EAAPL-INT005 — Batch AI Processing

Tags: batch cost-optimisation high-availability medium-complexity Status: Proven | Version: 1.0 | Domain: Integration

1. Executive Summary

Batch AI Processing applies AI inference to large volumes of data through scheduled or event-triggered pipeline jobs. Where real-time stream processing targets sub-second to sub-minute latency, batch processing accepts latency measured in minutes to hours in exchange for dramatically lower cost, higher throughput, and simpler operational management.

The pattern addresses the dominant AI workload pattern in enterprise organisations: nightly document classification runs, weekly risk report generation, periodic customer communication personalisation, large-scale data enrichment for analytics, and compliance screening across historical transaction sets. These workloads do not require immediate inference results — but they do require high reliability, cost efficiency, and auditability at scale.

At enterprise scale, the architectural decisions in batch AI processing have direct financial consequences. A poorly designed batch pipeline processing 10 million documents per night with a $0.002 per-document AI cost carries $20,000 of nightly cost. Through partitioning, spot instances, parallelism tuning, retry design, and output validation, well-designed pipelines achieve the same quality at 40–60% lower cost. For CIOs and CTOs, this pattern provides the operational template to run AI at enterprise scale without the cost spiralling that characterises early AI production deployments.

2. Problem Statement

Business Problem

Enterprises accumulate large volumes of unstructured and semi-structured data — documents, contracts, emails, case notes, customer records, transaction histories — that contain insights unlockable only through AI inference. The volume and cost make real-time processing impractical. But without a structured batch processing architecture, these assets go unprocessed, and the business intelligence they contain is never extracted.

Technical Problem

Ad-hoc scripts calling AI APIs directly at large scale fail in predictable ways: rate limit errors abort jobs mid-run; no retry logic means failed items are silently lost; no partitioning means a single failure affects the entire batch; no cost controls allow runaway spending on a misconfigured job. The absence of an architectural framework for batch AI processing is the root cause of these failures.

Symptoms

• "We ran the script and got rate-limit errors halfway through — we don't know which documents were processed."
• AI processing jobs scheduled for 4 hours regularly overrun to 12+ hours without alerting.
• Job failures are discovered when downstream systems detect missing outputs — not when the job fails.
• AI API costs for a single overnight batch run exceed the monthly infrastructure budget.
• Failed items are discarded; after the job, there is no record of which items failed and why.

Cost of Inaction

• Operational: Manual AI processing of documents that should be automated consumes analyst time at $80–$200/hour rates.
• Financial: Unstructured batch jobs without cost controls routinely generate 3–10× the expected AI API spend.
• Quality: Without output validation and DLQ handling, a silent 15% failure rate in document classification produces downstream analytics on an unrepresentative sample.
• Compliance: Batch AI jobs processing regulated data with no audit trail fail the CPS 230 operational risk management standard.

3. Context

When to Apply

• Latency tolerance is minutes to hours (not seconds).
• Input volume is too large for real-time processing at acceptable cost.
• Processing can be scheduled (nightly, weekly) or triggered by an event (new document batch arrives, periodic data export ready).
• SLA can be expressed as job completion time rather than per-event latency.

When NOT to Apply

• Real-time or near-real-time response is required — use EAAPL-INT004.
• Input volume is small enough for synchronous request/response — use direct API integration.
• Interactive user experience requires AI inference results immediately — batch processing is inherently asynchronous.
• Exact processing sequence matters (e.g., each output depends on the previous output) — batch parallelism assumes independent items.

Prerequisites

• A job scheduling mechanism (cron, event trigger, workflow orchestrator).
• An AI inference provider capable of handling the target batch throughput (or on-premises model serving).
• An output storage system capable of receiving the batch output volume.
• A retry and DLQ infrastructure for failed item handling.

Industry Applicability

4. Architecture Overview

Batch AI Processing is a pipeline architecture with six stages: scheduling, input partitioning, parallel execution, output aggregation, validation, and completion reporting. Each stage is described below with the key architectural decisions required at enterprise scale.

Job Scheduling. Three scheduling patterns are applicable. Cron scheduling runs jobs at fixed times — appropriate for nightly enrichment runs where SLA is defined by business day start. Event-triggered scheduling runs jobs when an input threshold is met (e.g., 10,000 documents arrived in the input bucket triggers the job) — appropriate when input arrives irregularly and processing should begin immediately when sufficient volume justifies the fixed startup cost. Threshold-triggered scheduling runs jobs when a business signal is met (e.g., end-of-month close, regulatory reporting deadline approaching). The scheduler choice drives SLA management: cron-triggered jobs have a fixed start time and calculable completion time; event-triggered jobs have variable start times requiring dynamic SLA tracking.

Input Partitioning. Large input sets must be split into partitions for parallel processing. Partitioning strategies: by document type (PDFs vs. Word vs. emails — enables type-specific AI prompts); by size tier (small documents < 5 pages vs. large documents > 50 pages — enables differently-sized worker resource allocation); by random hash (ensures even load distribution across workers; default choice when no other dimension provides better distribution). Partition skew is a common failure — if document size varies 10× across the input set, a "split into N equal-count partitions" strategy assigns the same number of items but wildly different processing times. Partition strategy must account for heterogeneous input characteristics.

Parallel Batch Execution. Worker fleet sizing: (items in batch / batch duration SLA in seconds) / (per-worker throughput in items/second) = minimum worker count. Add 25% headroom for partition skew. Auto-scaling: start the minimum worker fleet; scale out if consumer lag exceeds threshold or if job is tracking behind the 70% SLA checkpoint. Scale-to-zero after job completion to eliminate idle compute cost. Spot/preemptible instances reduce worker compute cost by 60–80% — handle instance interruption via checkpointing so interrupted partitions are re-queued rather than lost.

Checkpointing. Every worker writes a checkpoint record after completing each item (or each configurable checkpoint interval for large documents): {item_id, partition_id, worker_id, completion_timestamp, output_location}. On worker failure or spot interruption, the unprocessed items in the interrupted partition are re-queued. The checkpoint store enables recovery without reprocessing completed items. Checkpoint data is the source of truth for job progress reporting.

Output Aggregation and Validation. After all workers complete, an aggregation step merges partial outputs and validates completeness. Completeness check: count of items in output vs. count of items in input; any gap triggers investigation. Schema validation: each output item validated against the expected AI result schema; invalid outputs collected for DLQ review. Business rule validation: domain-specific checks on AI outputs (e.g., a risk score must be between 0 and 100; a classification must be from the approved taxonomy) catch AI hallucinations and schema drift before they corrupt downstream systems.

Retry and DLQ. Failed items are collected by workers into a retry queue during execution. After the primary job run, a retry sweep processes the retry queue with exponential backoff. After a configurable maximum retry count (recommend 3), unresolved failures move to the dead letter queue (DLQ). The DLQ record includes: item ID, original item payload, error message, retry count, last attempt timestamp. DLQ items require manual review and remediation — they are not silently discarded. Alert fires on any DLQ entries to prompt investigation.

SLA Management. The job orchestrator tracks progress against the SLA deadline. At 70% of elapsed SLA time, a warning alert fires if job completion projection (based on current throughput) indicates a miss. At 90% of elapsed SLA time, an escalation alert fires and a capacity increase action is triggered automatically. At SLA breach, an incident is created and the downstream consumer is notified of expected delay and partial-completion status.

Cost Controls. Each job executes within a budget envelope: (input item count) × (per-item AI cost estimate) + (worker compute estimate) = job cost estimate. The job orchestrator monitors actual cost against estimate in real time. At 80% of budget, a warning fires. At 100% of budget, the job halts and a manual approval gate is required to continue. This prevents runaway AI API spend from misconfigured jobs.

5. Architecture Diagram

6. Components

7. Data Flow

Primary Flow

Error Flow

8. Security Considerations

Authentication and Authorisation

• Workers authenticate to AI inference API using service account credentials with least-privilege scope (inference only, no model management).
• Workers have read access to input storage and write access to output staging area only — no cross-partition read/write.
• Job orchestrator has orchestration permissions only; cannot read input data or write output data directly.
• DLQ access restricted to AI governance and on-call engineering roles.

Secrets Management

• AI provider API keys stored in centralised secrets manager; workers retrieve at job start via instance metadata or secrets injection; keys never in job configuration files.
• Separate API keys per job type and environment (prod/staging); enables per-job key rotation without affecting other jobs.
• API key rotation schedule: 90 days; automated rotation with grace period for in-flight jobs.

Data Classification

• Input items classified before job submission; job metadata includes maximum data classification level.
• Workers handling PII items must be deployed in the approved data-residency region for that classification.
• AI outputs inherit the classification of their input; output storage bucket classification tags set at job start.

Encryption

• Input storage, checkpoint store, retry queue, and output storage encrypted at rest (AES-256).
• In-transit encryption (TLS 1.3) for all API calls and storage operations.
• DLQ items may contain PII from failed AI processing; DLQ storage encrypted and access-logged.

Auditability

• Every job execution logged: job ID, configuration, item count, start time, completion time, item-level success/failure counts, AI provider cost.
• Every item processed has a corresponding checkpoint record: item ID, worker ID, timestamp, status, output location.
• Failed items in DLQ have full context: original item (or reference), error message, retry history — enabling post-hoc investigation of what was processed and why it failed.

OWASP LLM Top 10 Mitigations

9. Governance Considerations

Responsible AI

• Batch AI outputs that influence bulk decisions (e.g., risk scores applied to a customer cohort) must be reviewed at the cohort level for demographic bias before downstream application.
• Model performance tracking: maintain ground truth for a sample of batch outputs; compute accuracy, precision, recall monthly; alert on degradation.
• Provide a mechanism for affected parties to request review of AI batch outputs that influenced decisions about them.

Model Risk Management

• Batch AI inference models subject to the same Model Risk Management framework as real-time models — purpose statement, methodology, validation, ongoing monitoring.
• Model version tracked in every output record; retrospective performance analysis by model version enabled via output store query.
• Prompt version tracked separately from model version; prompt changes require validation of output quality on sample set before production deployment.

Human Approval Gates

• For high-stakes batch outputs (credit risk narratives applied to collection decisions, medical record coding affecting billing), a sample review by subject matter experts before release to downstream systems.
• Batch outputs with confidence < configurable threshold routed to human review queue rather than automatic downstream delivery.

Policy and Traceability

• Every downstream system receiving batch AI outputs must store the job_id and item_id with each AI output so the specific model version and prompt version that generated the output is retrievable.
• AI output lineage: source document → job_id → model_version → prompt_version → output → downstream_application.

Governance Artefacts

10. Operational Considerations

Monitoring and SLOs

Logging

• Job orchestrator: job start, partition count, worker count, SLA checkpoint warnings, job completion, cost.
• Workers: partition received, item count, AI call count, item-level success/failure, checkpoint writes, errors.
• Aggregation service: completeness check result, validation summary, DLQ referral count.

Incident Response

• SLA breach: incident created automatically at SLA breach time; on-call notified; downstream consumer notified of delay and estimated completion time; investigate: worker scaling, AI provider rate limits, partition skew.
• AI provider outage: retry queue accumulates; if outage exceeds safe retry window, job paused; notifications sent to downstream consumers; resume on provider recovery.
• DLQ accumulation: investigation required before retry — root cause (AI model error, schema mismatch, data quality) must be identified and resolved before DLQ replay.

Disaster Recovery

Capacity Planning

• Worker count: (target throughput items/hour) / (single-worker throughput items/hour) × safety factor 1.25.
• Job duration: (input items) / (total worker throughput items/hour) = expected hours.
• Output storage: (input items) × (average output size per item) × 1.2 overhead factor.
• Checkpoint store: (input items) × (checkpoint record size of ~200 bytes) = storage requirement.

11. Cost Considerations

Cost Drivers

Scaling Risks

• AI API token costs scale directly with batch input size and prompt length. Prompt length optimisation (shorter prompts for large batches) has immediate cost impact.
• Spot instance interruption rate increases during cloud provider capacity constraints; over-reliance on spot instances without on-demand headroom creates SLA risk.
• Retry amplification: a systematic AI model error causing high failure rates triggers retry sweeps that multiply AI API cost — cost monitor budget halt is the safeguard.

Cost Optimisations

• OpenAI Batch API / Anthropic Batch API: dedicated batch endpoints at 50% of real-time API cost; accept up to 24h turnaround — appropriate for overnight runs.
• Spot/preemptible workers: 60–80% compute cost reduction; handle interruption via checkpoint and work queue visibility timeout.
• Prompt caching: some providers (Anthropic, OpenAI) cache long system prompts; structure prompts with invariant content first to maximise cache hit rate.
• Partition size tuning: too-small partitions incur high per-call overhead; too-large partitions reduce parallelism. Optimal partition size is (worker throughput items/min) × 10 minutes.
• Off-peak scheduling: some providers offer lower rates during off-peak hours; overnight batch jobs can take advantage.

Indicative Cost Range

12. Trade-Off Analysis

Architectural Options Comparison

Architectural Tensions

13. Failure Modes

Cascading Failure Scenarios

• High DLQ rate + no monitoring + downstream trust: AI model quality degrades silently → 30% of outputs fail validation → DLQ accumulates → downstream continues receiving 70% of expected outputs → downstream analytics calculations based on biased sample produce incorrect business reports → decisions made on incorrect reports. Mitigation: DLQ rate alert + completeness check on downstream consumption + confidence score distribution monitoring.
• Retry amplification + no cost monitor: Systematic AI error causes 50% item failure → retry sweep triggered → doubles AI API spend → cost monitor (if absent) doesn't halt → second retry doubles again → 4× original cost incurred on a batch that is failing for a systematic reason. Mitigation: cost monitor budget halt is non-optional; investigate root cause before retry sweep.

14. Regulatory Considerations

APRA CPS 230 — Operational Risk

• Clause 36: Batch AI jobs that produce inputs to operational risk reports (credit risk scores, AML screening results) are part of the operational risk management infrastructure; SLA, checkpointing, and retry design directly address continuity requirements.
• Clause 52: Managed batch AI service providers (OpenAI Batch, Anthropic Batch, Amazon Bedrock Batch) are material service providers under CPS 230 third-party risk obligations.

APRA CPS 234 — Information Security

• Clause 15: Encrypted input/output storage, worker network isolation, and per-job API key scoping address the proportional information security control requirement for batch data handling.

Australian Privacy Act 1988

• APP 11 (Security): Batch inputs containing personal data must be destroyed or anonymised after the batch job completes (within configurable retention period); retention of raw PII input beyond the processing need requires justification.
• APP 3 (Collection): Using personal data in batch AI processing must be within the scope of the collection purpose; secondary-purpose bulk AI processing requires assessment.

EU AI Act (2024)

• Article 12 (Record-keeping): Job orchestrator completion report + item-level checkpoint records constitute the logging requirement for high-risk AI batch processing.
• Article 9 (Risk Management): Cost monitor, validation gates, DLQ review process, and sample-based quality monitoring implement the risk management requirements for batch AI systems.

ISO 42001

• Clause 9.1 (Monitoring): Monthly output quality reports, DLQ review logs, and cost reports constitute the performance monitoring evidence required under ISO 42001.

NIST AI RMF (2023)

• MANAGE 2.2: DLQ handling, retry design, and job orchestrator incident integration implement the AI risk treatment procedures required under NIST AI RMF.
• GOVERN 1.3: Job registry and per-job configuration document the organisational context and purpose for each batch AI application — supporting accountability assignment.

15. Reference Implementations

AWS

• Orchestrator: AWS Step Functions (state machine per batch job type) or Amazon MWAA (Managed Airflow)
• Worker Compute: AWS Batch with Spot Fleet integration; or ECS Fargate Spot tasks
• Work Queue: Amazon SQS with visibility timeout for at-least-once processing
• AI Inference: OpenAI Batch API (external) or Amazon Bedrock Batch Inference
• Checkpoint Store: Amazon DynamoDB (per-item conditional writes)
• Input/Output Storage: Amazon S3 with S3 Intelligent-Tiering
• Cost Monitor: AWS Cost Explorer API + custom Lambda monitoring function
• Validation: AWS Glue DataQuality or custom Lambda function

Azure

• Orchestrator: Azure Data Factory (pipeline with activities) or Azure Workflow (Logic Apps)
• Worker Compute: Azure Batch with Low-Priority VM allocation; or Azure Container Apps jobs
• Work Queue: Azure Service Bus Standard tier queues
• AI Inference: Azure OpenAI Batch or external provider
• Checkpoint Store: Azure Cosmos DB (serverless, per-item upsert)
• Input/Output Storage: Azure Data Lake Storage Gen2
• Cost Monitor: Azure Cost Management API + custom Function monitoring
• Validation: Azure Data Factory Data Flow validation

GCP

• Orchestrator: Cloud Composer (Airflow) or Workflows (GCP)
• Worker Compute: Cloud Batch jobs with Spot VM preemptible VMs
• Work Queue: Google Cloud Pub/Sub with ack deadline as visibility timeout
• AI Inference: Vertex AI Batch Prediction or external AI provider
• Checkpoint Store: Cloud Firestore (serverless, per-item conditional write)
• Input/Output Storage: Google Cloud Storage with lifecycle policies
• Cost Monitor: Cloud Billing API + custom Cloud Function monitoring
• Validation: Dataform or dbt on BigQuery

On-Premises / Private Cloud

• Orchestrator: Apache Airflow on Kubernetes (official Helm chart)
• Worker Compute: Kubernetes Jobs with preemption-tolerant pod spec
• Work Queue: Redis with BLPOP / BRPOP patterns; or RabbitMQ
• AI Inference: vLLM or Ollama serving on GPU nodes; or external provider
• Checkpoint Store: PostgreSQL with UPSERT on item_id
• Input/Output Storage: MinIO (S3-compatible) or NFS
• Cost Monitor: Custom Prometheus metric + Alertmanager rule
• Validation: Great Expectations in validation Python task

16. Related Patterns

17. Maturity Assessment

Overall Maturity: Proven

18. Revision History