This week we shipped a tighter pre-flight on every query that comes into the research API. The goal is operational, not philosophical — get the obvious-edge-case requests out of the agent loop before they catalyze a multi-minute, multi-dollar run.
The broader posture has not changed. The AI safety post from May describes what's in place at the system level: input and output screening, mandatory citations, the privacy posture. This post is narrower — what the recent update does, who is likely to notice, and what to do if a legitimate query is rejected.
Two things are now in place at the API boundary, before the agent loop runs:
The classifier is small and fast. It runs in the same HTTP call as the submission, adds a few hundred milliseconds before you get a job_id back, and costs a fraction of a cent per call — small enough that it does not move the per-query cost number in any way customers will notice.
We are deliberately not publishing the exact patterns, thresholds, or category lists. Publishing them would let bad actors iterate against them. The shape is what we said in May: dual-use research of concern, biological and chemical weapons design, controlled-substance synthesis, requests that would compromise individual privacy, and prompt-injection attempts targeting the system. The boundaries are tuned to the kinds of questions SPARKIT is built for — research-grade biology, chemistry, and adjacent sciences — and the bias sits heavily toward letting borderline-but-legitimate queries through.
Most users: nobody. We tuned the patterns explicitly against real scientific terminology. Queries about gene families that share an acronym with a well-known jailbreak attempt, mechanistic biology that uses phrasing like X acts as a Y, and short questions built around single-letter gene symbols (p53, c-Myc, T cell receptor signaling) all pass through without trouble. That tuning is regression-tested against a curated suite of real domain queries that earlier versions of the patterns would have incorrectly blocked.
A small number of edge cases will see the new behavior:
If you have automation that submits very short queries, single URLs, or test traffic that looks malformed, you may see a small number of 400s where you previously got a 202. Both behaviors are fail-safe — you are never charged for a blocked submission — but if the change affects how your code branches on errors, the section below describes the response shape.
The response is HTTP 400 with the existing structured error body:
SPARKIT{
"error": {
"code": "safety_blocked",
"message": "..."
}
}
The message wording differs between malformed inputs and policy-flagged ones, but in both cases it stays generic — we do not echo back the category or the matched pattern. Two operational details worth knowing:
job_id to poll, no webhook to receive — the rejection is fully synchronous and returns from the original POST.This is the same safety_blocked error code documented in the API specification since launch. Existing client code that branches on error.code === "safety_blocked" continues to work unchanged.
The calibration is biased toward false negatives. We would rather let a borderline query through and absorb a few dollars of engine cost than reject a paying customer's legitimate research. If you see a research query that you believe was incorrectly blocked, email the query to info@sparkit.science. We add specific failure cases to the regression suite and tune from there. Turnaround on a real false positive is usually within a few days.
The output-side screening described in the May post is unchanged in posture and recently picked up an additional layer that catches the rare case where the agent's draft contains language about its own internal structure. That is more a quality improvement on what we surface than a customer-facing change.
The privacy posture is unchanged. We do not store blocked queries beyond an internal short-form audit log used for tuning. We do not train on customer queries. The privacy policy stands as written.
Volume on the API has grown enough that edge-case requests — empty submissions, malformed input, the occasional prompt-injection attempt — are a non-trivial fraction of traffic. The classes were always there in small numbers; they are now common enough to be worth gating cleanly at the boundary rather than letting them reach the agent loop and produce a degraded result a few minutes later. The change ships on by default in the current release.
If something about how this works affects your usage in a way we haven't anticipated, write to us. Honest reports from the field are the only way we know whether the calibration is right.
Perplexity, ChatGPT Deep Research, Gemini Deep Research, Claude Research, Elicit, SPARKIT — the deep-research category has converged on the basics. The remaining differences are about audience, deployment surface, and how each tool treats citations. A map of who builds what for whom, and where SPARKIT fits.
Read post →Drop a five-gene hereditary-cancer panel into SPARKIT and get back the unifying syndrome, lifetime cancer risks, mechanism, and the current surveillance guideline — every claim cited and pulled from primary sources, not from the model's training memory.
Read post →sparkit-mcp ships today on PyPI. One config block in claude_desktop_config.json (or the Cursor / Claude Code equivalent) and your LLM client can call SPARKIT mid-conversation. No more leaving the chat to curl the API.
Read post →