Type “medperf” into a search box and you land on something that looks like a medical-imaging benchmark. Most readers stop there — note that it scores models on medical data, decide it is not their problem, and move on. That is the wrong takeaway for anyone running anomaly detection on industrial or energy telemetry, because MedPerf’s real contribution is not the medical part. It is the federated part: a way to evaluate a model across many sites without ever pulling the data into one place. That mechanism answers a question every operations team eventually faces — why a model that scores brilliantly on someone else’s benchmark can fall apart on your SCADA feed. The confusion is understandable. MedPerf, developed under the MLCommons umbrella, presents itself with leaderboards and accuracy figures, and it is easy to read those as a scoreboard: run the model, read the number, pick the winner. But the number on a MedPerf card was never produced the way a conventional benchmark produces one. Understanding that difference is the whole point of this explainer, and it maps almost directly onto the evaluation problem you have when deciding whether an anomaly detector will generalise to your own plant. What’s worth understanding about MedPerf first? Conventional benchmarking centralises data. You collect a test set, host it somewhere, ship candidate models to that set, and rank them by their scores. The model never sees your production distribution; it sees a curated set that stands in for it. MedPerf inverts this. Instead of moving data to the model, it moves the model to the data. In a MedPerf evaluation, a model is packaged — typically as a container with a defined input and output contract — and distributed to participating sites. Each site runs the model locally against its own private data, computes metrics locally, and returns only the metrics. The raw data never leaves the site. An aggregator collects the per-site scores and assembles a picture of how the model behaves across the whole federation of heterogeneous data sources. That last phrase carries the weight. A federation is not one dataset; it is many, each with its own acquisition equipment, population, calibration, and quirks. A model that posts a strong average across a federation has demonstrated something a centrally scored model cannot: that it holds up on data it was never tuned against, collected under conditions it did not control. This is the discipline that separates a benchmark number from evidence about real behaviour — and it is why the naive scoreboard reading is dangerous. A single headline accuracy figure from a clean central set tells you almost nothing about site-to-site variance, which is exactly the thing that breaks models in production. What is federated evaluation, and how does it differ from a central benchmark? Federated evaluation borrows its plumbing from federated learning — the technique where models train across distributed data without the data being pooled — but it applies that plumbing to scoring rather than training. The distinction matters for operations teams, so it is worth making concrete. Dimension Central benchmark Federated evaluation (MedPerf-style) Where the data lives Pooled in one hosted test set Stays at each site, never moves What the model sees One curated distribution Many heterogeneous site distributions What you learn A single aggregate score Per-site scores + cross-site variance Privacy / data-gravity cost Data must be centralised (often impossible) No data egress required Failure mode it exposes Overall accuracy Generalisation gaps across sites What it hides Site-to-site variance Absolute per-record ground-truth detail The column that should catch an operations reader’s eye is the last row of the middle column: what it hides. A central benchmark hides variance. It gives you one number that averages over everything, and averaging is where dangerous models go to look safe. A detector that is excellent on eight sites and useless on two can post the same headline accuracy as one that is consistently mediocre everywhere — and the two behave completely differently when deployed. Federated evaluation surfaces that spread instead of smoothing it away. This is a market-direction observation about where robust evaluation is heading, not an operational benchmark: the industry is moving toward evaluation methods that respect data gravity, because the data that would validate a model increasingly cannot legally or practically be centralised. Medical data pioneered this constraint. Energy and industrial telemetry share it, for different reasons — data volume, network cost, and site-level access controls rather than patient privacy, but the effect on evaluation is the same. Why site-distributed evaluation matters for judging generalisation Here is the scenario that makes this abstract point sharp. You are evaluating an anomaly-detection model for a fleet of substations, or a set of process lines, or a distributed observability estate. A vendor shows you a benchmark: 98% accuracy, an impressive ROC curve, low false-positive rate. You are tempted to import that number and treat it as a prediction of behaviour on your telemetry. It is not a prediction. It is a measurement taken somewhere else, on a distribution that is almost certainly not yours. Anomaly detection is exceptionally sensitive to this because the “normal” class is defined entirely by the site. Normal vibration on one turbine model is an alarm on another. Normal load-curve shape on a summer-peaking grid is anomalous on a winter-peaking one. A model’s decision boundary is calibrated against whatever “normal” it was scored on, and if that normal differs from yours, the headline number transfers poorly. Federated evaluation is the method that would have told you this in advance. If the model had been scored across a federation of sites resembling your fleet — each computing metrics on its own local normal — you would see not one accuracy figure but a distribution of them. The spread across that distribution is the honest signal. A tight spread means the model generalises; a wide one means the headline number is an average papering over sites where the model fails. This is the same instinct behind machine learning version control for operational anomaly detection: a score only means something when you know exactly which model, which data, and which site produced it. What does MedPerf’s approach teach about why benchmark accuracy misleads? The lesson is not “benchmarks are bad.” Benchmarks are essential; the failure is in how they are read. A benchmark score is a conditional statement — accuracy given this data, this preprocessing, this definition of the positive class. Strip away the conditions and it becomes a naked number that people treat as unconditional, which is where model selection goes wrong. MedPerf makes the conditions visible by construction. Because the model is scored at each site independently, the evaluation cannot pretend the sites are interchangeable. It forces the question the scoreboard reading suppresses: does this hold up where I have never tested it? For operations teams, that question translates directly into the two measures that actually govern whether a deployment is sustainable. The first is false-positive rate at your on-call bandwidth. A model can look accurate and still generate more alerts than a small on-call rotation can triage — and a central benchmark that averaged over quieter sites would never reveal the sites where alert volume spikes. The second is time-to-detect on rare incident classes. Rare events are precisely the ones a central test set under-represents and a diverse federation is more likely to catch. If a model’s rare-class detection collapses at three of ten sites, you want to know that before it costs you an unplanned outage, not after. How can the federated evaluation pattern be applied to energy-grid or industrial data? You do not need to adopt the MedPerf software stack to adopt the discipline it encodes. The transferable idea is a validation design, and it looks like this in an industrial or energy context. Treat each site as its own test set. Do not pool telemetry from every substation or line into one evaluation corpus. Score the candidate model separately per site, using each site’s own labelled incidents and its own definition of normal. Report the distribution, not the mean. Publish per-site false-positive rate and per-site time-to-detect. The worst site, not the average, is what governs your on-call staffing and your risk exposure. Keep data where it is when you can. If sites have data-egress constraints — network cost, regulatory boundaries, air-gapped OT networks — run the evaluation container at the edge and return only metrics. This is the literal MedPerf mechanism, and it is often the only way to evaluate across an OT estate at all. Version the model, the data snapshot, and the site together. A federated score is only reproducible if you can name all three. Worked example, with assumptions stated: suppose you have ten sites, and a vendor model reports 96% detection accuracy on their benchmark. You run it per-site and find nine sites at 94–97% but one site — a substation with a different sensor generation — at 71%, with a false-positive rate roughly triple the others. The central average would still read around 94%. The federated view tells you the real story: the model does not transfer to that sensor generation, and either that site needs a retrained variant or the whole fleet needs a more robust feature representation. That is a decision you can only make if the evaluation refused to average the variance away. (Illustrative figures; the point is the shape of the finding, not the specific numbers.) The tooling around this maps onto familiar infrastructure. Containerised evaluation harnesses ride on Docker and orchestration you likely already run; metric aggregation is lightweight; and the model artifacts themselves are ordinary PyTorch or ONNX exports. The hard part is never the plumbing — it is the discipline of refusing to pool the data and refusing to read the mean as the answer. Our reliability-focused validation engagements are built around exactly this framing: scoping how an anomaly-detection approach should be evaluated across a client’s distributed sites before it is trusted in production. What are the practical limits of MedPerf-style evaluation for operations? Federated evaluation is powerful, but it is not a free win, and treating it as one is its own naive reading. Several limits transfer poorly from the medical setting to industrial and energy operations. First, it needs labels at each site. Federated scoring computes metrics locally, which means each site must have ground-truth labels for its own incidents. Many operations estates have sparse, inconsistent, or entirely absent labels on historical telemetry — and without labels there is nothing to score against. This is often the real blocker, and no amount of clever aggregation fixes it. Second, coordination overhead is real. Standing up a container to run at ten OT sites, each with its own access controls and its own maintenance windows, is an organisational problem more than a technical one. The medical MedPerf federations solved this with dedicated data-steward roles; an energy operator would need an analogous commitment across site teams. Third, federated evaluation tells you where a model fails, not why. A wide cross-site spread flags the problem; diagnosing whether it is a sensor-generation mismatch, a labelling inconsistency, or a genuine distribution shift still requires site-level investigation. That investigation is where a structured reliability-audit methodology for validating anomaly detection across sites earns its place — the federated score is the trigger, not the conclusion. FAQ How does MedPerf work in practice? MedPerf, developed under MLCommons, ships a packaged model to each participating site rather than pooling data centrally. Each site runs the model locally on its own private data, computes metrics locally, and returns only the scores to an aggregator. In practice it means a model is judged across many heterogeneous data sources without any raw data ever leaving its site of origin. What is federated evaluation, and how does it differ from running a model against a central benchmark dataset? Federated evaluation scores a model across distributed, private datasets and reports per-site results plus cross-site variance; a central benchmark pools data into one hosted test set and reports a single aggregate score. The critical difference is that central benchmarks hide site-to-site variance by averaging, while federated evaluation surfaces it. Federated evaluation also requires no data egress, which matters wherever data cannot legally or practically be centralised. Why does site-distributed evaluation matter for judging whether an anomaly-detection model will generalise to your own telemetry? Anomaly detection is defined by each site’s notion of “normal,” so a decision boundary calibrated elsewhere transfers poorly. A single benchmark accuracy figure is a measurement taken on someone else’s distribution, not a prediction of behaviour on your SCADA or observability data. Site-distributed evaluation gives you a distribution of scores whose spread is the honest signal of whether the model generalises. What does MedPerf’s approach teach operations teams about why benchmark accuracy misleads? A benchmark score is conditional — accuracy given a specific dataset, preprocessing, and definition of the positive class — but it is usually read as unconditional. MedPerf makes those conditions visible by scoring each site independently, forcing the question “does this hold where I have never tested it?” For operations that translates into two governing measures: false-positive rate at your on-call bandwidth and time-to-detect on rare incident classes, neither of which a central average reveals. How can the federated evaluation pattern be applied to validating anomaly detection on energy-grid or industrial process data? Treat each site as its own test set, score the model separately per site using local incidents and local normal, and report the distribution rather than the mean — the worst site governs on-call staffing and risk. Where data-egress constraints exist, run the evaluation container at the edge and return only metrics, and version the model, data snapshot, and site together. You adopt the discipline without needing the MedPerf software stack itself. What are the practical limits of MedPerf-style evaluation for industrial and energy operations, and where does it not directly transfer? It needs ground-truth labels at each site, which many operations estates lack on historical telemetry. Coordination across OT sites with separate access controls and maintenance windows is an organisational burden, not just a technical one. And it tells you where a model fails, not why — diagnosing whether the cause is a sensor-generation mismatch, labelling inconsistency, or genuine distribution shift still requires site-level investigation. Where this leaves the model-selection decision The point of understanding MedPerf is not to run MedPerf. It is to stop reading benchmark accuracy as a promise about your own sites. The moment you accept that a model’s real behaviour is the distribution of its per-site scores — not the headline average — the model-selection question changes shape. It stops being “which model has the highest number” and becomes “which model holds up across sites that look like mine, and what does its worst site cost my on-call team.” That is a harder question, and a far more useful one. The federated evaluation pattern is simply the most disciplined way we know to force it — the same instinct that makes version control for operational anomaly detection worth the effort: a score only means something when you can say exactly what produced it.