Sign in Subscribe
platform engineering

The Silent Breaking Change: How Speculative Decoding Shattered Our Multi-Tenant Workflow Branching Logic (And How We Fixed It)

Scott Miller

9 min read
The Silent Breaking Change: How Speculative Decoding Shattered Our Multi-Tenant Workflow Branching Logic (And How We Fixed It)

There was no error message. No stack trace. No alert firing in the on-call rotation. Just a slow, creeping divergence in tenant behavior that took three weeks, two post-mortems, and one very uncomfortable conversation with a foundation model provider to fully understand. This is the story of how our platform engineering team at a mid-sized B2B SaaS company discovered that a silent infrastructure upgrade on our AI provider's side had quietly invalidated one of the most fundamental assumptions baked into our entire multi-tenant workflow engine: that identical inputs would always produce identical outputs.

If you're building production systems on top of third-party foundation model APIs, this case study is required reading. The failure mode we encountered is not exotic. It is, in fact, increasingly common as providers race to optimize inference throughput using speculative decoding architectures. And most teams won't catch it until real tenants are already affected.

Background: What We Built and Why Determinism Mattered

Our platform serves roughly 340 enterprise tenants across industries including legal, financial services, and healthcare operations. The core product is an AI-assisted workflow automation engine. Tenants configure multi-step document processing pipelines, where each step can be either a deterministic rule (regex extraction, schema validation, field mapping) or an AI-assisted inference step powered by a hosted foundation model via API.

The branching logic in our workflow engine works like a decision tree. After each AI step, the output is parsed and classified into one of several branch categories. Those categories determine which downstream steps execute. For example, a contract review pipeline might branch on whether the AI classifies a clause as "standard," "non-standard but acceptable," or "requires legal review." Each branch triggers a completely different execution path, involving different integrations, different human-in-the-loop queues, and different SLA timers.

Because tenants had configured these pipelines over months and tuned them carefully, the implicit contract was this: given the same document, the same prompt template, and the same model version, the branch taken would be the same every time. This assumption was not written down anywhere. It was simply treated as obvious. That was our first mistake.

The Speculative Decoding Problem, Explained Simply

To understand what went wrong, you need a working model of speculative decoding. Traditional autoregressive inference in large language models is sequential: the model generates one token at a time, each token conditioned on all previous tokens. This is accurate but slow, especially at scale.

Speculative decoding is an inference optimization technique where a smaller, faster "draft model" generates a sequence of candidate tokens speculatively. The larger "target model" then verifies those tokens in parallel. Tokens that pass verification are accepted; those that don't are rejected and regenerated from the point of divergence. The net result is significantly higher throughput, often 2x to 4x faster inference, with outputs that are theoretically equivalent in distribution to standard autoregressive decoding.

The critical word there is theoretically.

In practice, speculative decoding introduces subtle sources of non-determinism that do not exist in standard autoregressive inference, even when temperature is set to zero. These include:

  • Draft model version drift: The draft model used for speculation can be updated independently of the target model, changing which candidate token sequences are proposed and accepted.
  • Batch-size-dependent verification: The acceptance or rejection of speculative tokens can vary depending on how many requests are being processed in the same batch, which changes dynamically under load.
  • Floating-point non-determinism across hardware: Parallel verification across different GPU configurations can produce microscopically different logit values, which at the boundary of a greedy selection threshold can flip a token choice.
  • Speculative window length variation: The number of tokens drafted speculatively per step can vary based on system load, introducing different token generation paths even for identical prompts.

Our provider had migrated their inference backend to a speculative decoding architecture in late 2025 as part of a latency reduction initiative. The migration was not announced as a breaking change. From the API surface, nothing changed. Model version strings were identical. Response schemas were identical. Latency actually improved. But the outputs, while semantically similar most of the time, were no longer guaranteed to be token-for-token identical across repeated calls.

How We First Noticed Something Was Wrong

The first signal came from a tenant in the financial services vertical. Their document classification pipeline, which had been running stably for seven months, began routing a small but statistically significant percentage of contracts to the wrong branch. Their operations team noticed because the "requires legal review" queue, which typically received around 12 documents per day, suddenly spiked to over 40. No changes had been made to their pipeline configuration. No new document types had been introduced.

Our initial hypothesis was prompt drift, a known phenomenon where model behavior shifts after a provider updates underlying model weights. We pulled the tenant's prompt template, ran it against our staging environment, and saw consistent outputs. We closed the investigation as inconclusive.

Three days later, a second tenant reported similar anomalies in a healthcare prior authorization workflow. Then a third, in legal document processing. At this point we escalated internally and began a more systematic investigation.

The Debugging Process That Revealed the Real Cause

We built a simple diagnostic harness: take 500 documents that had been processed successfully in the six months prior, re-run them through the current API with identical prompts and parameters (temperature=0, seed values where supported), and compare outputs to the stored historical outputs. The expectation was near-100% match. What we found was a 6.3% divergence rate across the full sample, clustered heavily around outputs that had originally landed near classification boundaries.

This was the key insight. The divergence was not random across all documents. It was concentrated in cases where the model's original output had been close to a classification boundary. A document that had previously generated the output string "This clause is standard and requires no further review" might now generate "This clause appears standard and does not require further review." Semantically equivalent. Functionally different, because our branch classifier used exact string matching and keyword presence logic rather than semantic matching.

We opened a support ticket with our provider. After several escalations over the course of two weeks, we received confirmation: the inference backend had been migrated to a speculative decoding architecture. The provider's position was that this was not a breaking change because the statistical distribution of outputs remained consistent with the original model. Technically, they were correct. Operationally, for our use case, they were not.

The Architectural Assumptions We Had to Unlearn

This incident forced us to confront a set of assumptions that had been silently embedded in our system design for years. Surfacing them was uncomfortable but necessary.

Assumption 1: Temperature=0 Means Deterministic

This is the most widespread misconception in production LLM engineering. Temperature=0 means greedy decoding at the sampling layer. It does not mean deterministic output across all infrastructure configurations. Hardware differences, batching strategies, and now speculative decoding architectures can all introduce token-level variation even at temperature=0. We had documented this assumption nowhere, but it was load-bearing throughout our system.

Assumption 2: Model Version Pinning Guarantees Stability

We were pinning to specific model version identifiers in our API calls. We believed this meant the model weights were frozen and outputs would be stable. What we had not accounted for is that the inference stack surrounding those weights (the draft model, the batching logic, the hardware configuration) is not versioned or exposed through the API surface. The model version string is a partial identifier, not a complete specification of the inference environment.

Assumption 3: Branch Logic Can Be Tightly Coupled to Raw Model Output

Our workflow branching logic was written to parse and classify raw model output strings. This created a brittle coupling between the exact token sequence the model produced and the downstream execution path. Any variation in phrasing, even semantically neutral variation, could trigger a different branch. This was a design flaw that speculative decoding simply made visible. We had been lucky for months that outputs were stable enough to hide it.

What We Rebuilt: The Predictability Layer

Over approximately eight weeks, we redesigned the layer between raw model output and workflow branching logic. The goal was not to eliminate non-determinism at the source (we cannot control the provider's infrastructure) but to absorb and normalize it before it could affect tenant execution paths.

1. Semantic Branch Classification

We replaced all exact-string and keyword-presence branch classifiers with a lightweight semantic classification layer. Rather than checking whether the output contains specific phrases, we now embed the model's output using a small, locally hosted embedding model and compute cosine similarity against a set of canonical branch-representative embeddings defined per tenant per pipeline stage. The branch is assigned based on the closest canonical embedding above a configurable confidence threshold.

This approach is robust to surface-level phrasing variation while remaining sensitive to genuine semantic differences. A document that truly shifts from "standard" to "non-standard" territory will cross a semantic boundary. A document that merely uses different phrasing for the same classification will not.

2. Output Normalization Contracts

For each AI step in a tenant's pipeline, we now define an explicit output normalization contract. This is a lightweight schema that specifies the expected semantic categories, example phrasings for each category, and the classification logic. Tenants configure these contracts through our UI when building pipelines. The contract is versioned independently of the prompt template, so changes to either can be tracked and audited separately.

This also gave us something we had never had before: a formal, queryable definition of what each branch means. Previously, the branch logic was implicit in the code. Now it is explicit, tenant-visible, and testable.

3. Determinism Regression Testing in CI

We introduced a new class of tests in our continuous integration pipeline: determinism regression tests. For each tenant pipeline, we maintain a golden dataset of 50 to 100 documents with known expected branch outcomes. On every deployment, and on a nightly schedule, we run the full pipeline against this golden dataset and assert that branch assignments match the expected outcomes. If the divergence rate exceeds a configurable threshold (we default to 2%), the deployment is blocked and an alert is raised.

This gives us an early warning system for future provider-side changes. When our provider next updates their inference infrastructure, we will know within 24 hours rather than three weeks.

4. Per-Tenant Output Caching with Invalidation Controls

For tenants with the strictest determinism requirements (primarily our financial services and healthcare customers), we implemented a semantic output cache. The first time a document is processed, the normalized branch classification is stored alongside a hash of the document content and the pipeline configuration version. On subsequent runs of the same document through the same pipeline version, the cached classification is returned without a new model call.

Tenants can configure cache invalidation policies: invalidate on pipeline configuration change, on model version change, on a time-to-live basis, or manually. This gives compliance-sensitive tenants a hard guarantee of reproducibility for audit purposes, independent of whatever the underlying model infrastructure does.

5. Provider Infrastructure Change Detection

We built a lightweight canary service that runs a fixed set of probe documents through our provider's API every 15 minutes and tracks output hashes over time. When the hash distribution for any probe document changes, the service raises an internal alert. This is not a user-facing feature; it is operational instrumentation. It is the thing that would have caught the speculative decoding migration in hours rather than weeks if we had built it earlier.

Results After Rebuilding

Six months after completing the rebuild, the results have been clear. Branch misclassification incidents attributable to model output variation have dropped to zero across all tenants. The two tenants who had experienced the most severe disruption (the financial services and healthcare customers) have both renewed their contracts and specifically cited the new determinism guarantees in their renewal discussions.

The semantic classification layer adds approximately 40 milliseconds of latency per AI step, which has been acceptable to all tenants. The output cache eliminates this overhead entirely for repeat documents, and for our highest-volume tenants the cache hit rate is above 70%.

Perhaps most importantly, we now have a formal model of what "deterministic enough" means for each tenant, and the tooling to measure and enforce it. That is a capability we did not have before, and it has already proved useful for onboarding new enterprise tenants who ask detailed questions about reproducibility during the sales process.

Lessons for Platform Teams Building on Foundation Model APIs

If you take nothing else from this case study, take these five principles:

  • Never couple branching logic directly to raw model output strings. Always introduce a semantic normalization layer between model output and downstream logic. The model's exact phrasing is not a stable interface.
  • Temperature=0 is not a determinism guarantee. It is a sampling strategy. Document this distinction explicitly in your architecture decision records and design your system to tolerate output variation even at zero temperature.
  • Model version pinning is necessary but not sufficient. The inference stack surrounding a model version is not fully captured by the version string. Treat provider infrastructure as a source of potential variation and instrument accordingly.
  • Build canary monitoring for provider output drift. A simple probe service that tracks output hashes over time is cheap to build and will catch infrastructure changes far faster than user-reported incidents.
  • Define determinism contracts per tenant, not per system. Different tenants have different tolerances and requirements. A one-size-fits-all approach to determinism will either over-constrain low-sensitivity workflows or under-protect high-sensitivity ones.

Conclusion

The speculative decoding incident was, in retrospect, a gift. It forced us to make explicit a set of assumptions that had always been implicit and fragile. The system we rebuilt is not just more resilient to this specific failure mode; it is more honest about what guarantees it can and cannot make, and more capable of communicating those guarantees to the tenants who depend on them.

As foundation model providers continue to evolve their inference infrastructure in pursuit of throughput and cost efficiency, changes like the speculative decoding migration will become more common, not less. The teams that build durable production systems on top of these APIs will be the ones who treat the model API as an unreliable collaborator rather than a deterministic function, and who design their abstraction layers accordingly.

The silent breaking change will come for your system too. The question is whether you will be ready for it.

Sign up for more like this.

Enter your email
Subscribe