actAVA · KORA Platform
The frontier needs an ecosystem. In healthcare, the harness is how you own it.
In healthcare AI, you can't rent your sovereignty or your safety. Two signals from the frontier this year, Satya Nadella's warning about stable ecosystems and Anthropic's pivot on responsible scaling, carry the same lesson: relying on external models without a proprietary infrastructure layer leaves you exposed to model commoditization and unpredictable safety risk. To keep institutional IP and protect patients, health systems have to own two things. The learning loop, and the harness that contains the model.
Two signals came out of the frontier this year. They sound unrelated. For anyone running AI in healthcare, the message is the same.
First, Satya Nadella, in an essay titled "A frontier without an ecosystem is not stable." His argument: this platform shift is different from the ones before it. We are no longer using digital systems to enhance human work. For the first time, there's a real cognitive loop between people and machines. The models don't just execute what you tell them. They learn from how you work, and that learning can flow back out. What's at stake isn't a tool. It's whether your organization keeps learning, keeps building IP, and keeps differentiating in a world where models can absorb human expertise and commoditize it.
Second, Anthropic. On February 24, 2026, the most safety-branded lab in the industry released version 3.0 of its Responsible Scaling Policy and dropped its signature pledge: the commitment to pause scaling or delay deployment when a model outpaced its own safety measures. The reasoning was competitive. A unilateral pause doesn't help if rivals keep racing. The categorical pause is gone, replaced by a narrower, two-part trigger and public Risk Reports issued after the fact.
Read those two together, and the conclusion writes itself. You can't rent your sovereignty, and you can't rent your safety. Nadella tells you why the first matters. Anthropic shows you why the second is now your problem to solve. The part we'd add: in healthcare, both have to be engineered at the layer you own.
The stable layer is the one you own
Nadella's point is about value. Anthropic's shift is about risk. They land in the same place from two directions.
If your hard-won expertise lives inside one model's prompt, you lose it the day you switch models. If your patient safety depends on a vendor's promise to slow down, you lose it the day that vendor decides the race matters more. In both cases, the asset you thought you owned was on loan.
You can't rent your sovereignty, and you can't rent your safety.
This is the trap most health systems are walking into right now. The fastest way to ship an AI feature is to wire a workflow straight to a frontier model's API. It demos well. It also means your prompts, your fine-tuning, and your accumulated know-how sit on infrastructure you don't control, governed by terms you don't write, running on a model that can change under you with a version bump.
The layer you own is the infrastructure between your workflows and the frontier. At actAVA, that's our KORA platform, and it does both jobs at once. KORA's build and learning layers (BLUE and GREEN) own your learning loop. KORA's safety and compliance harness (RED) contains the model. One gives you sovereignty. The other gives you safety. They run on the same spine.
Owning the learning loop: build and continual learning
Nadella's real point is easy to miss. The opportunity isn't picking the best model. It's building a learning loop on top of models, where human capital and token capital compound. Private evals that measure outcomes your business cares about, not external benchmarks. Reinforcement learning on real traces from inside your walls. A knowledge base that makes institutional memory queryable.
Here's the test he sets, and it's the right one: you should be able to swap out a "generalist" model without losing the "company veteran" expertise built into your system. If switching models means starting over, you never owned the expertise. The vendor did.
KORA is built to pass that test. The model router sits between your workflows and the frontier, so when a better model ships, you point at it and your evals, traces, and knowledge base stay put. Three pieces do the work.
Private evals, scored on outcomes you care about
Generic benchmarks tell you a model is good at the bar exam. They don't tell you whether it cited the right payer policy. Private evals score agents against clinical and operational outcomes: did the prior-auth agent attach the correct medical-necessity criteria, did the intake summary miss a documented contraindication, did the discharge note carry the right follow-up. You measure what matters in your building, and you keep measuring it as models change.
Continual learning on your traces
Agents get stronger on real traces from your operation. The agent handling your appeals in December should be measurably better than the one you deployed in June, and it should have gotten better on your data, not on a public dataset that looks nothing like your population or your payers. That improvement is yours. It doesn't reset when the underlying model does.
A knowledge base that captures judgment
The reason a denial got overturned last year is usually locked in one nurse's head, or buried in a thread nobody can find. The knowledge base turns that into something the system can query. Institutional memory stops walking out the door when someone retires.
What this looks like in one workflow
Take prior authorization. A health system runs it on a frontier model through KORA. Private evals catch that the agent keeps citing an outdated policy version for one payer. Continual learning retrains on corrected traces, and the citation accuracy climbs over the next quarter. The knowledge base now holds the specific language that won three borderline appeals.
Then a stronger model ships. The team repoints the router. The evals, the traces, and the won-appeal language all stay exactly where they are. The new model inherits a system that already knows this system's payers. No restart. That's the difference between owning the expertise and renting it.
Owning the safety perimeter: the compliance harness
Anthropic's policy shift moved the burden of catastrophic-failure prevention from the lab to the implementer. This isn't a criticism of Anthropic. They're saying out loud what the whole field now operates on: relative safety is the realistic bar, because no single lab can hold the line alone. For healthcare, relative safety was never high enough anyway. When PHI and clinical outcomes are on the line, you need a hard perimeter, not a roadmap.
The real threat isn't only hallucination. It's autonomous agency without containment. Give an agent access to an EHR, a research database, or a pharmacy system, and a prompt injection hidden in a messy transcript can try to exfiltrate records or reach somewhere it shouldn't. The model doesn't have to be malicious. It just has to be convinced, once, by text it was never supposed to trust.
KORA's harness closes that gap by moving safety from the probabilistic layer (the model's weights) to the deterministic layer (infrastructure code). You don't hope the model behaves. You build a box it can't get out of.
Isolation by default
Every agent runs inside an isolated OS container on ephemeral compute, under least-privilege access. If a prompt injection breaks the model's internal logic, the agent is still trapped in a sandbox with no reach-back to the underlying system. The blast radius is one container, and that container disappears when the task ends.
Tenant and data isolation
Multi-tenant isolation through database row-level security and customer-managed encryption keys means a failure in one workflow can't bridge to another organization or department. Your data is yours alone, and it never trains a model. That last point matters: the learning loop compounds inside your walls; it doesn't leak out of them.
A gateway you can steer
The LLM gateway abstracts the model itself, so when a specific version gets flagged in a new Risk Report, you route clinical workflows to a safer one through the control plane without rewriting a line of integration code. When a vendor changes its safety posture, you change your routing the same day.
An audit trail that holds up
Every action an agent takes is logged for an immutable, instruction-level audit trail that stands up to HIPAA and SOC 2 review. When compliance asks what the agent did and why, you have the answer at the level of individual instructions, not a vague summary.
The model router and the LLM gateway are the same component.
This is the part worth sitting with. The piece that lets you swap a generalist without losing your company veteran is the same piece that lets you route away from a flagged model the day it's flagged. Sovereignty and safety run through one piece of infrastructure. You don't buy two systems. You build one spine, and it carries both.
But can't a vendor do this for me?
Fair question. The honest answer: a vendor can do parts of it, and that's exactly the problem. If the safety perimeter is the vendor's, it moves when the vendor's incentives move, which is the whole lesson of RSP v3.0. If the learning loop is the vendor's, your accumulated expertise is a feature of their product, not an asset on your balance sheet. On the day you want to leave, you find out who actually owns it.
Owning the layer doesn't mean building frontier models. It means owning the infrastructure between your workflows and whatever frontier model is best this quarter. You still use the best models. You stop being a tenant in the place where your IP and your patient safety live.
Why healthcare has the most to lose
Nadella warns about the first phase of globalization, when entire industrial economies were hollowed out by outsourcing. The GDP numbers looked fine. The displacement was real. He fears that we repeat it with AI: a few models capturing the returns while industries find their knowledge commoditized out from under them.
Healthcare carries both versions of that risk at once. Decades of clinical judgment and payer-specific playbooks that could flow into a handful of general models and flow back as a commodity. And patient safety that, after RSP v3.0, no longer comes with a vendor's promise to hit the brakes. Lose the first, and you're a renter of your own expertise. Lose the second, and you're exposed every time the race heats up.
The alternative is the one both signals point to. Every health system owns the loop that encodes its institutional knowledge, and the perimeter that keeps a powerful, imperfect model contained. The expertise of your best people gets captured and compounded. The model stays in its box. Both stay yours.
The layer that doesn't get commoditized
A frontier without an ecosystem is not stable. A frontier without a perimeter is not safe. In healthcare, the same platform gives you both: the learning loop that compounds your IP, and the harness that contains the model.
That's the layer the frontier can't commoditize, and the one no vendor's policy change can take back.
We'd love to show you what it looks like in production.
See how KORA owns the learning loop and the safety perimeter on the same spine.
Request a demo
