How Beekeeper built an LLM leaderboard and model routing on Amazon Bedrock

TL;DR (executive summary)

• Beekeeper turned model selection and prompt tuning into a continuous, automated loop: an LLM leaderboard that scores model+prompt pairs, routes live traffic to winners, and personalizes results per customer group.
• They combine programmatic checks (compression ratio, action-item extraction, embeddings) with human sampling and controlled prompt mutation (scoped prompt updates) to keep personalization safe and reversible.
• Result: tangible UX gains for frontline workers (13–24% better ratings per tenant in preliminary results) with a lightweight engineering footprint enabled by Amazon Bedrock and serverless orchestration.

Why one-time prompt engineering fails for production

Choosing a model and crafting a prompt used to feel like a ritual—pick a model, bake a prompt, ship, repeat only when something breaks. That approach breaks down when model families update, prices shift, and real users reveal new needs. For products that must deliver consistent, factual, and tailored outputs—like chat summaries for deskless frontline workers—you need an operational system that treats model selection as a continuous decision, not a one-time project.

High-level pattern: leaderboard + routing + prompt mutation

Beekeeper implemented a practical loop:

1. Run an initial leaderboard of model+prompt candidates and score them with automated tests plus sampled human checks.
2. Route production requests to top-ranked candidates with weighted routing (e.g., 50% / 30% / 20%) so you balance exploration and quality.
3. Personalize winning prompts per tenant or cohort using prompt mutation (controlled, scoped updates) and use drift detection to avoid contaminating other users.

Definitions (first use): tenant (a customer or organizational unit using the product), cohort (a user segment within a tenant), prompt mutation (small, controlled prompt updates driven by user feedback), routing layer (logic that sends traffic to model+prompt candidates), drift detection (monitoring that detects undesirable changes in model behavior).

“LLM choice and prompt tuning are ongoing processes, not one-time decisions.”

Architecture and tooling choices

Practical, serverless-friendly building blocks let a small engineering team run continuous experiments without heavy lift:

• Amazon Bedrock — unified access to multiple models plus the Converse API for cross-LLM checks.
• Event orchestration: EventBridge triggers evaluation cycles.
• Workers & routing: EKS or serverless compute and Lambda to host scoring jobs and the routing layer.
• State & history: RDS or similar for leaderboard state, metrics, and versioned model+prompt artifacts.
• Human validation: Amazon Mechanical Turk for sampled manual checks, with quality controls (gold tasks, inter-annotator agreement).

Why Bedrock? It reduces vendor-specific integration work by providing a single API to multiple model families, so model switching becomes a routing decision instead of re-architecting downstream systems.

Architecture snapshot (conceptual)

• Inputs (chat) → evaluation queue (EventBridge) → worker pool (EKS) that runs model generation + programmatic checks + LLM-based checks (via Bedrock).
• Scoring and leaderboard update → routing service (Lambda/EKS) uses weights to send production requests to top candidates.
• User feedback (thumbs/comments) stored in RDS → prompt mutation service applies scoped updates and drift detection monitors metrics to revert unsafe mutations.

Evaluation methodology and metrics

Quality is measured with a hybrid approach so automation scales without losing human judgment.

• Per-candidate baseline: typically ~8 model+prompt pairs. For each pair, generate ~20 summaries.
• Call arithmetic (how LLM calls add up): each summary requires one generation call + two LLM-based quality checks (e.g., factuality, relevance), so 3 LLM calls per summary. With 8 pairs × 20 summaries × 3 calls = 480 LLM calls for the initial sweep.
• Programmatic checks (no LLM cost): compression ratio (conciseness), regex or extractor-based action-item detection, and embedding-based semantic similarity.
• LLM checks: model-based judgments that catch contextual errors programmatically (e.g., ask an LLM to confirm whether an action item references a person or date).
• Human-in-the-loop: ~7% of evaluations sampled for manual review via MTurk, with sample sizes planned using Cochran’s formula to achieve statistical confidence.

Concrete evaluation metrics:

• Compression ratio — target concision vs. information loss.
• Presence and quality of user-related action items — must surface who needs to do what.
• Semantic similarity via embeddings (Qwen3 used as baseline for embeddings).
• Cross-LLM hallucination detection — flag contradictions across model outputs for human review.

Sample-size example (Cochran’s formula)

For a 95% confidence level and ±5% margin of error, Cochran’s formula gives a baseline n ≈ 384 samples (assuming p=0.5). You can then scale that down if your evaluation population is small. Beekeeper sampled around 7% of evaluations—an operational choice driven by tenant volume and desired statistical power.

Proof-of-concept numbers and cost context

Numbers from a referenced example run (use these as a planning baseline, not exact estimates for every setup):

• Baseline: ~8 model+prompt pairs
• Per-pair evaluations: 20 summaries
• Checks per summary: 3 static (programmatic) + 2 LLM checks + 1 generation call
• Initial LLM calls: 480 (8×20×3)
• Mutation cycles: added ~600 LLM calls in subsequent explorations
• Token usage observed in the example sweep: ~8,352,000 input tokens and ~1,620,000 output tokens
• Estimated cost for that proof-of-concept sweep: roughly $48 (this figure reflects the specific models and region used for the run and assumes modest MTurk sampling; actual costs will vary by model, region, and token pricing).

How to budget: treat an initial sweep as a predictable experimental cost (hundreds to low thousands of dollars depending on scale and model family). Production costs scale with traffic, candidate count, and personalization vectors.

Personalization without contamination

Key to safe personalization is scoped prompt mutation. Instead of overwriting a global prompt with user feedback, apply small, versioned prompt deltas tied to a tenant or cohort. Keep these mutations reversible and track them as immutable artifacts: model+prompt+version.

Drift detection triggers you should monitor:

• Sudden drop in thumbs-up rate or rise in user complaints
• Increase in detected hallucination rate (cross-LLM disagreement)
• Semantic-similarity falloff measured by embeddings
• Unusual change in compression ratio or missing action items

“Prompt mutation creates an organic system that evolves over time while drift detection prevents undesirable behavior spread across users.”

Sample chat and mutated prompts (illustrative)

Raw chat (example):

“Customer called at 9am: AC unit not cooling. Tech Sam scheduled for 2pm. Customer asked for replacement filters and mentioned allergies.”

Base prompt (concise, neutral):

“Summarize the chat in 2–3 bullet points and list explicit action items with assignees and due times.”

Model A output (tone: concise):

– Customer reported AC not cooling; tech Sam scheduled 2pm.
– Customer requested replacement filters (allergies).

Action items:
– Sam: inspect AC at 2pm (due today).
– Supplies team: prepare replacement filters (due tomorrow).

Prompt mutation (tenant prefers empathetic tone and explicit next steps):

“Summarize empathically in 2–4 bullets; highlight customer concern first. For each action item, add the priority and next communication step.”

Model A mutated output (tone: empathetic + explicit):

– Customer concerned about AC not cooling—expressed allergies due to filters; technician Sam is scheduled at 2pm.
– We will prioritize filter replacement given allergy mention.

Action items:
– Sam (high priority): inspect AC at 2pm and confirm findings via SMS within 1 hour.
– Supplies (medium priority): stage allergy-friendly replacement filters and confirm availability by end of day.

Scoped mutation changes the style and explicitness for a tenant without altering the global prompt used by others.

Safety, hallucinations and cross-LLM checks

Cross-LLM checking helps detect contradictions (e.g., one model invents a date or person). But agreement across models is not proof of truth—models can collude on the same hallucination. That’s why automated cross-checks are paired with manual sampling and metadata signals (confidence heuristics, provenance tags where available).

Human validation workflow essentials:

• Provide clear task instructions and gold-standard examples to MTurk workers.
• Use multiple annotators and measure inter-annotator agreement; resolve disagreements programmatically or via expert review.
• Keep manual checks lightweight and statistically guided (Cochran’s formula) to control cost.

“Quality is scored with a small synthetic test set and validated in production with user feedback (thumbs up/down and comments).”

Results, limitations and governance considerations

Preliminary operational impact: Beekeeper reported 13–24% better aggregated response ratings per tenant when using the scoreboard + personalization loop. Those gains came from more relevant action items, correct compression, and tones aligned with tenant preferences.

Limitations & risks to plan for:

• Cross-LLM agreement is not definitive proof of factuality—keep human sampling.
• Cost growth as personalization vectors multiply (each tenant/cohort variant adds evaluation and potential routing complexity).
• Privacy and compliance: frontline chats may carry PII. Implement PII redaction, at-rest/in-transit encryption, and appropriate retention policies before sending data to third-party models.
• Governance: create guardrails and approval workflows for prompt mutations that materially change tone or policy-related content.

Operational checklist for product and engineering leaders

• Start with a small synthetic baseline (8 candidates × 20 samples is a practical first sweep).
• Automate programmatic checks (compression, action extraction, embedding similarity) and schedule periodic LLM checks.
• Sample humans for validation using Cochran’s guidance—aim for statistical significance, not exhaustive manual review.
• Version model+prompt artifacts immutably; route traffic with weights that balance exploration and reliability.
• Apply prompt mutations scoped to tenants/cohorts; monitor drift signals and have automatic rollback triggers.
• Track production metrics: latency, cost per summary, thumbs-up rate, hallucination flags, and model-switch frequency.
• Design privacy controls (redaction, encryption, legal review) before sending frontline conversations to external models.

Next steps and quick decisions for leaders

• Want speed-to-value? Use Bedrock as a multi-model gateway to reduce integration overhead and run a focused proof-of-concept leaderboard.
• Worried about safety? Pair cross-LLM checks with human sampling and strict drift detection—treat any tenant-level mutation as reversible.
• Budgeting? Plan for an initial experimental sweep (the example reported ~$48) and model production costs to scale with traffic and personalization complexity.

Final perspective

Treat prompt engineering like systems engineering. Continuous evaluation, scoped personalization, and human-in-the-loop validation turn LLMs from brittle endpoints into adaptable product features. For frontline worker experiences—where clarity and correct next steps matter—the leaderboard + routing + prompt mutation pattern offers a pragmatic path to safer, personalized AI at modest operational cost.

Call to action: if your product needs reliable, tailored LLM outputs, start with a small baseline, instrument programmatic checks, add targeted human sampling, and adopt scoped prompt mutation with drift detection. That approach scales personalization without poisoning global behavior—and it’s achievable today using Amazon Bedrock and serverless orchestration.