The hot path is the critical execution layer within a Lambda Architecture or Kappa Architecture that processes streaming data immediately as it arrives. Unlike the cold path, which handles batch processing for comprehensive historical analysis, the hot path is optimized for sub-second latency to power online inference and complex event processing (CEP). It ingests high-velocity event streams—such as payment authorization requests—and executes risk scoring engines, velocity checks, and rules engines before a transaction is approved or declined.
Glossary
Hot Path

What is Hot Path?
The hot path is the real-time processing layer of a data architecture that handles time-sensitive data with sub-second latency to generate immediate alerts or scoring decisions.
Engineering the hot path requires strict adherence to P99 latency budgets and resilient patterns like the circuit breaker and backpressure handling to prevent cascading failures. The pipeline typically leverages Apache Kafka for durable stream ingestion, a feature store for low-latency data enrichment, and exactly-once semantics to ensure transactional integrity. Shadow mode deployment is commonly used to validate new fraud detection models on the hot path without impacting the live authorization flow.
Key Characteristics of a Hot Path
The hot path is defined by its uncompromising demand for speed and determinism. It is the execution layer where milliseconds translate directly to revenue protection or loss, requiring a specialized set of architectural characteristics distinct from analytical or batch systems.
Sub-Second Latency Budget
The defining constraint of a hot path is a strict P99 latency target, typically under 50-100 milliseconds end-to-end. This budget must cover network transit, deserialization, feature lookups from a low-latency feature store, model inference, and the final decision response. Exceeding this budget results in timeouts that disrupt the authorization flow, forcing a fallback to a static rules engine and nullifying the value of the ML model.
Deterministic Resource Utilization
Unlike batch training, the hot path cannot tolerate garbage collection pauses or resource contention. It relies on pre-allocated memory, just-in-time (JIT) compiled code, and non-blocking I/O. Techniques like object pooling and avoiding dynamic memory allocation are critical to ensuring that a P99 latency outlier does not cascade into a system failure, triggering the circuit breaker pattern.
Stateful Stream Processing
The hot path must maintain local, in-memory state to compute velocity checks and sliding window aggregations without querying a remote disk. Technologies like Apache Kafka Streams or Apache Flink embed a RocksDB state store directly in the processing node. This allows for sub-millisecond lookups to answer questions like 'How many transactions has this device fingerprint seen in the last 5 minutes?' using a count-min sketch.
Graceful Degradation
A hot path must never crash the transaction flow. If an external data enrichment service for geolocation times out, the path must proceed with a degraded score rather than blocking the payment. This is implemented via backpressure handling, strict timeouts on external calls, and the circuit breaker pattern. A dead letter queue (DLQ) captures malformed messages asynchronously so the main pipeline is not blocked by a single poison pill message.
Exactly-Once Processing
Financial ledgers require absolute consistency. The hot path must guarantee exactly-once semantics to prevent a network retry from charging a customer twice or, conversely, failing to log a fraudulent attempt. This is achieved by passing an idempotency key from the client and coordinating transactional state between the stream processing engine and the sink, ensuring that a retried message updates the score but does not duplicate the side effect.
Shadow Mode Evaluation
Before a new model enters the critical authorization path, it is deployed in shadow mode. The candidate model receives a mirrored copy of live traffic, logs its predictions, and compares them against the champion model's output—all without affecting the actual authorization decision. This allows engineers to validate online inference performance and detect model drift in a zero-risk environment before a full cutover.
Frequently Asked Questions
Essential questions about the real-time processing layer that handles time-sensitive data with sub-second latency to generate immediate alerts or scoring decisions.
A hot path is the real-time processing layer of a data architecture that handles time-sensitive data with sub-second latency to generate immediate alerts or scoring decisions. It operates on streaming data as it arrives, processing each event individually or in micro-batches before the transaction completes. In financial fraud detection, the hot path ingests raw transaction events from Apache Kafka or similar streaming platforms, enriches them with contextual data from a feature store, runs them through a risk scoring engine, and returns an approve/decline decision within a strict latency budget—typically under 50 milliseconds. This contrasts with the cold path, which performs comprehensive batch processing on historical data for model training and forensic analysis. The hot path prioritizes speed over completeness, often using approximate algorithms like Count-Min Sketch and Bloom filters to maintain performance guarantees.
Hot Path vs. Cold Path: A Comparison
A comparison of the real-time processing layer against the batch analytical layer in fraud detection systems.
| Feature | Hot Path | Cold Path | Warm Path |
|---|---|---|---|
Primary Function | Real-time transaction scoring and blocking | Historical analysis and model training | Near-real-time aggregation and enrichment |
Latency Budget | < 50 ms | Minutes to hours | 1-10 seconds |
Data Freshness | Sub-second | Hours to days old | Seconds to minutes old |
Throughput Requirement | 10,000+ TPS | High-volume batch | Moderate stream |
Consistency Model | Eventual consistency | Strong consistency | Eventual consistency |
State Management | In-memory, ephemeral | Durable, persistent storage | Hybrid in-memory with checkpointing |
Typical Technologies | Apache Kafka Streams, Flink | Apache Spark, Hadoop | Apache Flink, Kafka KSQL |
Failure Tolerance | Fail fast, circuit breaker | Retry, recompute | Graceful degradation |
Use Case in Fraud | Authorization flow scoring | Model training, ring detection | Velocity checks, session analysis |
Idempotency Requirement | |||
Backpressure Sensitivity | |||
Cost Profile | High compute per event | Low compute per event | Moderate compute per event |
Enabling Efficiency, Speed & Accuracy
Intelligent Analysis, Decision & Execution
We build AI systems for teams that need search across company data, workflow automation across tools, or AI features inside products and internal software.
Talk to Us
Search across company data
Give teams answers from docs, tickets, runbooks, and product data with sources and permissions.
Useful when people spend too long searching or get different answers from different systems.

Automate internal workflows
Use AI to route work, draft outputs, trigger actions, and keep approvals and logs in place.
Useful when repetitive work moves across multiple tools and teams.

Add AI to products and internal tools
Build assistants, guided actions, or decision support into the software your team or customers already use.
Useful when AI needs to be part of the product, not a separate tool.
Real-World Hot Path Use Cases
The hot path is the high-stakes execution layer where milliseconds determine whether a transaction is approved or blocked. These use cases illustrate the critical functions that must operate within the strict P99 latency budget.
Real-Time Transaction Scoring
The core function of the hot path: calculating a fraud probability score before the authorization response is sent. This involves executing the online inference model against the enriched transaction event within a 50-100ms budget.
- Feature vector assembly: Joining the transaction with real-time velocity checks and device fingerprints
- Model execution: Running gradient-boosted trees or neural networks optimized for CPU-bound inference
- Threshold evaluation: Comparing the score against risk-based decision tables to produce an approve, decline, or step-up action
Velocity Check Computation
Detecting anomalous bursts of activity by computing sliding window aggregations over streaming transaction attributes. A sudden spike in transactions from a single IP address or card BIN within a 5-minute window is a classic indicator of a carding attack.
- Count-Min Sketch: Probabilistic data structure for approximate frequency counting with sub-linear memory
- Token Bucket Algorithm: Rate-limiting pattern that allows bursts while enforcing a sustained throughput cap
- Window types: Tumbling windows for fixed intervals, hopping windows for overlapping periods, and session windows for user activity
Watchlist Screening
Checking the transacting entity against sanctions lists, politically exposed persons databases, and internal blocklists in real time. This must complete before authorization to prevent funds from reaching restricted parties.
- Bloom Filter: Space-efficient probabilistic structure for rapid membership testing with zero false negatives
- Exact matching: Deterministic lookup against hashed identifiers using in-memory key-value stores
- Fuzzy matching: Levenshtein distance and phonetic algorithms for name screening against OFAC and UN sanctions lists
Device Fingerprint Evaluation
Generating and evaluating a unique identifier from the transacting device's attributes to detect account takeover and bot activity. The fingerprint must be computed and compared against known-good profiles within the hot path window.
- Passive signals: Browser canvas hash, WebGL renderer, installed fonts, and TLS fingerprinting
- Reputation scoring: Checking the fingerprint against a database of known fraudulent devices
- Velocity correlation: Linking multiple accounts to a single device fingerprint to detect fraud rings
Authorization Flow Integration
The hot path operates within the ISO 8583 authorization flow, the standardized messaging protocol between acquirers and issuers. The fraud system must intercept, enrich, score, and return a decision without breaking the strict timeout constraints of the payment network.
- Circuit Breaker Pattern: Gracefully degrading to a rules-only decision if the ML model service becomes unavailable
- Idempotency Key: Preventing duplicate charges by ensuring retried authorization requests are processed exactly once
- Shadow Mode Deployment: Running a new model in parallel with production to validate performance without impacting live decisions
Dead Letter Queue Handling
When a transaction event cannot be processed successfully in the hot path—due to malformed data, schema violations, or enrichment service timeouts—it must be routed to a Dead Letter Queue for offline inspection without blocking the main pipeline.
- Backpressure handling: Applying flow control when downstream enrichment services slow down
- Schema validation: Using a Schema Registry to enforce Avro or Protobuf message contracts before processing
- Watermark tracking: Declaring a threshold timestamp after which late-arriving events are routed to cold storage rather than the hot path

About the author
Prasad Kumkar
CEO & MD, Inference Systems
Prasad Kumkar is the CEO & MD of Inference Systems and writes about AI systems architecture, LLM infrastructure, model serving, evaluation, and production deployment. Over 5+ years, he has worked across computer vision models, L5 autonomous vehicle systems, and LLM research, with a focus on taking complex AI ideas into real-world engineering systems.
His work and writing cover AI systems, large language models, AI agents, multimodal systems, autonomous systems, inference optimization, RAG, evaluation, and production AI engineering.
Partnered with leading AI, data, and software stack.
How We Work
Custom AI workflows for your Business
One-fit-all AI don't work for modern businesses. At Inferensys, we aim to understand your business & custom requirements; which we use to define most efficient agentic workflows, the data, and the tools for your business.
01
Review the use case
We understand the task, the users, and where AI can actually help.
Read more02
Pick the right approach
We define what needs search, automation, or product integration.
Read more03
Build the first useful version
We implement the part that proves the value first.
Read more04
Improve from there
We add the checks and visibility needed to keep it useful.
Read moreThe first call is a practical review of your use case and the right next step.
Talk to Us