What is a foundation model?

Researchers at Stanford’s Center for Research on Foundation Models (CRFM) popularized the term foundation model to describe models trained on broad data at scale, intended to be adapted to many tasks rather than built task-by-task. The defining properties are:

• Pre-training at scale — one expensive training phase on large, diverse corpora (text, code, images, or combinations).
• Generality — the same weights support classification, generation, translation, summarization, coding assistance, and more—often with little or no task-specific training.
• Adaptation — downstream use happens via fine-tuning, prompting, retrieval augmentation, or tool use—not always by training a new model from random initialization.

That is a shift from classical machine learning, where you typically scoped a dataset, chose a model family, trained for one metric, and deployed a specialist. Foundation models invert part of the economics: upfront training is enormous, but marginal new features can be cheap if adaptation works.

For generative AI across modalities (diffusion, GANs, LLMs, lifecycle), see Generative AI in Depth. For a focused tour of text-generation systems, see Large Language Models in Depth. For how this era fits into seventy years of AI history, see From Symbols to Foundation Models. For vocabulary and career paths around building with them, see How to Become an AI Developer.

Foundation models vs traditional ML models

Neither replaces the other in mature organizations. Tabular fraud detection on structured logs may still be a gradient-boosted tree. Document Q&A over your private wiki is often a foundation model plus RAG. The art is matching the tool to the risk, cost, and explainability requirements.

The architecture underneath: transformers and attention

Most foundation models today are built on the Transformer architecture introduced in Attention Is All You Need (Vaswani et al., 2017). At a high level:

• Tokens — input text (or other modalities converted to tokens) is split into subword units. Everything—billing, context limits, batching—is measured in tokens.
• Embeddings — each token is mapped to a vector; positional information tells the model order.
• Self-attention — each token attends to others in the sequence, learning which context matters for the next prediction. Attention scales with sequence length and drives memory use during training and inference.
• Layers — stacks of attention plus feed-forward blocks, often dozens to hundreds deep in large models.
• Output head — for language models, predict the next token distribution over the vocabulary; sample or greedily pick to generate text.

Two families matter in practice:

• Encoder-only (e.g. BERT-style) — bidirectional context; strong for classification, embedding, and retrieval encoders.
• Decoder-only (e.g. GPT-style) — causal (left-to-right) generation; powers chat, code completion, and most consumer LLM APIs.
• Encoder–decoder (e.g. T5, BART) — explicit input→output mapping; common in translation and summarization pipelines.

Multimodal foundation models align vision, audio, or video encoders with a language decoder so one interface handles images and text. The details differ by vendor, but the pattern is the same: shared representation space, unified prompt surface.

How foundation models are trained (three phases)

Training is rarely a single button click. Production-grade models typically move through distinct phases:

1. Pre-training

The model learns general structure from huge datasets:

• Causal language modeling (GPT-style) — predict the next token; learns grammar, facts (with errors), code patterns, and style.
• Masked language modeling (BERT-style) — predict hidden tokens from context; strong representations for understanding tasks.
• Multimodal objectives — align image patches or audio frames with text captions or instructions.

Pre-training demands clusters of GPUs or TPUs, careful data filtering, deduplication, and legal/licensing review. Data quality dominates: toxic, duplicated, or low-quality text teaches bad habits at scale. Scale laws (Kaplan, Hoffmann, and follow-on work) observed that loss often improves predictably with more compute, data, and parameters—until diminishing returns or infrastructure limits bite.

2. Alignment and instruction tuning

Raw next-token predictors are not polite assistants. Teams add:

• Supervised fine-tuning (SFT) — train on curated (instruction, ideal response) pairs so the model follows prompts and formats.
• RLHF (reinforcement learning from human feedback) — reward model trained on human preferences; policy optimized to score well.
• Alternatives (DPO, ORPO, etc.) — preference optimization without full RL loops; popular in open-source fine-tuning toolchains.

Alignment shapes how the model responds—tone, refusals, formatting—not necessarily what facts it knows. Factual grounding still needs retrieval, tools, or domain fine-tuning.

3. Adaptation for your product

Most organizations never pre-train from scratch. They adapt an existing foundation model:

• Prompt engineering — system prompts, few-shot examples, structured output schemas (JSON mode).
• RAG — embed documents, retrieve top-k chunks, inject into context, generate grounded answers.
• Fine-tuning — full weights or parameter-efficient methods (LoRA, QLoRA) on proprietary data.
• Tool use / agents — model calls APIs, SQL, or code interpreters; results fed back into the loop.

Modalities and model families you will meet

• Large language models (LLMs) — text and code; GPT, Claude, Llama, Mistral, Gemini families. Default for chat, agents, and document AI. See Large Language Models in Depth for tokenization, inference, decoding, and production patterns.
• Vision models — image classification, detection, segmentation; sometimes bundled into multimodal chat.
• Speech models — ASR (speech-to-text), TTS (text-to-speech); increasingly unified with LLM stacks.
• Code models — trained heavily on repositories; specialize in completion, refactor, and test generation.
• Embedding models — smaller encoders (e.g. text-embedding-3, Cohere embed, open models) optimized for vector search—not for open-ended chat.

Open weights (Llama, Mistral, Qwen, etc.) let you run models in your VPC, tune them, and audit artifacts—at the cost of operating GPU infrastructure. Closed APIs trade control for speed to market and vendor-managed scaling. Hyperscaler mappings appear in AWS vs GCP vs Azure service mapping (Bedrock, Vertex AI, Azure OpenAI).

Parameters, context, and inference economics

Parameter count (7B, 70B, 405B…) is a shorthand for capacity, not quality alone. Smaller models with better data and alignment can outperform larger ones on specific tasks. What matters in production:

• Context window — how many tokens fit in one request (4k → 128k+ on leading models). Long context helps RAG and multi-turn chat but increases memory and latency.
• Throughput and latency — tokens per second, time-to-first-token, batching for offline jobs vs interactive chat.
• Cost model — per-token input/output pricing on APIs; GPU-hours if self-hosted. FinOps discipline applies; see cloud platform evolution for AI-native platform themes.
• Quantization — INT8/INT4 weights reduce memory and speed inference with small accuracy tradeoffs; common at the edge and for cost-sensitive workloads.

Rule of thumb for architects: prototype on a capable API, measure real prompts and traffic, then decide whether fine-tuning or a smaller specialized model beats paying for the largest frontier model on every request.

Adaptation patterns in depth

Prompting and structured outputs

Prompts are the cheapest adaptation layer. Effective patterns include clear role definitions, step-by-step reasoning requests (with caution—models can confabulate steps), output schemas, and guardrail instructions (“refuse if asked for credentials”). Version prompts like code; A/B test changes against eval sets.

RAG (retrieval-augmented generation)

RAG reduces hallucination on proprietary knowledge by retrieving relevant chunks before generation. For a full pipeline treatment—chunking, hybrid search, reranking, evals, and production ops—see RAG in Depth. At a glance:

1. Chunk and embed documents (and refresh when sources change).
2. On query, retrieve top-k similar chunks (vector DB, OpenSearch, pgvector, etc.).
3. Inject chunks into the prompt with citations metadata.
4. Generate answer; optionally require citations to match retrieved spans.

Quality depends on chunking strategy, metadata filters, hybrid search (keyword + vector), and evals on your real questions—not on model size alone.

Fine-tuning and efficient tuning

• Full fine-tune — update all weights; highest flexibility, highest cost and catastrophic-forgetting risk.
• LoRA / adapters — train small low-rank matrices; merge or hot-swap for domains (support tone, legal language, internal APIs).
• Continued pre-training — more unsupervised training on domain corpus before task-specific tuning; useful when vocabulary is niche (medicine, law, internal jargon).

Fine-tune when you need consistent format, style, or tool-calling behavior that prompting cannot stabilize—not because RAG is “too hard.”

Agents and tool use

An agent loops: plan → call tool (search, DB, ticket system, shell) → observe result → continue. Foundation models become orchestrators. Failure modes include infinite loops, unsafe tool calls, and leaking secrets into prompts. Production agents need timeouts, allow-listed tools, human approval for destructive actions, and structured logging—same discipline as any automation platform.

Capabilities, limits, and honest evaluation

Foundation models are extraordinary pattern completers. They are not guaranteed reasoners, databases, or authority figures.

Strengths:

• Fluent language and code generation across domains.
• Rapid prototyping of UX (chat, summarization, extraction) from natural-language specs.
• Few-shot adaptation without retraining.
• Multimodal understanding when the stack supports it.

Limits:

• Hallucination — plausible false statements; mitigate with RAG, citations, confidence thresholds, and human review for high-stakes outputs.
• Stale knowledge — training cutoff; use retrieval or tools for current data.
• Reasoning fragility — multi-step math, planning, and edge cases fail without verification loops.
• Security — prompt injection, data exfiltration via tools, jailbreaks; defense in depth (input filters, output policies, least-privilege tools).
• Bias and fairness — reflect training data; require testing across demographics and use cases.

Build an eval harness: fixed question sets, regression after model upgrades, human rubrics for tone and safety, and automated checks (JSON schema validity, citation overlap, toxicity classifiers). Treat model swaps like dependency upgrades—with changelog and rollback.

Production architecture (what surrounds the model)

A foundation model in production is a service in a larger system:

• API gateway — auth, rate limits, routing to model versions, caching for identical prompts where safe.
• Data plane — vector stores, ETL for embeddings, PII redaction before send.
• Observability — log prompts/responses with retention policy, trace latency and token usage, alert on error spikes.
• Safety layer — content filters, PII detection, blocklists, escalation to humans.
• Governance — model cards, risk classification, approval workflows; organizational frameworks such as ISO/IEC 42001 (AI management systems).

On AWS, teams often combine Generative AI Foundations concepts with services like Bedrock (managed models), SageMaker (custom training/hosting), and standard platform primitives (IAM, CloudWatch, KMS). The Machine Learning Foundations vocabulary—features, labels, train/serve split—still applies to evaluation and classical ML sidecars.

Choosing a strategy (decision guide)

• General Q&A over public knowledge, low risk — prompt a frontier API; monitor cost.
• Answers must cite your documents — RAG + evals; consider smaller embed model + mid-size LLM.
• Strict format or brand voice — fine-tune or constrained decoding; keep golden tests.
• Data cannot leave your network — open weights on private GPUs or cloud private endpoints.
• Structured prediction on tabular logs — classical ML may beat LLMs on cost and explainability.
• Regulated or high-impact decisions — human-in-the-loop, audit trails, ISO 42001-style lifecycle controls.

Responsible use and what “foundations” courses teach

Vendor “foundations” curricula (for example AWS Generative AI Foundations) emphasize shared vocabulary, use-case framing, security boundaries, and responsible AI—not how to train a trillion-parameter model in your garage. That is the right emphasis: most practitioners adapt models, they do not pre-train them.

Organizational responsibility includes consent and copyright for training and RAG corpora, transparency to users when content is AI-generated, accessibility, and labor impact. Technical mitigations without governance policy rarely suffice.

Where the field is heading

• Smaller, capable models — distill and specialize for edge and cost-sensitive paths.
• Longer context and better retrieval — million-token research directions vs practical RAG hybrids.
• Multimodal defaults — voice, image, and document understanding in one product surface.
• Agents with guardrails — more automation, more demand for security and ops maturity.
• Regulation and standards — AI management systems, sector rules, and procurement questionnaires becoming normal.

Foundation models are infrastructure. The teams that win treat them like databases or Kubernetes clusters: versioned, measured, secured, and owned—not magic.

Further reading

• Bommasani et al. — On the Opportunities and Risks of Foundation Models (Stanford CRFM report)
• Vaswani et al. — Attention Is All You Need
• Wei et al. — chain-of-thought and emergent abilities literature (read critically)
• Christopher Manning — NLP and transformer lectures (Stanford CS224N)
• Anthropic, OpenAI, and major cloud provider documentation on RAG, evals, and safety

Blog index · RAG in depth · Generative AI in depth · LLMs in depth · AI historical paradigms · How to become an AI developer · Generative AI Foundations · ML Foundations · ISO 42001

Back to blog list