Skip to content

Model Card — Apex Family

Per-model identity, capabilities, training data summary, evals, safety, limitations for the Apex (CMMD 1.0) model family. Modeled on Anthropic's model cards.

Per-model identity, capabilities, training data summary, evals, safety, limitations. Modeled on Anthropic’s model cards.

FieldValue
FamilyApex
Family version1.0
Release datePhased rollout starting 2026-Q2 (A/B tested, see ADR-0005)
LicenseProprietary, customer use only under CMMD Terms of Service
ProviderCMMD-Center (self-hosted)
ModelCustomer-facing nameBaseTier
Apex FlashCMMD 1.0 FastQwen 3.5 9B (open-source base)trivial + simple
Apex GeneralCMMD 1.0Qwen 3.5 122B-A10B (MoE base)standard
Apex ReasonCMMD 1.0 ProDeepSeek-R1 32B (reasoning base)complex
Apex CodeCMMD 1.0 CodeQwen3-Coder-Next 80B-A3Bcode-specialist
Apex VisionCMMD 1.0 VisionChroma1image understanding/generation

All models are fine-tuned by CMMD on top of the open-source bases for tool-calling, context synthesis, and CMMD-specific tasks.

  1. Conversational interaction with the user about their workspace data
  2. Tool calling to take actions (create task, schedule event, search Brain, etc.)
  3. Synthesis & summarization of user-owned content
  4. Code understanding and generation (Apex Code) within Forge IDE workflows

Apex models are NOT intended for:

  • 🚫 General-purpose chatbot deployment outside CMMD
  • 🚫 Standalone API access (no public API for Apex itself)
  • 🚫 Medical, legal, or financial advice (the Sidekick may help draft, but the user is responsible for decisions)
  • 🚫 Real-time critical-infrastructure control
  • 🚫 Generating content depicting real persons without consent (Vision model)
  • 🚫 Bypassing safety filters

CMMD’s Acceptable Use Policy (see Trust & Safety) governs end-user obligations.

Apex bases are open-source models — Qwen 3.5 (Alibaba), DeepSeek-R1 (DeepSeek), Chroma1 (open-source vision). Their training data is documented in their respective model cards published by the upstream providers.

SourceVolumeNotes
Public function-calling datasets~10M examplesPublic, attribution where required
Synthetic tool-call traces~5M examplesGenerated using larger models, hand-audited subset
Public code corpora (Apex Code only)~50B tokensFiltered for permissive licenses
Public web text (general)Inherited from baseNo additional pretraining

Customer data is NEVER used for training. This is a hard rule, enforced at the data pipeline boundary. Customer chats, Brain documents, and any workspace data are isolated from the training data pipeline.

EvalApex FlashApex GeneralApex ReasonCompared to (Anthropic)
Tool-call accuracy (CMMD internal)88%91%93%Within 2 pts of Anthropic equivalents
MMLU71%81%84%Behind on standard benchmarks vs Opus
HumanEval (Apex Code)Apex Code: 78% pass@1
CMMD context-synthesis suite83%90%92%At parity for Sidekick-shaped tasks

Internal CMMD evals (private suite) are the load-bearing metric — they reflect actual Sidekick workloads. Public benchmarks (MMLU, etc.) are secondary signal.

ConcernApex result
Refusal of clearly harmful requests>99%
Refusal of benign requests (false positive)<3% target — currently 2.4% (acceptable)
Jailbreak resistance (DAN / persona attacks)Bench in progress — external red-team Q3 2026
PII leakage in context<0.1% (workspace data isolation enforced)
Hallucination rate (closed-book factual)8% — flagged in UI when uncertainty is high
  • Context window: 32k tokens for Flash/General/Reason, 128k for Code. Larger contexts truncate older history.
  • Latency on cold start: P95 ~12s for Flash, ~18s for General when not pre-warmed. Mitigated by keep-warm strategy in production.
  • Long-tail factual accuracy: Below GPT-4 / Claude Opus on rare knowledge queries. Mitigation: Brain semantic search injects user-owned context.
  • Multilingual: English first-class. Non-English degrades gracefully but quality below state-of-the-art for non-English-dominant workloads.
  • Image generation (Vision): Will not generate photorealistic depictions of real persons.
SafeguardImplementation
System prompt isolationUser input cannot override system prompts; established via prompt-injection-resistant training
Tool execution gatingExternal actions (send email, post message) require user confirmation
PII scrubbingOutbound prompts filtered through PII redactor before any third-party fallback
Rate limitingPer-user and per-org caps to prevent abuse
Refusal trainingTrained to refuse: malware, self-harm content, NSFW with real persons, harassment generation
Audit loggingAll Sidekick interactions logged (org-scoped, customer-readable)
  • Minor model updates (improvements) ship transparently — current users get the new model on next chat
  • Major model updates that change behavior get a 30-day notice + opt-in period
  • Deprecated models continue serving for 90 days after their replacement is GA
  • Model version is exposed in the API response for any tool-call observability
IssueWhere to report
Safety concern (refusal failure, harmful output)security@cmmd.ai
Quality regressionFeedback app (isFixed: true)
Bias or unfair outputsafety@cmmd.ai
Suspected PII leaksecurity@cmmd.ai — treated as P0
  • Customer data isolation: ✅ enforced architecturally
  • Training data audit: 🟡 internal — external audit Q3 2026
  • Red-team engagement: 🟡 scheduled Q3 2026
  • Safety case publication: 🟡 planned post-GA