and the world.”
The scaling up of this life-saving service is made easier by the fact that WUPERR is entirely cloud-based and hosted on Amazon Web Services.
“Using AWS services has been great for us,” says Shashikumar. “Our sepsis software is running in real time in the hospital lab, and that’s mission-critical — it has to be up and running 100% of the time, without fail.” The team makes use of a wide range of AWS services, including autoscaling, load balancing, fault tolerance, and CloudWatch alarms.
Deploying the model in different locations is also greatly simplified. AWS provides HIPAA-compliant infrastructure, which is legally required to protect private health data transmitted to the cloud.
In fact, when the Nemati Lab moved to UC San Diego, they had to decide whether to buy their own in-house servers or move to the cloud. They moved the entirety of their computing services to AWS. “It has been super convenient,” says Shashikumar.
Last year, Nemati’s team, including Shashikumar, co-founded Healcisio, a startup, as part of an effort to commercialize their model and ultimately receive FDA clearance, which will be essential for deploying the system to multiple hospitals in the US and abroad.
Meanwhile, they have great ambitions to improve the model. For now, it is limited to the time series data in EHRs. But the team’s current focus is on multimodal data, including wearable sensors, clinical notes, imaging, and more. They want their model to see everything a clinician has access to when they treat patients — all the contextual information — and additionally address “data deserts” via continuous monitoring of patients and active sensing.
Increasing the sensitivity of the model and reducing its false-alarm rate even further is the ultimate goal.
“At the end of the day, our focus is on building a model that can save as many lives as possible,” Shashikumar said. “I didn’t get into healthcare out of passion, but it has become my passion.”
Have you ever worked is legacy code? Are you curious what it takes to modernize systems at a massive scale?
Pascal Hartig is joined on the latest Meta Tech Podcast by Elaine and Buping, two software engineers working on a bold project to rewrite the decades-old C code in one of Meta’s core messaging libraries in Rust. It’s an ambitious effort that will transform a central messaging library that is shared across Messenger, Facebook, Instagram, and Meta’s AR/VR platforms.
They discuss taking on a project of this scope – even without a background in Rust, how they’re approaching it, and what it means to optimize for ‘developer happiness.’
Download or listen to the episode below:
You can also find the episode wherever you get your podcasts, including:
The Meta Tech Podcast is a podcast, brought to you by Meta, where we highlight the work Meta’s engineers are doing at every level – from low-level frameworks to end-user features.
Send us feedback on Instagram, Threads, or X.
And if you’re interested in learning more about career opportunities at Meta visit the Meta Careers page.
Amazon Research Awards (ARA) provides unrestricted funds and AWS Promotional Credits to academic researchers investigating various research topics in multiple disciplines. This cycle, ARA received many excellent research proposals from across the world and today is publicly announcing 73 award recipients who represent 46 universities in 10 countries.
This announcement includes awards funded under five call for proposals during the fall 2024 cycle: AI for Information Security, Automated Reasoning, AWS AI, AWS Cryptography, and Sustainability. Proposals were reviewed for the quality of their scientific content and their potential to impact both the research community and society. Additionally, Amazon encourages the publication of research results, presentations of research at Amazon offices worldwide, and the release of related code under open-source licenses.
Recipients have access to more than 700 Amazon public datasets and can utilize AWS AI/ML services and tools through their AWS Promotional Credits. Recipients also are assigned an Amazon research contact who offers consultation and advice, along with opportunities to participate in Amazon events and training sessions.
“Automated Reasoning is an important area of research for Amazon, with potential applications across various features and applications to help improve security, reliability, and performance for our customers. Through the ARA program, we collaborate with leading academic researchers to explore challenges in this field,” said Robert Jones, senior principal scientist with the Cloud Automated Reasoning Group. “We were again impressed by the exceptional response to our Automated Reasoning call for proposals this year, receiving numerous high-quality submissions. Congratulations to the recipients! We’re excited to support their work and partner with them as they develop new science and technology in this important area.”
“At Amazon, we believe that solving the world’s toughest sustainability challenges benefits from both breakthrough scientific research and open and bold collaboration. Through programs like the Amazon Research Awards program, we aim to support academic research that could contribute to our understanding of these complex issues,” said Kommy Weldemariam, Director of Science and Innovation Sustainability. “The selected proposals represent innovative projects that we hope will help advance knowledge in this field, potentially benefiting customers, communities, and the environment.”
ARA funds proposals throughout the year in a variety of research areas. Applicants are encouraged to visit the ARA call for proposals page for more information or send an email to be notified of future open calls.
The tables below list, in alphabetical order by last name, fall 2024 cycle call-for-proposal recipients, sorted by research area.
AI for Information Security
| Recipient | University | Research title |
| Christopher Amato | Northeastern University | Multi-Agent Reinforcement Learning Cyber Defense for Securing Cloud Computing Platforms |
| Bernd Bischl | Ludwig Maximilian University of Munich | Improving Generative and Foundation Models Reliability via Uncertainty-awareness |
| Shiqing Ma | University Of Massachusetts Amherst | LLM and Domain Adaptation for Attack Detection |
| Alina Oprea | Northeastern University | Multi-Agent Reinforcement Learning Cyber Defense for Securing Cloud Computing Platforms |
| Roberto Perdisci | University of Georgia | ContextADBench: A Comprehensive Benchmark Suite for Contextual Anomaly Detection |
Automated Reasoning
| Recipient | University | Research title |
| Nada Amin | Harvard University | LLM-Augmented Semi-Automated Proofs for Interactive Verification |
| Suguman Bansal | Georgia Institute of Technology | Certified Inductive Generalization in Reinforcement Learning |
| Ioana Boureanu | University of Surrey | Phoebe+: An Automated-Reasoning Tool for Provable Privacy in Cryptographic Systems |
| Omar Haider Chowdhury | Stony Brook University | Restricter: An Automatic Tool for Authoring Amazon Cedar Access Control Policies with the Principle of Least Privilege |
| Stefan Ciobaca | Alexandru Ioan Cuza University | An Interactive Proof Mode for Dafny |
| João Ferreira | INESC-ID | Polyglot Automated Program Repair for Infrastructure as Code |
| Sicun Gao | University Of California, San Diego | Monte Carlo Trees with Conflict Models for Proof Search |
| Mirco Giacobbe | University of Birmingham | Neural Software Verification |
| Tobias Grosser | University of Cambridge | Synthesis-based Symbolic BitVector Simplification for Lean |
| Ronghui Gu | Columbia University | Scaling Formal Verification of Security Properties for Unmodified System Software |
| Alexey Ignatiev | Monash University | Huub: Next-Gen Lazy Clause Generation |
| Kenneth McMillan | University of Texas At Austin | Synthesis of Auxiliary Variables and Invariants for Distributed Protocol Verification |
| Alexandra Mendes | University of Porto | Overcoming Barriers to the Adoption of Verification-Aware Languages |
| Jason Nieh | Columbia University | Scaling Formal Verification of Security Properties for Unmodified System Software |
| Rohan Padhye | Carnegie Mellon University | Automated Synthesis and Evaluation of Property-Based Tests |
| Nadia Polikarpova | University Of California, San Diego | Discovering and Proving Critical System Properties with LLMs |
| Fortunat Rajaona | University of Surrey | Phoebe+: An Automated-Reasoning Tool for Provable Privacy in Cryptographic Systems |
| Subhajit Roy | Indian Institute of Technology Kanpur | Theorem Proving Modulo LLM |
| Gagandeep Singh | University of Illinois At Urbana–Champaign | Trustworthy LLM Systems using Formal Contracts |
| Scott Stoller | Stony Brook University | Restricter: An Automatic Tool for Authoring Amazon Cedar Access Control Policies with the Principle of Least Privilege |
| Peter Stuckey | Monash University | Huub: Next-Gen Lazy Clause Generation |
| Yulei Sui | University of New South Wales | Path-Sensitive Typestate Analysis through Sparse Abstract Execution |
| Nikos Vasilakis | Brown University | Semantics-Driven Static Analysis for the Unix/Linux Shell |
| Ping Wang | Stevens Institute of Technology | Leveraging Large Language Models for Reasoning Augmented Searching on Domain-specific NoSQL Database |
| John Wawrzynek | University of California, Berkeley | GPU-Accelerated High-Throughput SAT Sampling |
AWS AI
| Recipient | University | Research title |
| Panagiotis Adamopoulos | Emory University | Generative AI solutions for The Spillover Effect of Fraudulent Reviews on Product Recommendations |
| Vikram Adve | University of Illinois at Urbana–Champaign | Fellini: Differentiable ML Compiler for Full-Graph Optimization for LLM Models |
| Frances Arnold | California Institute of Technology | Closed-loop Generative Machine Learning for De Novo Enzyme Discovery and Optimization |
| Yonatan Bisk | Carnegie Mellon University | Useful, Safe, and Robust Multiturn Interactions with LLMs |
| Shiyu Chang | University of California, Santa Barbara | Cut the Crap: Advancing the Efficient Communication of Multi-Agent Systems via Spatial-Temporal Topology Design and KV Cache Sharing |
| Yuxin Chen | University of Pennsylvania | Provable Acceleration of Diffusion Models for Modern Generative AI |
| Tianlong Chen | University of North Carolina at Chapel Hill | Cut the Crap: Advancing the Efficient Communication of Multi-Agent Systems via Spatial-Temporal Topology Design and KV Cache Sharing |
| Mingyu Ding | University of North Carolina at Chapel Hill | Aligning Long Videos and Language as Long-Horizon World Models |
| Nikhil Garg | Cornell University | Market Design for Responsible Multi-agent LLMs |
| Jessica Hullman | Northwestern University | Human-Aligned Uncertainty Quantification in High Dimensions |
| Christopher Jermaine | Rice University | Fast, Trusted AI Using the EINSUMMABLE Compiler |
| Yunzhu Li | Columbia University | Physics-Informed Foundation Models Through Embodied Interactions |
| Pattie Maes | Massachusetts Institute of Technology | Understanding How LLM Agents Deviate from Human Choices |
| Sasa Misailovic | University of Illinois at Urbana–Champaign | Fellini: Differentiable ML Compiler for Full-Graph Optimization for LLM Models |
| Kristina Monakhova | Cornell University | Trustworthy extreme imaging for science using interpretable uncertainty quantification |
| Todd Mowry | Carnegie Mellon University | Efficient LLM Serving on Trainium via Kernel Generation |
| Min-hwan Oh | Seoul National University | Mutually Beneficial Interplay Between Selection Fairness and Context Diversity in Contextual Bandits |
| Patrick Rebeschini | University of Oxford | Optimal Regularization for LLM Alignment |
| Jose Renau | University of California, Santa Cruz | Verification Constrained Hardware Optimization using Intelligent Design Agentic Programming |
| Vilma Todri | Emory University | Generative AI solutions for The Spillover Effect of Fraudulent Reviews on Product Recommendations |
| Aravindan Vijayaraghavan | Northwestern University | Human-Aligned Uncertainty Quantification in High Dimensions |
| Wei Yang | University of Texas at Dallas | Optimizing RISC-V Compilers with RISC-LLM and Syntax Parsing |
| Huaxiu Yao | University of North Carolina at Chapel Hill | Aligning Long Videos and Language as Long-Horizon World Models |
| Amy Zhang | University of Washington | Tools for Governing AI Agent Autonomy |
| Ruqi Zhang | Purdue University | Efficient Test-time Alignment for Large Language Models and Large Multimodal Models |
| Zheng Zhang | Rutgers University-New Brunswick | AlphaQC: An AI-powered Quantum Circuit Optimizer and Denoiser |
AWS Cryptography
| Recipient | University | Research title |
| Alexandra Boldyreva | Georgia Institute of Technology | Quantifying Information Leakage in Searchable Encryption Protocols |
| Maria Eichlseder | Graz University of Technology, Austria | SALAD – Systematic Analysis of Lightweight Ascon-based Designs |
| Venkatesan Guruswami | University of California, Berkeley | Obfuscation, Proof Systems, and Secure Computation: A Research Program on Cryptography at the Simons Institute for the Theory of Computing |
| Joseph Jaeger | Georgia Institute of Technology | Analyzing Chat Encryption for Group Messaging |
| Aayush Jain | Carnegie Mellon | Large Scale Multiparty Silent Preprocessing for MPC from LPN |
| Huijia Lin | University of Washington | Large Scale Multiparty Silent Preprocessing for MPC from LPN |
| Hamed Nemati | KTH Royal Institute of Technology | Trustworthy Automatic Verification of Side-Channel Countermeasures for Binary Cryptographic Programs using the HoIBA libary |
| Karl Palmskog | KTH Royal Institute of Technology | Trustworthy Automatic Verification of Side-Channel Countermeasures for Binary Cryptographic Programs using the HoIBA libary |
| Chris Peikert | University of Michigan, Ann Arbor | Practical Third-Generation FHE and Bootstrapping |
| Dimitrios Skarlatos | Carnegie Mellon University | Scale-Out FHE LLMs on GPUs |
| Vinod Vaikuntanathan | Massachusetts Institute of Technology | Can Quantum Computers (Really) Factor? |
| Daniel Wichs | Northeastern University | Obfuscation, Proof Systems, and Secure Computation: A Research Program on Cryptography at the Simons Institute for the Theory of Computing |
| David Wu | University Of Texas At Austin | Fast Private Information Retrieval and More using Homomorphic Encryption |
Sustainability
| Recipient | University | Research title |
| Meeyoung Cha | Max Planck Institute | Forest-Blossom (Flossom): A New Framework for Sustaining Forest Biodiversity Through Outcome-Driven Remote Sensing Monitoring |
| Jingrui He | University of Illinois at Urbana–Champaign | Foundation Model Enabled Earth’s Ecosystem Monitoring |
| Pedro Lopes | University of Chicago | AI-powered Tools that Enable Engineers to Make & Re-make Sustainable Hardware |
| Cheng Yaw Low | Max Planck Institute | Forest-Blossom (Flossom): A New Framework for Sustaining Forest Biodiversity Through Outcome-Driven Remote Sensing Monitoring |
AI safety is a priority at Amazon. Our investment in safe, transparent, and responsible AI (RAI) includes collaboration with the global community and policymakers. We are members of and collaborate with organizations such as the Frontier Model Forum, the Partnership on AI, and other forums organized by government agencies such as the National Institute of Standards and Technology (NIST). Consistent with Amazon’s endorsement of the Korea Frontier AI Safety Commitments, we published our Frontier Model Safety Framework earlier this year.
During the development of the Nova Premier model, we conducted a comprehensive evaluation to assess its performance and safety. This included testing on both internal and public benchmarks and internal/automated and third-party red-teaming exercises. Once the final model was ready, we prioritized obtaining unbiased, third-party evaluations of the model’s robustness against RAI controls. In this post, we outline the key findings from these evaluations, demonstrating the strength of our testing approach and Amazon Premier’s standing as a safe model. Specifically, we cover our evaluations with two third-party evaluators: PRISM AI and ActiveFence.
Evaluation of Nova Premier against PRISM AI
PRISM Eval’s Behavior Elicitation Tool (BET) dynamically and systematically stress-tests AI models’ safety guardrails. The methodology focuses on measuring how many adversarial attempts (steps) it takes to get a model to generate harmful content across several key risk dimensions. The central metric is “steps to elicit” — the number of increasingly sophisticated prompting attempts required before a model generates an inappropriate response. A higher number of steps indicates stronger safety measures, as the model is more resistant to manipulation. The PRISM risk dimensions (inspired by the MLCommons AI Safety Benchmarks) include CBRNE weapons, violent crimes, non-violent crimes, defamation, and hate, amongst several others.
Using the BET Eval tool and its V1.0 metric, which is tailored toward non-reasoning models, we compared the recently released Nova models (Pro and Premier) to the latest models in the same class: Claude (3.5 v2 and 3.7 non-reasoning) and Llama4 Maverick, all available through Amazon Bedrock. PRISM BET conducts black-box evaluations (where model developers don’t have access to the test prompts) of models integrated with their API. The evaluation conducted with BET Eval MAX, PRISM’s most comprehensive/aggressive testing suite, revealed significant variations in safety against malicious instructions. Nova models demonstrated superior overall safety performance, with an average of 43 steps for Premier and 52 steps for Pro, compared to 37.7 for Claude 3.5 v2 and fewer than 12 steps for other models in the comparison set (namely, 9.9 for Claude3.7, 11.5 for Claude 3.7 thinking, and 6.5 for Maverick). This higher step count suggests that on average, Nova’s safety guardrails are more sophisticated and harder to circumvent through adversarial prompting. The figure below presents the number of steps per harm category evaluated through BET Eval MAX.
The PRISM evaluation provides valuable insights into the relative safety of different Amazon Bedrock models. Nova’s strong performance, particularly in hate speech and defamation resistance, represents meaningful progress in AI safety. However, the results also highlight the ongoing challenge of building truly robust safety measures into AI systems. As the field continues to evolve, frameworks like BET will play an increasingly important role in benchmarking and improving AI safety. As a part of this collaboration Nicolas Miailhe, CEO of PRISM Eval, said, “It’s incredibly rewarding for us to see Nova outperforming strong baselines using the BET Eval MAX; our aim is to build a long-term partnership toward safer-by-design models and to make BET available to various model providers.” Organizations deploying AI systems should carefully consider these safety metrics when selecting models for their applications.
Manual red teaming with ActiveFence
The AI safety & security company ActiveFence benchmarked Nova Premier on Bedrock on prompts distributed across Amazon’s eight core RAI categories. ActiveFence also evaluated Claude 3.7 (non-reasoning mode) and GPT 4.1 API on the same set. The flag rate on Nova Premier was lower than that on the other two models, indicating that Nova Premier is the safest of the three.
| Model | 3P Flag Rate [↓ is better] |
| Nova Premier | 12.0% |
| Sonnet 3.7 (non-reasoning) | 20.6% |
| GPT4.1 API | 22.4% |
“Our role is to think like an adversary but act in service of safety,” said Guy Paltieli from ActiveFence. “By conducting a blind stress test of Nova Premier under realistic threat scenarios, we helped evaluate its security posture in support of Amazon’s broader responsible-AI goals, ensuring the model could be deployed with greater confidence.”
These evaluations conducted with PRISM and ActiveFence give us confidence in the strength of our guardrails and our ability to protect our customers’ safety when they use our models. While these evaluations demonstrate strong safety performance, we recognize that AI safety is an ongoing challenge requiring continuous improvement. These assessments represent a point-in-time snapshot, and we remain committed to regular testing and enhancement of our safety measures. No AI system can guarantee perfect safety in all scenarios, which is why we maintain monitoring and response systems after deployment.
Acknowledgments: Vincent Ponzo, Elyssa Vincent
-
Funding & Business7 days agoKayak and Expedia race to build AI travel agents that turn social posts into itineraries
-
Jobs & Careers6 days ago
Mumbai-based Perplexity Alternative Has 60k+ Users Without Funding
-
Mergers & Acquisitions6 days ago
Donald Trump suggests US government review subsidies to Elon Musk’s companies
-
Funding & Business6 days ago
Rethinking Venture Capital’s Talent Pipeline
-
Jobs & Careers6 days ago
Why Agentic AI Isn’t Pure Hype (And What Skeptics Aren’t Seeing Yet)
-
Funding & Business4 days ago
Sakana AI’s TreeQuest: Deploy multi-model teams that outperform individual LLMs by 30%
-
Funding & Business7 days agoFrom chatbots to collaborators: How AI agents are reshaping enterprise work
-
Jobs & Careers6 days ago
Astrophel Aerospace Raises ₹6.84 Crore to Build Reusable Launch Vehicle
-
Jobs & Careers6 days ago
Telangana Launches TGDeX—India’s First State‑Led AI Public Infrastructure
-
Funding & Business4 days ago
Dust hits $6M ARR helping enterprises build AI agents that actually do stuff instead of just talking
