OpenAI frontier models and Codex are now available on AWS (openai.com)
342 points by typpo 19 hours ago
kylemaxwell 16 hours ago
Every time somebody questions why you might "trust" AWS (or Azure or GCP or whatever), or why you'd pay this premium, I realize they are not accustomed to working in enterprise environments.
In my case, I work at a large enterprise with strict data governance built into customer contracts, and (partly related, partly not) our own governance concerns. Using vendors where you not only have infosec permission, but they are also listed as data processors in our contracts with our customers is the way not to get fired and sued.
If I'm playing around at home, with my own code and data, I can do whatever I want. But with my employer and customer? Absolutely not. It's the same reason we don't use whatever is the flavor of the month frontier model is.
Side hustles and startups just have an entirely different set of constraints and considerations.
gobdovan 10 hours ago
Have you considered checking the actual AWS contract and the limited liability they explicitly stipulate in contracts and even linked docs from marketing materials?
If you read the fine print, you'll notice something funny. You are largely responsible for data loss, SLA claims require you to present concrete evidence, and the remediation you accepted is usually credits for future spend on specifically the same product you lost your data on.
And AWS fine print is actually quite reasonable compared with, say, GCP, where the SLA seems mostly useful so the enterprise acquisition team can say "they have SLA, I can't get fired for choosing them since I did my due diligence!", while GCP can say "you already accepted the proposed remedy when signing the contract, sue us and we'll just point you to it. Thanks for your trust.". [0]
[0] https://docs.cloud.google.com/storage/docs/storage-classes
^ Standard multi-region or dual-region storage has a 99.95% availability SLA, regional Standard has 99.9%, and regional Nearline, Coldline, or Archive can be as low as 99.0%. The credits are 10%, 25%, or 50% of the monthly bill for the affected service tier, with 50% as the aggregate monthly cap, applied to future use. Google also says the customer must request the credit within 30 days or forfeit it.
ok123456 20 minutes ago
They're motivated not by the actual loss, but the checkmark of having attestation for a compliance framework.
So the fact that Microsoft let remote hands-on-keyboards in the PRC fix problems on GCC-High Azure nodes used by DoD contractors doesn't matter, since they're too big to censure in any meaningful way without impacting tens of thousands of businesses that rely on them to get a letter that satisfies a compliance assessor.
Actually knowing what you're doing, or being able to critically assess the risks of using a specific provider, doesn't matter.
fabian2k 7 hours ago
They didn't mention anything about SLAs. This is about all the time, effort, paperwork and risk it takes to add yet another vendor. Having fewer vendors does actually reduce risk, as long as your chosen vendors are reasonably good. Though the bigger reason is certainly avoiding the additional bureaucracy, which is partly self-inflicted in larger companies but also not without merit.
gobdovan 7 hours ago
citrin_ru 10 hours ago
Nobody ever got fired for buying I̵B̵M̵ AWS. Most corporations already use AWS, used to its legal terms and accepted the risk. Any new provider will be scrutinised by legal more than an existing one.
regularfry 5 hours ago
saidnooneever 9 hours ago
calgoo 3 hours ago
Our corporate lawyers have all reviewed these things. And like others mentioned, the SLAs are not the concern, its related to data security and someone to blame if things go boom.
kylemaxwell an hour ago
I mean, I'm not really senior management, just an EM trying to get through life under the rules somebody else made.
Also, this isn't about SLA at all.
btown 14 hours ago
On top of this, there's a vast difference between "what do you mean that team spent $1000 on AI in their expense report, what did we get for that?" vs. "oh, the company-wide AWS bill went up by a few percent, let's look into that when we have time." The latter makes projects far more viable.
cubefox 6 hours ago
But note that this difference is the result of bad accounting.
glzone1 11 hours ago
The security posture at AWS is different. AI startups are going to get hacked and leak data etc. All the startup webapp builder tools, vscode plugin players etc.
AWS could still be hacked, but they've taken some care to make it a bit less likely, a bit easier to track which customers affected etc. If you dig into AWS logging for example, there is a TON if you turn it on, you can really go back and see who did what to the permissions / environment etc. I imagine they've got pretty good logging of their staffs access to things as well. I had to jump through some hoops once to have their staff on my account.
raincole 13 hours ago
Or to put it simply, nobody ever got fired for buying IBM.
jimbokun 13 hours ago
-> Microsoft -> AWS.
petesergeant 11 hours ago
sntran 15 hours ago
I have just moved from a free environment in which I was able to use any AI harnesses or models to a strict enterprise environment.
I was shocked to realize how difficult it has been to have a GitHub CoPilot license on Azure. I mean, they're both Microsoft products. But no, the IT now has to figure out how to set up a GitHub enterprise, link to Azure subscription, and all that.
philipwhiuk 4 hours ago
and set reasonable global and user token limits to avoid burning a year's IT spend cause Dave in Legal went ham on tokenmaxxing by uploading his entire legal case history.
in a company of 12 you can do that by saying 'we're all generalists, just don't be an idiot'. In a company of 10,000, you hired Dave cause he's good at legal merger mumbo jumbo not because he's an IT generalist.
notepad0x90 39 minutes ago
Yeah, cloud agents come with nice things like being able to filter content, implement guardrails like preventing PII or prompt injection from taking place. even if they sucked, at least liability wise you're set. I don't know how someone could even come close to this capability by doing it on their own. If anyone does, please share what tools, platforms and projects you're using.
foolfoolz 14 hours ago
while true, everyone signed this same data privacy agreement with anthropic / openai a long tiem ago
kube-system 10 hours ago
The agreements that Anthropic/OpenAI are pretty general and there’s a lot of use cases they don’t meet.
The list of compliance standards that AWS meets is so big they have a separate product just to deliver the compliance documents. They basically do everything imaginable.
bunderbunder 13 hours ago
It’s not just that. Oftentimes contracts stipulate that the client’s data can’t be transferred across certain boundaries. If you have signed such an agreement, even sending the data to a service on the same cloud provider but in a different region could be a huge compliance violation.
comandillos 9 hours ago
In my company is simpler, we deal with data under EU Export Control so we cannot use any US provider due to the CLOUD Act.
ykl 17 hours ago
If you've used AI coding models in a large corporate setting, you'll know that a lot of big corporate deployments basically require using AWS Bedrock for two simple reasons:
1. Large companies tend to already have an existing relationship with AWS, which makes things way easier to go through vs. setting up a new vendor relationship 2. Large companies tend to have strong internal requirements about making sure that internal data stays under company control. With AWS Bedrock, you can be a lot more confident that what you're feeding into the models is not going to end up in someone's training set somewhere. For where I work, this requirement is a dealbreaker for going directly through OpenAI's API instead of going through AWS Bedrock.
Eridrus 16 hours ago
To go a step further, the reason it's often impossible to add a new vendor if that you've signed a bunch of contracts with your customers saying you're not going to send their data to other vendors in all sorts of various flavors.
xtracto 5 hours ago
And the pain of the procurement process, specially when you follow a certification such as iso27001, soc2 or similar.
a_bonobo 15 hours ago
3. from my opportunity - For many (not all) LLMs, Bedrock gives you control over which country the data stays in. You have no control over that with the Claude API, for example. We do not work in the US and have strong requirements for the data to stay in our country, which Bedrock gives us control over.
stymaar 3 hours ago
> We do not work in the US and have strong requirements for the data to stay in our country, which Bedrock gives us control over.
It doesn't actually. The US can request data from whatever country US companies store it, and companies must comply.
So if you have strong requirements for data to stay in your country, using a US provider, whatever it is, is out of question no matter what the company's marketing claims (they are not maintaining these claims under oath for what it's worth: https://www.senat.fr/compte-rendu-commissions/20250609/ce_co... )
regularfry 10 hours ago
4. AWS billing is already cross-charged to different departments per account. Copilot/Claude/Codex would need that setting up all over again, and is (probably) all coming out of a central bucket right now. Switching to Bedrock APIs is really easy, and solves a problem for people high enough up in the organisation that they can insist on it.
kopirgan 16 hours ago
A very interesting comment.
Curious to understand how AI will continue to grow if this is the trend. Assuming most valuable data is behind such firewalls. And whatever is public has been harvested, trained on top of whatever has been acquired illegally (this is a grey area).
Will it become a closed ecosystem without outside input?!
bitmasher9 15 hours ago
The pace of data creation is only increasing, and our capabilities of sharing and storing it is growing as well. Lots of this is out in the open, ready for anyone to crawl and scrape.
There probably is a point of “peak data” where the amount of new data will start decreasing, but that’s likely a 22nd or 24rd century problem.
avianlyric 14 hours ago
watwut 5 hours ago
kennethops 15 hours ago
imo it will slowly turn into where people run their own AI
rho138 17 hours ago
How is one certain bedrock data isn’t being shuttled to external providers?
jofzar 17 hours ago
What other people are saying, but also because Amazon does not want to fuck around in this space. They don't want the legal fight or the reputational damage that would come with it.
trollbridge 16 hours ago
jimbokun 13 hours ago
nh2 16 hours ago
In contrast to Microsoft, OpenAI, and Anthropic, AWS has never done anything close to sneaking in unwanted training opt-outs after the fact.
They are the only ones I trust not to do that so far. And their terms are extremely clear on that, no fuzzy language. Exactly what we want to see. So we use Bedrock.
cortesoft 17 hours ago
Contracts and the force of law?
ai_fry_ur_brain 17 hours ago
650REDHAIR 16 hours ago
Bezos and Altman pinky-promised and are super trustworthy.
azinman2 16 hours ago
glzone1 11 hours ago
SXX 16 hours ago
wmf 11 hours ago
kopirgan 16 hours ago
Having worked with lots of companies, I can say that trust is there. But true test is competitors of Amazon. Does Walmart use them? Ebay? Although not in exact same business.
zmmmmm 15 hours ago
They could be lying with all this:
https://docs.aws.amazon.com/bedrock/latest/userguide/data-pr...
But it seems tremendously unlikely with how explicit they are being with it. It is clearly one of the top selling features for the service.
avianlyric 17 hours ago
Contractual obligation, external third party audits, and above all, AWS’s reputation.
AWS isn’t going to risk their reputation, and thus huge chunks of their business, just so a few AI labs can get some extra training data. That’s an insane risk with zero upside for AWS. AWS knows full well they will make insane quantities of cash without breaking legal contracts with companies who pay them billions each year for infra.
33MHz-i486 16 hours ago
they’re crap on a lot dimensions of how they treat customers but data privacy/security is one thats taken pretty seriously at AWS, perhaps owing to the massive reputational damage that would result if they played loose with it.
Aurornis 17 hours ago
If you are wondering why anyone would spend more money to use these APIs through AWS instead of going direct: In some companies it’s nearly impossible to get new vendors approved. If the company has an AWS contract then you have to use what AWS offers.
Animats 9 hours ago
Wait, is AWS just reselling access to some AI company's servers, or is AWS running the models on their own hardware?
ykl 5 hours ago
AWS Bedrock is other companies’ models running on separate dedicated AWS hardware, metered through AWS billing. AWS owns and operates all of the infrastructure and the client interface; the model provider basically hands over the model and weights to AWS and AWS Bedrock take it from there.
So, as an example, if you use Codex through Bedrock, that’s a totally separate instance of Codex from anything you would be interfacing with if you directly used OpenAI’s API; if you use Codex via Bedrock, OpenAI never sees your data or prompts because they stay sandboxed in an ephemeral Bedrock instance. For many large enterprise deployments this hard boundary is a big big deal.
Over the past year, Claude being available via Bedrock and ChatGPT/Codex not being available via Bedrock has been a huge competitive advantage for Anthropic in the enterprise space.
powvans 17 hours ago
Even if you can get it approved you are adding surface area to your annual security audits, adding another vendor that needs to be disclosed on security assessments, spreading your data to yet another processor, and adding another invoice and budget discussion. Depending on your customer contracts you may need to notify them of a new vendor. This might trigger a new security review. Oh it’s just another model on Bedrock? Bliss.
morpheuskafka 16 hours ago
Every CEO, board, and middle manager in the world is AI buzzword-obsessed now. Surely asking to sign a contract with the frontier labs directly would not get held up?
stronglikedan 15 hours ago
Every CEO, board, and middle manager in the world still has to go through infosec in large orgs.
qurren 12 hours ago
If you're an engineer in the trenches of the company, good luck convincing the people above to sign that contract. You'll waste thousands of hours just trying.
crubier 13 hours ago
The hard part is not the CEO, it's the CISO
phillipcarter 17 hours ago
Absolutely huge news for OpenAI. Unimaginable amount of enterprises picked up Claude just because it was available in AWS, and now there's serious competition.
iandanforth 16 hours ago
This is a great move for OpenAI and one that should worry Anthropic. Bedrock was the only way I could use foundation models for a while given AWS lock-in and security requirements.
onion2k 9 hours ago
Claude is already available as both a pass-through to Anthropic's servers from AWS and in Bedrock. https://aws.amazon.com/claude-platform/ I imagine they're not thrilled that their first mover advantage has gone now, but they'll have seen it coming a mile off.
2001zhaozhao 16 hours ago
Good news for competition.
Claude Code keeps omitting new features from people using it through Amazon Bedrock (e.g. auto mode, ultra plan, Claude for Chrome). Hopefully some more competition can get them to rethink their strategy.
Manouchehri 10 hours ago
It's so odd, because Claude models on Amazon Bedrock do support all those features.
For awhile now, I've had a api.anthropic.com emulator that "secretly" forwards requests to Amazon Bedrock. Works great and now I get all the nice first-party only features right away.
kube-system 9 hours ago
Is that anything you could share?
chrisballinger 11 hours ago
Auto mode works on Bedrock now!
rohansood15 14 hours ago
Anthropic better get that IPO out soon. Their incredible revenue run-up was basically a result of botched Gemini releases and OpenAI having their hands-tied behind their Azure backs.
Anthropic models were quite literally the only viable serverless API (i.e. Bedrock) models on AWS. They didn't even bother releasing the recent Qwen 3.5/3.6 series. Combined with the token efficiency/ROI focus, I would really like to see how Antrhopic ends Q3.
whatever1 14 hours ago
Frontier labs provide “frozen” builds of their models that hyperscalers just serve without collecting data. This is a prerequisite from most of the companies that store sensitive data and still want to use frontier LLMS.
chasd00 14 hours ago
Sucks for Azure. They were the chosen one but couldn’t keep up with demand. Once OpenAI got out of that exclusivity deal saying Azure wasn’t reliable I knew AWS was where they were headed.
ElenaDaibunny 8 hours ago
was only a matter of time. enterprise teams on aws werent going to rearchitect their stack just for model access, easier to bring the models to where the workloads already are
AgentOrange1234 16 hours ago
This is great news. I wish they were keeping their other models updated. With Gemma 4 and Qwen 3.7 already available on OpenRouter, bedrock is just not keeping up at all.
daft_pink 2 hours ago
And the giant ai circle continues
shay_ker 13 hours ago
It's fascinating that cloud providers like AWS/GCP/Azure are now immovable "enterprise" technologies, in the way that IBM, Oracle, SAP, etc. were 15 years ago (and still are!).
Fond memories when only startups used S3 and EC2....
It's both an incredible triumph and tremendously sad that cloud providers are now the dinosaurs. So many companies are locked in, just as they were before. It's only going to get worse.
I wish the "cloud" was more fungible.
jgbuddy 14 hours ago
great for consumers, great for OpenAI, great for Amazon, not so great for MS / Azure (seems like they don't care anyways)
_pdp_ 17 hours ago
As usual the more options the better for everyone. While this is not a direct replacement it is good that it exists.
gordonhart 15 hours ago
Are they? I don't see them in the Model Catalog on Bedrock.
aifusenno1 10 hours ago
Do they use Trainium/Inferentia?
MagicMoonlight 10 hours ago
But their contract with Microslop prevents this?!?!? They specifically said like a month ago that they wouldn’t sell API access on AWS, they would only release specific products.
jorisw 8 hours ago
Google 'openai azure contract dissolution'
epicepicurean 9 hours ago
any explanation of why the context window is only 272K?
CSMastermind 13 hours ago
One of the most attractive things a company can offer its engineers right now is a large token/compute budget.
hooch 14 hours ago
No 5.5 Pro
Handy-Man 17 hours ago
More expensive than directly sourcing from OpenAI
easton 17 hours ago
The AWS pricing page says 10% more than OpenAI, which is probably because they’re forcing all inference through the US and data residency is at a 10% premium from the model vendors for whatever reason (because you’ll pay for it).
If they put in a global endpoint like with Claude (or OpenAI directly) then it’ll probably match the direct pricing, if the pattern holds.
(https://aws.amazon.com/bedrock/pricing/, scroll to OpenAI)
cebert 16 hours ago
It’s even more expensive for GovCloud customers. We pay a 30% premium on top of that.
sokoloff 17 hours ago
It also could be to provide room for enterprise discount pricing without it being money-losing for one of the companies.
yojo 17 hours ago
BoredPositron 17 hours ago
It's for people that can easily pump their AWS bill but not a new vendor.
chopete3 13 hours ago
This is the best thing to happen to AwS. Aws won't push their junk Bedrock equivalents at least.
Enterprises can focus on paying for AWS OpenAI models and get going.
notatoad 12 hours ago
Their “junk bedrock equivalents” like opus?
retinaros 10 hours ago
I guess he meant nova models? Which are definitely not even on the same table than thsoe models so its irrelevant