Social
Security, privacy, and abuse prevention

Computing on private data

Both secure multiparty computation and differential privacy protect the privacy of data used in computation, but each has advantages in different contexts.

By Joan FeigenbaumMahnush MovahediParker Newton
June 1, 2023
17 min read
Share

Many of today’s most innovative computation-based products and solutions are fueled by data. Where those data are private, it is essential to protect them and to prevent the release of information about data subjects, owners, or users to the wrong parties. How can we perform useful computations on sensitive data while preserving privacy?

DP.CV.jpeg
Related content
A little public data makes privacy-preserving AI models more accurate
Technique that mixes public and private training data can meet differential-privacy criteria while cutting error increase by 60%-70%.

We will revisit two well-studied approaches to this challenge: secure multiparty computation (MPC) and differential privacy (DP). MPC and DP were invented to address different real-world problems and to achieve different technical goals. However, because they are both aimed at using private information without fully revealing it, they are often confused. To help draw a distinction between the two approaches, we will discuss the power and limitations of both and give typical scenarios in which each can be highly effective.

We are interested in scenarios in which multiple individuals (sometimes, society as a whole) can derive substantial utility from a computation on private data but, in order to preserve privacy, cannot simply share all of their data with each other or with an external party.

Secure multiparty computation

MPC methods allow a group of parties to collectively perform a computation that involves all of their private data while revealing only the result of the computation. More formally, an MPC protocol enables n parties, each of whom possesses a private dataset, to compute a function of the union of their datasets in such a way that the only information revealed by the computation is the output of the function. Common situations in which MPC can be used to protect private interests include

  • auctions: the winning bid amount should be made public, but no information about the losing bids should be revealed;
  • voting: the number of votes cast for each option should be made public but not the vote cast by any one individual;
  • machine learning inference: secure two-party computation enables a client to submit a query to a server that holds a proprietary model and receive a response, keeping the query private from the server and the model private from the client.
Diagram of a circuit with a multiplicative depth of two
Related content
Building machine learning models with encrypted data
New approach to homomorphic encryption speeds up the training of encrypted machine learning models sixfold.

Note that the number n of participants can be quite small (e.g., two in the case of machine learning inference), moderate in size, or very large; the latter two size ranges both occur naturally in auctions and votes. Similarly, the participants may be known to each other (as they would be, for example, in a departmental faculty vote) or not (as, for example, in an online auction). MPC protocols mathematically guarantee the secrecy of input values but do not attempt to hide the identities of the participants; if anonymous participation is desired, it can be achieved by combining MPC with an anonymous-communication protocol.

Although MPC may seem like magic, it is implementable and even practical using cryptographic and distributed-computing techniques. For example, suppose that Alice, Bob, Carlos, and David are four engineers who want to compare their annual raises. Alice selects four random numbers that sum to her raise. She keeps one number to herself and gives each of the other three to one of the other engineers. Bob, Carlos, and David do the same with their own raises.

Secure multiparty computation
Four engineers wish to compute their average raise, without revealing any one engineer's raise to the others. Each selects four numbers that sum to his or her raise and sends three of them to the other engineers. Each engineer then sums his or her four numbers — one private number and three received from the others. The sum of all four engineers' sums equals the sum of all four raises.

After everyone has distributed the random numbers, each engineer adds up the numbers he or she is holding and sends the sum to the others. Each engineer adds up these four sums privately (i.e., on his or her local machine) and divides by four to get the average raise. Now they can all compare their raises to the team average.

Amount

Alice’s share

Bob’s share

Carlos’s share

David’s share

Sum of sums

Alice’s raise

3800

-1000

2500

900

1400


Bob’s raise

2514

700

400

650

764


Carlos’s raise

2982

750

-100

832

1500


David’s raise

3390

1500

900

-3000

3990


Sum

12686

1950

3700

-618

7654

12686

Average

3171.5





3171.5

Note that, because Alice (like Bob, Carlos, and David) kept part of her raise private (the bold numbers), no one else learned her actual raise. When she summed the numbers she was holding, the sum didn’t correspond to anyone’s raise. In fact, Bob’s sum was negative, because all that matters is that the four chosen numbers add up to the raise; the sign and magnitude of these four numbers are irrelevant.

Summing all of the engineers’ sums results in the same value as summing the raises directly, namely $12,686. If all of the engineers follow this protocol faithfully, dividing this value by four yields the team average raise of $3,171.50, which allows each person to compare his or her raise against the team average (locally and hence privately) without revealing any salary information.

A highly readable introduction to MPC that emphasizes practical protocols, some of which have been deployed in real-world scenarios, can be found in a monograph by Evans, Kolesnikov, and Rosulek. Examples of real-world applications that have been deployed include analysis of gender-based wage gaps in Boston-area companies, aggregate adoption of cybersecurity measures, and Covid exposure notification. Readers may also wish to read our previous blog post on this and related topics.

Differential privacy

Differential privacy (DP) is a body of statistical and algorithmic techniques for releasing an aggregate function of a dataset without revealing the mapping between data contributors and data items. As in MPC, we have n parties, each of whom possesses a data item. Either the parties themselves or, more often, an external agent wishes to compute an aggregate function of the parties’ input data.

Calibrated noise addition.gif
Related content
Amazon wins best-paper award for protecting privacy of training data
Calibrating noise addition to word density in the embedding space improves utility of privacy-protected text.

If this computation is performed in a differentially private manner, then no information that could be inferred from the output about the ith input, xi, can be associated with the individual party Pi. Typically, the number n of participants is very large, the participants are not known to each other, and the goal is to compute a statistical property of the set {x1, …, xn} while protecting the privacy of individual data contributors {P1, …, Pn}.

In slightly more detail, we say that a randomized algorithm M preserves differential privacy with respect to an aggregation function f if it satisfies two properties. First, for every set of input values, the output of M closely approximates the value of f. Second, for every distinct pair (xi, xi') of possible values for the ith individual input, the distribution of M(x1, …, xi,…, xn) is approximately equivalent to the distribution of M(x1, …, xi′, …, xn). The maximum “distance” between the two distributions is characterized by a parameter, ϵ, called the privacy parameter, and M is called an ϵ-differentially private algorithm.

Note that the output of a differentially private algorithm is a random variable drawn from a distribution on the range of the function f. That is because DP computation requires randomization; in particular, it works by “adding noise.” All known DP techniques introduce a salient trade-off between the privacy parameter and the utility of the output of the computation. Smaller values of ϵ produce better privacy guarantees, but they require more noise and hence produce less-accurate outputs; larger values of ϵ yield worse privacy bounds, but they require less noise and hence deliver better accuracy.

For example, consider a poll, the goal of which is to predict who is going to win an election. The pollster and respondents are willing to sacrifice some accuracy in order to improve privacy. Suppose respondents P1, …, Pn have predictions x1, …, xn, respectively, where each xi is either 0 or 1. The poll is supposed to output a good estimate of p, which we use to denote the fraction of the parties who predict 1. The DP framework allows us to compute an accurate estimate and simultaneously to preserve each respondent’s “plausible deniability” about his or her true prediction by requiring each respondent to add noise before sending a response to the pollster.

PATE for ASR framework.png
Related content
Better differential privacy for end-to-end speech recognition
Private aggregation of teacher ensembles (PATE) leads to word error rate reductions of more than 26% relative to standard differential-privacy techniques.

We now provide a few more details of the polling example. Consider the algorithm m that takes as input a bit xi and flips a fair coin. If the coin comes up tails, then m outputs xi; otherwise m flips another fair coin and outputs 1 if heads and 0 if tails. This m is known as the randomized response mechanism; when the pollster asks Pi for a prediction, Pi responds with m(xi). Simple statistical calculation shows that, in the set of answers that the pollster receives from the respondents, the expected fraction that are 1’s is

Pr[First coin is tails] ⋅ p + Pr[First coin is heads] ⋅ Pr[Second coin is heads] = p/2 + 1/4.

Thus, the expected number of 1’s received is n(p/2 + 1/4). Let N = m(x1) + ⋅⋅⋅ + m(xn) denote the actual number of 1’s received; we approximate p by M(x1, …, xn) = 2N/n − 1/2. In fact, this approximation algorithm, M, is differentially private. Accuracy follows from the statistical calculation, and privacy follows from the “plausible deniability” provided by the fact that M outputs 1 with probability at least 1/4 regardless of the value of xi.

Differential privacy has dominated the study of privacy-preserving statistical computation since it was introduced in 2006 and is widely regarded as a fundamental breakthrough in both theory and practice. An excellent overview of algorithmic techniques in DP can be found in a monograph by Dwork and Roth. DP has been applied in many real-world applications, most notably the 2020 US Census.

The power and limitations of MPC and DP

We now review some of the strengths and weaknesses of these two approaches and highlight some key differences between them.

Secure multiparty computation

MPC has been extensively studied for more than 40 years, and there are powerful, general results showing that it can be done for all functions f using a variety of cryptographic and coding-theoretic techniques, system models, and adversary models.

Despite the existence of fully general, secure protocols, MPC has seen limited real-world deployment. One obstacle is protocol complexity — particularly the communication complexity of the most powerful, general solutions. Much current work on MPC addresses this issue.

A model consisting of two decision trees, one that imposes an age criterion and one that imposes a height criterion.
Related content
Machine learning models that act on encrypted data
A privacy-preserving version of the popular XGBoost machine learning algorithm would let customers feel even more secure about uploading sensitive data to the cloud.

More-fundamental questions that must be answered before MPC can be applied in a given scenario include the nature of the function f being computed and the information environment in which the computation is taking place. In order to explain this point, we first note that the set of participants in the MPC computation is not necessarily the same as the set of parties that receive the result of the computation. The two sets may be identical, one may be a proper subset of the other, they may have some (but not all) elements in common, or they may be entirely disjoint.

Although a secure MPC protocol (provably!) reveals nothing to the recipients about the private inputs except what can be inferred from the result, even that may be too much. For example, if the result is the number of votes for and votes against a proposition in a referendum, and the referendum passes unanimously, then the recipients learn exactly how each participant voted. The referendum authority can avoid revealing private information by using a different f, e.g., one that is “YES” if the number of votes for the proposition is at least half the number of participants and “NO” if it is less than half.

This simple example demonstrates a pervasive trade-off in privacy-preserving computation: participants can compute a function that is more informative if they are willing to reveal private information to the recipients in edge cases; they can achieve more privacy in edge cases if they are willing to compute a less informative function.

In addition to specifying the function f carefully, users of MPC must evaluate the information environment in which MPC is to be deployed and, in particular, must avoid the catastrophic loss of privacy that can occur when the recipients combine the result of the computation with auxiliary information. For example, consider the scenario in which the participants are all of the companies in a given commercial sector and metropolitan area, and they wish to use MPC to compute the total dollar loss that they (collectively) experienced in a given year that was attributable to data breaches; in this example, the recipients of the result are the companies themselves.

Classification and regression trees (CART)
Related content
Privacy challenges in extreme gradient boosting
Scientists describe the use of privacy-preserving machine learning to address privacy challenges in XGBoost training and prediction.

Suppose further that, during that year, one of the companies suffered a severe breach that was covered in the local media, which identified the company by name and reported an approximate dollar figure for the loss that the company suffered as a result of the breach. If that approximate figure is very close to the total loss imposed by data breaches on all the companies that year, then the participants can conclude that all but one of them were barely affected by data breaches that year.

Note that this potentially sensitive information is not leaked by the MPC protocol, which reveals nothing but the aggregate amount lost (i.e., the value of the function f). Rather, it is inferred by combining the result of the computation with information that was already available to the participants before the computation was done. The same risk that input privacy will be destroyed when results are combined with auxiliary information is posed by any computational method that reveals the exact value of the function f.

Differential privacy

The DP framework provides some elegant, simple mechanisms that can be applied to any function f whose output is a vector of real numbers. Essentially, one can independently perturb or “noise up” each component of f(x) by an appropriately defined random value. The amount of noise that must be added in order to hide the contribution (or, indeed, the participation) of any single data subject is determined by the privacy parameter and the maximum amount by which a single input can change the output of f. We explain one such mechanism in slightly more mathematical detail in the following paragraph.

One can apply the Laplace mechanism with privacy parameter ϵ to a function f, whose outputs are k-tuples of real numbers, by returning the value f(x1, …, xn) + (Y1, …, Yk) on input (x1, …, xn), where the Yi are independent random variables drawn from the Laplace distribution with parameter Δ(f)/ϵ. Here Δ(f) denotes the 1sensitivity of the function f, which captures the magnitude by which a single individual’s data can change the output of f in the worst case. The technical definition of the Laplace distribution is beyond the scope of this article, but for our purposes, its important property is that the Yi can be sampled efficiently.

Federated Learning Animation.gif
Related content
Advances in trustworthy machine learning at Alexa AI
The team’s latest research on privacy-preserving machine learning, federated learning, and bias mitigation.

Crucially, DP protects data contributors against privacy loss caused by post-processing computational results or by combining results with auxiliary information. The scenario in which privacy loss occurred when the output of an MPC protocol was combined with information from an existing news story could not occur in a DP application; moreover, no harm could be done by combining the result of a DP computation with auxiliary information in a future news story.

DP techniques also benefit from powerful composition theorems that allow separate differentially private algorithms to be combined in one application. In particular, the independent use of an ϵ1-differentially private algorithm and an ϵ2-differentially private algorithm, when taken together, is (ϵ1 + ϵ2)-differentially private.

One limitation on the applicability of DP is the need to add noise — something that may not be tolerable in some application scenarios. More fundamentally, the ℓ1 sensitivity of a function f, which yields an upper bound on the amount of noise that must be added to the output in order to achieve a given privacy parameter ϵ, also yields a lower bound. If the output of f is strongly influenced by the presence of a single outlier in the input, then it is impossible to achieve strong privacy and high accuracy simultaneously.

For example, consider the simple case in which f is the sum of all of the private inputs, and each input is an arbitrary positive integer. It is easy to see that the ℓ1 sensitivity is unbounded in this case; to hide the contribution or the participation of an individual whose data item strongly dominates those of all other individuals would require enough noise to render the output meaningless. If one can restrict all of the private inputs to a small interval [a,b], however, then the Laplace mechanism can provide meaningful privacy and accuracy.

DP was originally designed to compute statistical aggregates while preserving the privacy of individual data subjects; in particular, it was designed with real-valued functions in mind. Since then, researchers have developed DP techniques for non-numerical computations. For example, the exponential mechanism can be used to solve selection problems, in which both input and output are of arbitrary type.

SPHINCS+ procedure.jpg
Related content
Preparing today for a post-quantum cryptographic future
Amazon is helping develop standards for post-quantum cryptography and deploying promising technologies for customers to experiment with.

In specifying a selection problem, one must define a scoring function that maps input-output pairs to real numbers. For each input x, a solution y is better than a solution y′ if the score of (x,y) is greater than that of (x,y′). The exponential mechanism generally works well (i.e., achieves good privacy and good accuracy simultaneously) for selection problems (e.g., approval voting) that can be defined by scoring functions of low sensitivity but not for those (e.g., set intersection) in which the scoring function must have high sensitivity. In fact, there is no differentially private algorithm that works well for set intersection; by contrast, MPC for set intersection is a mature and practical technology that has seen real-world deployment.

Conclusion

In conclusion, both secure multiparty computation and differential privacy can be used to perform computations on sensitive data while preserving the privacy of those data. Important differences between the bodies of technique include

  • The nature of the privacy guarantee: Use of MPC to compute a function y = f(x1, x2, ..., xn) guarantees that the recipients of the result learn the output y and nothing more. For example, if there are exactly two input vectors that are mapped to y by f, the recipients of the output y gain no information about which of two was the actual input to the MPC computation, regardless of the number of components in which these two input vectors differ or the magnitude of the differences. On the other hand, for any third input vector that does not map to y, the recipient learns with certainty that the real input to the MPC computation was not this third vector, even if it differs from one of the first two in only one component and only by a very small amount. By contrast, computing f with a DP algorithm guarantees that, for any two input vectors that differ in only one component, the (randomized!) results of the computation are approximately indistinguishable, regardless of whether the exact values of f on these two input vectors are equal, nearly equal, or extremely different. Straightforward use of composition yields a privacy guarantee for inputs that differ in c components at the expense of increasing the privacy parameter by a factor of c.
  • Typical use cases: DP techniques are most often used to compute aggregate properties of very large datasets, and typically, the identities of data contributors are not known. None of these conditions is typical of MPC use cases.
  • Exact vs. noisy answers: MPC can be used to compute exact answers for all functions f. DP requires the addition of noise. This is not a problem in many statistical computations, but even small amounts of noise may not be acceptable in some application scenarios. Moreover, if f is extremely sensitive to outliers in the input data, the amount of noise needed to achieve meaningful privacy may preclude meaningful accuracy.
  • Auxiliary information: Combining the result of a DP computation with auxiliary information cannot result in privacy loss. By contrast, any computational method (including MPC) that returns the exact value y of a function f runs the risk that a recipient of y might be able to infer something about the input data that is not implied by y alone, if y is combined with auxiliary information.

Finally, we would like to point out that, in some applications, it is possible to get the benefits of both MPC and DP. If the goal is to compute f, and g is a differentially private approximation of f that achieves good privacy and accuracy simultaneously, then one natural way to proceed is to use MPC to compute g. We expect to see both MPC and DP used to enhance data privacy in Amazon’s products and services.

Research areas
Tags
About the Author
Joan Feigenbaum
Joan Feigenbaum is an Amazon Scholar and the Grace Murray Hopper professor of computer science at Yale University.
Mahnush Movahedi
Mahnush Movahedi is an applied scientist in Amazon Web Services' cryptography group.
Parker Newton
Parker Newton is an applied scientist in Amazon Web Services' cryptography group.

Related content

Work with us

See more jobs See more jobs
Research Scientist II, WW Sustainability
US, WA, Seattle
Join us at the forefront of Amazon's sustainability initiatives to work on environmental and social advancements that support Amazon's long-term worldwide sustainability strategy. At Amazon, we're working to be the most customer-centric company on earth. To get there, we need exceptionally talented, bright, and driven people who are passionate about making a meaningful impact on communities and the environment while helping shape the future of sustainable business practices. Sustainability Science and Innovation (SSI) is a multi-disciplinary team within WW Sustainability combining science, analytics, economics, statistics, machine learning, product development, and engineering expertise. We use data across the sustainability imperatives (carbon, water, waste, biodiversity, environmental risk and more) and these skills and capabilities to identify, develop, experiment, and scale the scientific solutions and innovations necessary for Amazon, customers and partners to help them solve their hardest unmet and evolving sustainability needs and goals. The Worldwide Sustainability (WWS) organization is seeking an exceptional scientific leader to join Amazon's Sustainability Science and Innovation team as a Researcher Scientist for Materials Chemistry Innovation. This role focuses on hands-on experimental research in materials chemistry to accelerate the discovery and validation of sustainable materials through systematic synthesis, characterization, and performance testing. You will lead the design and execution of experimental research campaigns targeting catalysts, functional materials, and sustainability-relevant chemistries across multivariate parameter spaces. You will establish scientific strategy and technical roadmaps for materials discovery while leading research initiatives that tackle complex sustainability challenges in critical industrial sectors. This position requires driving breakthrough solutions in materials synthesis and characterization through internal capabilities and strategic partnerships with universities, industry scientists, and government laboratories. You will mentor junior scientists and engineers while collaborating across Amazon's Innovation Lab Network to translate research into scalable solutions. Your leadership will be essential in developing early-stage, cost-effective materials that address significant technical and economic challenges fundamental to Amazon's operations, requiring you to navigate complex trade-offs between immediate deliverables and long-term environmental impact. You will also shape how emerging automation and AI tools are applied to accelerate materials discovery workflows. The ideal candidate demonstrates extensive experience in materials synthesis, advanced characterization techniques, and systematic experimental design for performance validations. You must possess proven ability to lead cross-functional teams, establish research priorities, and drive scientific innovation from concept to implementation. Deep technical expertise in materials testing methods, combined with strategic vision for translating research into practical applications is essential. Experience with high-throughput and combinatorial experimental approaches to efficiently explore large design spaces is highly valued. Your work will establish new paradigms in sustainable materials discovery through rigorous experimental research and performance testing, directly contributing to Amazon's sustainability goals while creating scalable solutions that extend beyond the company's immediate operations. Key job responsibilities - Develop scientific models that help solve complex and ambiguous sustainability problems, and extract strategic learnings from large datasets. - Work closely with applied scientists and software engineers to implement your scientific models. - Support early-stage strategic sustainability initiatives and effectively learn from, collaborate with, and influence stakeholders to scale-up high-value initiatives. - Support research and development of cross-cutting technologies for industrial decarbonization, including building the data foundation and analytics for new AI models. - Drive innovation in key focus areas including packaging materials, building materials, and alternative fuels. About the team Diverse Experiences: World Wide Sustainability (WWS) values diverse experiences. Even if you do not meet all of the qualifications and skills listed in the job description, we encourage candidates to apply. If your career is just starting, hasn’t followed a traditional path, or includes alternative experiences, don’t let it stop you from applying. Inclusive Team Culture: It’s in our nature to learn and be curious. Our employee-led affinity groups foster a culture of inclusion that empower us to be proud of our differences. Ongoing events and learning experiences, including our Conversations on Race and Ethnicity (CORE) and AmazeCon conferences, inspire us to never stop embracing our uniqueness. Mentorship & Career Growth: We’re continuously raising our performance bar as we strive to become Earth’s Best Employer. That’s why you’ll find endless knowledge-sharing, mentorship and other career-advancing resources here to help you develop into a better-rounded professional.
Zappos Data Scientist II, Zappos/Shopbop Catalog Engineering
US, WI, Madison
As a Data Scientist on the Shopbop/Zappos Catalog Tech team, you will design and implement scientific approaches to revolutionize how we manage and enhance our product catalog data for our world-class selection of Shoes, Kids, and Active wear. You will work with Zappos' Senior leadership team to solve complex data challenges through advanced analytics and machine learning - creating innovative solutions and influencing product decisions through data-driven insights. You will lead critical initiatives to reduce catalog errors, accelerate product data capture, and develop state-of-the-art image classification systems for fashion features. You will partner daily with engineering teams and business stakeholders to provide expert guidance on model selection and implementation. As a member of the Zappos technical staff, you will leverage machine learning technologies and have access to industry leaders in AI/ML and E-Commerce to help grow your expertise. You will also routinely collaborate with data science teams across our sister companies at Amazon.com and Shopbop.com. You will push the boundaries of what's possible with applied machine learning and bring innovative solutions to bear for customers (including computer vision, NLP, and advanced ML models). You will think big about how data science can transform our catalog operations and be persistent in delivering robust, scalable solutions. Key job responsibilities Design and implement machine learning approaches to improve catalog data quality. Develop and validate scientific methodologies for automated data capture and classification. Partner with engineering teams to integrate ML models into production systems. Create and present analysis that drives decision-making at the senior leadership level. A day in the life You start the day reviewing model performance metrics, noting some drift in the image classification system that needs investigation. You spend the morning developing a new approach to reduce product attribute errors using recent advances in LLMs. In the afternoon, you meet with engineering teams to advise on model architecture for a new feature, and wrap up by analyzing the results of your latest A/B test on data capture efficiency improvements. About the team Zappos/Shopbop Catalog Tech team owns the software that drives our photostudio, product cataloging, and integration to Amazon's marketplace. We use Amazon's Leadership Principals and Engineering Expertise but have our own fun vibe. We are located in Madison WI, and Las Vegas NV.
Applied Scientist I, Sponsored Products and Brands Agent
US, NY, New York
The Sponsored Products and Brands team at Amazon Ads is re-imagining the advertising landscape through generative AI technologies, revolutionizing how millions of customers discover products and engage with brands across Amazon.com and beyond. We are at the forefront of re-inventing advertising experiences, bridging human creativity with artificial intelligence to transform every aspect of the advertising lifecycle from ad creation and optimization to performance analysis and customer insights. We are a passionate group of innovators dedicated to developing responsible and intelligent AI technologies that balance the needs of advertisers, enhance the shopping experience, and strengthen the marketplace. If you're energized by solving complex challenges and pushing the boundaries of what's possible with AI, join us in shaping the future of advertising. About the team SPB Agent team's vision is to build a highly personalized and context-aware agentic advertiser guidance system that seamlessly integrates Large Language Models (LLMs) with sophisticated tooling, operating across all experiences. The SPB-Agent is the central agent that interfaces with advertisers across Ads Console, Selling Partner portals (Seller Central, KDP, Vendor Central), and internal Sales systems. We identify high-impact opportunities spanning from strategic product guidance to granular optimization and deliver them through personalized, scalable experiences grounded in state-of-the-art agent architectures, reasoning frameworks, sophisticated tool integration, and model customization approaches including fine-tuning, MCP, and preference optimization. This presents an exceptional opportunity to shape the future of e-commerce advertising through advanced AI technology at unprecedented scale, creating solutions that directly impact millions of advertisers.
Applied Scientist, Prime Video Commerce Insights
GB, London
Come build the future of entertainment with us. Are you interested in shaping the future of movies and television? Do you want to define the next generation of how and what Amazon customers are watching? Prime Video is a premium streaming service that offers customers a vast collection of TV shows and movies — all with the ease of finding what they love to watch in one place. We offer customers thousands of popular movies and TV shows from Originals and Exclusive content to exciting live sports events. We also offer our members the opportunity to subscribe to add-on channels which they can cancel at anytime and to rent or buy new release movies and TV box sets on the Prime Video Store. Prime Video is a fast-paced, growth business — available in over 240 countries and territories worldwide. The team works in a dynamic environment where innovating on behalf of our customers is at the heart of everything we do. If this sounds exciting to you, please read on. Prime Video Commerce's mission is to present the right offer to the right customer at the right time — across subscriptions, channels, and transactional video in every market and on every device. Our science team replaces static business rules with ML-driven decisions that personalise the entire commerce journey, from discovery through to checkout and beyond. We operate at scale across hundreds of millions of customers, and we are now expanding into new frontiers — combining the latest advances in agentic and generative AI, behavioural simulation, and causal inference to understand the impact of our decisions before they reach customers. We are looking for an Applied Scientist to join the Prime Video Commerce Insights team who will work on the latest research and machine learning to build scalable personalisation solutions. You will develop and deploy customer-facing models, understand customer behaviour at scale, and explore emerging techniques that help us make better decisions faster. This is a hands-on role working with a high performing and high visibility multidisciplinary group of engineers and scientists in the London office, focused on improving the customer experience for Prime Video and the wider Amazon organization. You will contribute to the design of machine learning models that scale to large quantities of data and serve low-latency recommendations to all customers worldwide. You will embody scientific rigor in designing and executing experiments to demonstrate the technical efficacy and business value of your methods. You will work alongside a science and engineering team that embodies the customer obsession principle by developing recommendation and decision systems that raise the profile of Prime Video Commerce as a global leader in machine learning and personalisation. Successful candidates will have strong technical ability, a focus on customers by applying a customer-first approach, and excellent teamwork and communication skills. The position offers exceptional opportunities for every candidate to grow their technical and non-technical skills. Key job responsibilities - Research, design, and implement recommendation systems that personalise across different customer experience touch points. - Collaborate with engineers to deploy and integrate successful model experiment results into large-scale, complex Amazon production systems with low latency. - Provide machine learning thought leadership to both technical and business leaders, with the ability to think strategically about business, product, and technical challenges. - Be a subject matter expert in reinforcement learning approaches for the team and actively contribute to the science roadmap - Define the science roadmap and research agenda that aligns with the organisation's priorities and production constraints. - Work with technical product managers to work backwards from what's important to customers and deliver machine-backed solutions. - Report and share results with the team and wider scientific community by authoring documents that are both statistically rigorous and compellingly relevant, exemplifying good scientific practice in a business environment. A day in the life You will be both a research leader and a hands-on innovator within the Commerce Insights organisation. You'll collaborate with talented engineers and senior leaders to solve problems that are uniquely challenging at Amazon's scale: personalising commerce decisions across multiple business lines balancing competing objectives across offerings, and positively impacting hundreds of millions of customers worldwide. The problems here are technically deep — combining large-scale ML, causal reasoning, and behavioural modelling in a domain where every decision carries real revenue and customer experience consequences. Your research will ship to production and move metrics that matter. About the team You will join a team of great team of engineers and applied scientists with a proven track record of solving highly complex, ambiguous problems — work that has produced patents and publications at top-tier conferences. The team has direct visibility to senior Prime Video leadership, and collaborates broadly across Commerce, Content, and Platform teams to shape how customers discover, subscribe to, and engage with video content. This is a team that operates at the intersection of rigorous research and real-world impact, where your ideas move from whiteboard to production for hundreds of millions of customers.
Data Science Manager, Customer Experience and Business Trends
US, WA, Seattle
Amazon's Customer Experience and Business Trends (CXBT) is seeking a Data Science Manager to lead a team of scientists and engineers within Benchmarking Economics Analytics and Measurement (BEAM). BEAM is a central analytics and science function that drives Amazon's quantification of CX improvement opportunities through comparative benchmarks, partnering with stakeholders across CXBT, business domain teams, Finance, SCOT, and other centralized science teams. This is a hands-on leadership role for a manager who can set technical direction, build durable data products, and grow people. You will own the strategy and roadmap for a portfolio of analytics products, working backward from leadership and stakeholder needs to deliver insights that inform decisions at the speed of business. Key job responsibilities - Build a holistic metrics and trend-detection product. Lead the team to design and operationalize an always-on framework of indicators that surfaces emerging business trends reliably enough to brief senior leaders. - Partner with cross-org stakeholders to drive product adoption and impact. Work directly with internal customers and partner teams to ensure our products are tightly aligned with business use cases, translate ambiguous problems into well-scoped analytics solutions, and drive adoption so that insights translate into decisions and measurable business impact. - Manage, mentor, and grow the team. Hire, develop, and retain a high-performing team of scientists and engineers. Set clear expectations, give actionable feedback, create stretch opportunities, and build the bench strength needed to scale the team's scope over time. - Lead the transformation from traditional analytics to a GenAI-native operating model. Shape and execute the team's technical strategy to evolve from manual, study-based analytics toward GenAI-enabled products and workflows — accelerating insight generation, improving self-serve access for stakeholders, and freeing capacity for deeper scientific investment.
Senior Applied Scientist, Applied AI Solutions GTM
US, TX, Dallas
Amazon Web Services (AWS) Applied AI Solutions (AAIS) is on a mission to make AI real for enterprises. We build and deploy production AI solutions that drive measurable business outcomes at scale, bringing together applied scientists, AI architects, business development professionals, and GTM specialists to help customers move from AI experimentation to production impact. Within AAIS, the GTM Acceleration team activates the field, measures impact, and scales what works. We are the connective tissue between AAIS product and science teams and the worldwide field organization, ensuring our AI solutions reach customers effectively, that we quantify the value we deliver, and that we build repeatable motions that scale globally. We are looking for an Applied Scientist who will serve as a force multiplier across our customer engagement teams, building the analytical foundations, predictive models, and reusable tooling that power our go-to-market strategy. You will work at the intersection of data science, machine learning, and business strategy, building models that quantify our value proposition, and creating scalable analytical assets that accelerate every engagement. This is a highly visible, high-impact role where your work directly influences how we demonstrate and measure the value of AWS AI solutions for enterprise customers. You will operate with significant autonomy, owning the scientific direction of your projects while collaborating with software engineers, product managers, and business stakeholders. You will identify the right methodology for each problem, whether that is a classical statistical approach, a modern deep learning technique, or a novel combination, and communicate your findings clearly to both technical and non-technical audiences. This role spans Connect Customer initiatives and across the Applied AI solution portfolio, offering the opportunity to pioneer data science approaches that scale intelligent analytics worldwide. If you thrive at the intersection of rigorous science and customer-facing impact and are energized by translating complex model outputs into business decisions, we want to talk to you. Key job responsibilities Design, develop, and deploy statistical models and machine learning pipelines to drive product improvements, business decisions, and customer outcomes Work directly with customers during production pilots to build and deploy AI solutions that demonstrate measurable business value Design and execute A/B experiments and causal inference analyses to measure the impact of new features and model changes Build ROI models, business case tools, and forecasting systems for demand prediction, capacity planning, workforce optimization, and value quantification Apply NLP and generative AI techniques to extract insights from structured and unstructured data at scale, and partner with software engineers to productionize models with reliability, monitoring, and operational excellence Build and own customer analytics capabilities including segmentation (by size tier, AI adoption, product penetration, entitlement), usage trend analysis, propensity modeling, and foundational datasets combining service usage with sales data Create self-service analytics platforms and automated insight delivery mechanisms that enable leadership to pull strategic intelligence on demand Enable field teams with reusable analytical assets, diagnostic notebooks, benchmarking studies, and scalable tooling that accelerate customer engagements Own success metrics and create mechanisms to measure model performance, adoption, and business impact across customer cohorts Define strategic frameworks and GTM recommendations by segment, translating data patterns and market signals into actionable go-to-market motions and investment priorities Communicate findings and technical trade-offs to senior leadership and customer executives through written documents (6-pagers, science reviews) and presentations, operating as a shared resource across 2-3 teams simultaneously About the team Diverse Experiences AWS values diverse experiences. Even if you do not meet all of the preferred qualifications and skills listed in the job description, we encourage candidates to apply. If your career is just starting, hasn’t followed a traditional path, or includes alternative experiences, don’t let it stop you from applying. Why AWS? Amazon Web Services (AWS) is the world’s most comprehensive and broadly adopted cloud platform. We pioneered cloud computing and never stopped innovating — that’s why customers from the most successful startups to Global 500 companies trust our robust suite of products and services to power their businesses. Inclusive Team Culture AWS values curiosity and connection. Our employee-led and company-sponsored affinity groups promote inclusion and empower our people to take pride in what makes us unique. Our inclusion events foster stronger, more collaborative teams. Our continual innovation is fueled by the bold ideas, fresh perspectives, and passionate voices our teams bring to everything we do. Mentorship & Career Growth We’re continuously raising our performance bar as we strive to become Earth’s Best Employer. That’s why you’ll find endless knowledge-sharing, mentorship and other career-advancing resources here to help you develop into a better-rounded professional. Work/Life Balance We value work-life harmony. Achieving success at work should never come at the expense of sacrifices at home, which is why we strive for flexibility as part of our working culture. When we feel supported in the workplace and at home, there’s nothing we can’t achieve.
Applied Scientist, Sponsored Products and Brands
US, NY, New York
The Sponsored Products and Brands team at Amazon Ads is re-imagining the advertising landscape through industry leading generative AI technologies, revolutionizing how millions of customers discover products and engage with brands across Amazon.com and beyond. We are at the forefront of re-inventing advertising experiences, bridging human creativity with artificial intelligence to transform every aspect of the advertising lifecycle from ad creation and optimization to performance analysis and customer insights. We are a passionate group of innovators dedicated to developing responsible and intelligent AI technologies that balance the needs of advertisers and enhance the shopping experience, for customers. If you're energized by solving complex challenges and pushing the boundaries of what's possible with AI, join us in shaping the future of advertising. Key job responsibilities We are looking for an Applied Scientist to join the Sponsored Prompts team within the Conversational Discovery Experiences (CAX) in Sponsored Products and Brands. This team owns Sponsored Prompt generation, quality and personalization, a new conversational ad format powered by large language models (LLMs) that helps shoppers discover products across Amazon.com. As an Applied Scientist, you will design and build core components of the prompt generation pipeline, develop new prompt themes, and improve quality frameworks that drive coverage expansion across all surfaces. You will define and run experiments to improve CTR, helpfulness, and advertiser outcomes, and contribute to the science roadmap for prompt generation and personalization. This role requires strong technical depth in NLP, LLMs, and information retrieval, combined with the ability to translate research into production systems at scale. You will work across organizational boundaries with engineering, product, and business teams to turn science investments into measurable business impact.
Sr Data Scientist, Ads-Full-Funnel Agentic Intelligence
US, CA, Palo Alto
Amazon Advertising is one of Amazon's fastest growing and most profitable businesses. Amazon's advertising portfolio helps merchants, retail vendors, and brand owners succeed via native advertising, which grows incremental sales of their products sold through Amazon. The primary goals are to help shoppers discover new products they love, be the most efficient way for advertisers to meet their business objectives, and build a sustainable business that continuously innovates on behalf of customers. Our products and solutions are strategically important to enable our Retail and Marketplace businesses to drive long-term growth. We deliver billions of ad impressions and millions of clicks and break fresh ground in product and technical innovations every day! Amazon continues to develop its advertising program. Ads run in our Stores (including Consumer Stores, Books, Amazon Business, Whole Foods Market, and Fresh) and Media and Entertainment publishers (including Fire TV, Fire Tablets, Kindle, Alexa, Twitch, Prime Video, Freevee, Amazon Music, MiniTV, Audible, IMDb, and others). In addition to these first-party (1P) publishers, we also deliver ads on third-party (3P) publishers. We have a number of ad products, including Sponsored Products and Sponsored Brands, display and video products for smaller brands, including Sponsored Display and Sponsored TV. We also operate ad tech products, including Amazon Marketing Cloud (a clean-room for advertisers), Amazon Publisher Cloud (a clean-room for publishers), and Amazon DSP (an enterprise-level buying tool that brings together our ad tech for buying video, audio, and display ads). Key job responsibilities This role is focused on diving deep into Amazon Ads data, especially full funnel ads campaigns, a new AI-driven workflow provided to advertisers. Rolling out this workflow at scale is critical for Amazon in 2026.
Robotics/AI Motor Control Scientist, Fauna
US, NY, New York
We are seeking a Robotics/AI Motor Control Scientist to develop cutting-edge machine learning algorithms for motor control systems in robots. In this role, you will focus on creating and optimizing intelligent motor control strategies to enable robots to perform complex, whole-body tasks. Your contributions will be essential in advancing robotics by enabling fluid, reliable, and safe interactions between robots and their environments. Key job responsibilities - Develop controllers that leverage reinforcement learning, imitation learning, or other advanced AI techniques to achieve natural, robust, and adaptive motor behaviors - Collaborate with multi-disciplinary teams to integrate motor control systems with robotic hardware, ensuring alignment with real-world constraints such as actuator dynamics and energy efficiency - Use simulation and real-world testing to refine and validate control algorithms - Stay updated on advancements in robotics, AI, and control systems to apply advanced techniques to robotic motion challenges - Lead technical projects from conception through production deployment - Mentor junior scientists and engineers - Bridge research initiatives with practical engineering implementation About the team Fauna Robotics, an Amazon company, is building capable, safe, and genuinely delightful robots for everyday life. Our goal is simple: make robots people actually want to live and interact with in everyday human spaces. We believe that future won’t arrive until building for robotics becomes far more accessible. Today, too much effort is spent reinventing the fundamentals. We’re changing that by developing tightly integrated hardware and software systems that make it faster, safer, and more intuitive to create real-world robotic products. Our work spans the full stack: mechanical design, control systems, dynamic modeling, and intelligent software. The focus is not just functionality, but experience. We’re building robots that feel responsive, expressive, and genuinely useful. At Fauna, you’ll work at the frontier of this space, helping define how robots move, manipulate, and interact with people in natural environments. It’s an opportunity to solve hard problems across hardware and software with a team focused on making robotics accessible and joyful to build. If you care about making robotics real for everyone and building systems that are as delightful as they are capable, we’re interested in hearing from you. an opportunity to solve hard problems across hardware and software with a team focused on making robotics accessible and joyful to build. If you care about making robotics real for everyone and building systems that are as delightful as they are capable, we’re interested in hearing from you.
Applied Scientist, Personalization, Personalization Strategic Initiatives Science
IL, Tel Aviv
Are you a scientist interested in pushing the state of the art in machine learning and recommendation systems? Are you interested in working on novel ideas that can positively impact millions of customers? Do you wish you had access to large datasets and tremendous computational resources? Answer yes to any of these questions and you will be a great fit for our team at Amazon. Our team is part of Amazon’s Personalization organization, a high-performing group that leverages Amazon’s expertise in machine learning, big data, distributed systems, and user experience design to deliver the best shopping experiences for our customers. Our team builds large-scale machine-learning solutions that delight customers with personzlized content recommendations, at the right time, with the right level of explanation. As an Applied Scientist in our team, you will be responsible for the research, design, and development of new AI technologies for personalization. You will adopt or invent new machine learning and analytical techniques in the realm of recommendations and large language models. You will collaborate with scientists, engineers, and product partners locally and abroad. Your work will include inventing, experimenting with, and launching new features, products and systems. Please visit https://www.amazon.science for more information.
See more jobs
View from space of a connected network around planet Earth representing the Internet of Things.
Get more from Amazon Science
Subscribe to our newsletter

Amazon.com | Conditions of Use | Privacy | © 1996-2026 Amazon.com, Inc. or its affiliates

Social