Video Surveillance Anomaly Detection in 2026: Models, Architectures & Real Production KPIs

Why Fora Soft wrote this playbook

Fora Soft has shipped video anomaly detection into production on real CCTV and IP-camera networks for over five years. Our projects—including NetCam, a live-event monitoring platform, and the drone-based safety system DSI Drones—handle tens of thousands of camera streams daily. We’ve learned that the gap between a research baseline (90% AUC on UCF-Crime) and a production system (detecting the anomalies your security team actually cares about, with false alarms low enough that operators don’t silence the system) is vast.

This article codifies our 2026 playbook: which detection paradigm to pick, how to structure the pipeline, when edge inference wins over cloud, how to measure what matters, and what pitfalls sink projects. We cite production data where possible and flag uncertain figures explicitly.

The TL;DR — three decision gates

Every video anomaly detection (VAD) system boils down to three gates. Get them right, and your model will ship. Get them wrong, and you’ll spend a quarter retraining on data you don’t have.

1. What is an anomaly for your use case? A stolen bicycle, a fall, loitering, a fire, an intrusion, a crowd gathering, unusual gait, someone standing still for too long. Every camera has different ground truth. Supervisors at a hospital see different things than security at a warehouse.

2. How will your model learn? (a) Supervised: you have thousands of labeled, annotated clips. (b) Weakly-supervised: you have video-level labels (this clip contains an anomaly, yes/no) but no frame timestamps. (c) Self-supervised: you have unlabeled video and train on motion or predictive tasks. (d) Zero-shot: you use pre-trained vision-language models (CLIP, Video-LLaVA) and prompt them with your anomaly definition, training nothing.

3. Where does inference run? Edge (Jetson, Coral, Hailo on the camera or edge appliance: low latency, GDPR-friendly, no bandwidth cost) or cloud (GPUs in AWS/GCP/Azure: scales easily, easier to version-control, costs more).

The taxonomy of anomalies in CCTV

Most papers conflate anomaly detection with one task, but production systems need to detect six distinct classes:

1. Object anomalies. A person in a restricted area, a car on the sidewalk, an unauthorized item on a shelf. Needs object detection + spatial rules or learned boundary models. Simple but brittle if the camera moves.

2. Motion anomalies. Running, falling, sudden jerky movements. Requires temporal modeling of pose or optical flow. Low false-alarm rate is hard because "fast walking" is not "running."

3. Trajectory anomalies. A person zigzagging, backtracking, or following another person. Needs multi-frame tracking and a learned or heuristic "normal path" model.

4. Group–scene anomalies. Crowds gathering, a stampede, loitering. Requires tracking multiple people and computing aggregate flow or density.

5. Scene-level anomalies. Fire, smoke, water on the floor, darkness. Usually simple CNNs or rule-based detectors trained on few examples.

6. Contextual anomalies. A person alone at 3 AM vs noon; activity in a normally-empty zone during shift hours. Needs temporal and calendar context — harder than frame-level vision alone.

Supervised learning — when you have labels

If you have a dataset of 500+ labeled anomaly clips (frame-level bounding boxes or timestamps), supervised learning is the safest choice. Standard architectures are 3D CNNs that learn temporal and spatial features jointly.

Core supervised architectures

I3D (Inflated 3D ConvNets). Released 2017, still widely used. 2D image networks (ResNet-50) inflated to 3D by repeating weights along the temporal axis, then fine-tuned. Achieves ≈82% AUC on UCF-Crime. Fast inference (<100ms per 16-frame clip on a T4), easy to fine-tune. Bottleneck: fixed receptive field (16 frames ≈ 0.5–1 second at 25fps).

X3D (efficient 3D CNNs). Facebook’s 2020 variant, optimized for mobile and edge. X3D-S (small) runs on Jetson Nano with ≈30 TOPS / 40 ms per frame. Trade-off: ≈76% AUC, but 50x fewer FLOPs than I3D.

SlowFast. Facebook’s 2018 dual-stream: a slow pathway (stride=2, high spatial detail) + fast pathway (stride=1, temporal dynamics). ≈85% AUC on UCF-Crime. Higher latency and memory than I3D, but better at detecting subtle, fast-moving events.

Weakly-supervised VAD — learning from video-level labels

Real-world datasets rarely come with frame-level timestamps. You have a folder of videos: “fight_001.mp4” (anomalous) and “normal_crowd_002.mp4” (normal). Weakly-supervised learning exploits this: train a model to predict video-level labels (has anomaly yes/no) from bag-of-frames, and the model learns to attend to the anomalous frames.

Multiple-Instance Learning (MIL) baseline: Sultanis et al.’s “Real-world Anomaly Detection in Videos” (ICCV 2017) introduced UCF-Crime, a 1.9M-frame benchmark of real surveillance clips. Their MIL-rank loss treats a video as a bag of snippets; if the video is labeled anomalous, at least one snippet must score high. Results: 76% AUC on UCF-Crime (lower than supervised, but no timestamps needed).

RTFM (Ranking, Temporal, Frequency Modulation). Li et al.’s 2021 improvement: use optical flow magnitude to boost snippets with high motion, and apply temporal smoothing. ≈84% AUC on UCF-Crime. Inference still real-time (<50ms/frame on CPU).

MGFN (Motion and Guidance Feature Network). 2024 variant, achieves ≈87% AUC by coupling a motion encoder with spatial guidance (saliency maps). More complex, but useful if your anomalies cluster in image regions.

Self-supervised & unsupervised VAD — learning from unlabeled streams

You have months of raw CCTV footage but no labels. Self-supervised learning trains on the video itself: reconstruct frames, predict masked regions, or forecast the next second of video. Anomalies emerge as high reconstruction error or prediction mismatch.

Canonical approaches

Autoencoder reconstruction. Train a convolutional autoencoder on normal video frames (1–2 weeks of footage). At test time, high reconstruction loss = anomaly. Simple, interpretable, but struggles with novel lighting or seasonal changes (data drift).

Memory-augmented autoencoders (MemAE). Zhang et al.’s 2019 variant: the encoder learns a dictionary of normal patterns; if a test frame can’t be reconstructed from the dictionary, it’s anomalous. ≈71% AUC on UCF-Crime (lower than supervised, but no labels needed). Advantage: inherently adaptive to gradual drift.

Predictive coding. Train the model to forecast frame t+k from frames t–n to t. Anomalies cause prediction errors. Extends naturally to temporal logic (if a person enters zone A, they should exit via zone B, not linger).

Masked autoencoders for video (video-MAE). He et al.’s 2022 breakthrough: mask 50–80% of random patches in a video clip, train a ViT to reconstruct them. Pre-train on unlabeled video (ImageNet is not enough for temporal dynamics), then fine-tune on labeled anomalies or use off-the-shelf. State-of-the-art in 2026 for self-supervised pre-training. Inference cost is high (≈500ms/frame on V100), but accuracy is exceptional (≈88% AUC when fine-tuned on UCF-Crime with just 10% of labels).

Transformer-based VAD — 2026 state of the art

2023–2026 saw transformers displace 3D CNNs on every major benchmark. Why? Transformers learn long-range temporal dependencies without architectural constraints (CNNs are stuck with fixed receptive fields). Four flavors dominate production:

TimeSformer. Gedas et al.’s 2021 design: factorize attention into spatial (attention within each frame) and temporal (attention across frames) passes. ≈86% AUC on UCF-Crime. Inference: ≈200ms/frame on T4 for 224×224 input.

ViViT (Vision Video Transformer). Google’s 2021 entry: apply ViT (vision transformer) patch embeddings directly to 3D video tokens. Spatial-temporal tokens are learned jointly. ≈87% AUC. Slower than TimeSformer (≈350ms/frame) but more parameter-efficient.

MViT-V2 (Multiscale Vision Transformers). Facebook’s hierarchical pyramid of transformers: compute at multiple resolutions, fuse. ≈88% AUC on UCF-Crime. More memory (10GB+ for inference on 1080p), but better at fine-grained anomalies.

Video-MAE + ViT-B fine-tuning. Pre-train video-MAE on unlabeled data (your own CCTV backlog), fine-tune a ViT-B encoder on labeled anomalies. ≈90% AUC with 50% fewer labeled examples than supervised-from-scratch. Runtime: ≈150ms/frame on L4 GPU (Google Cloud’s mid-tier cheapest NVIDIA option).

Zero-shot VAD using foundation models

CLIP (OpenAI’s vision-language model) and its video cousins (Video-LLaVA, BLIP-2 video variants) allow you to define anomalies in natural language and score video frames without training. No labels required.

CLIP-based zero-shot. Encode a prompt: “a person running”, “a crowd gathering”, “someone climbing a fence”. Encode each video frame. Compute cosine similarity. Frames scoring >0.7 are flagged. Advantage: no training, instant adaptation to new anomaly definitions. Disadvantage: ~60% AUC on UCF-Crime (worse than any supervised method), false alarms on benign fast motion.

Video-LLaVA querying. Recent vision-language models can read questions: “Is this frame anomalous for a parking lot?” Useful for contextual anomalies (a car at 3 AM is suspicious; at noon, normal). Inference cost is high (≈1–2 seconds per frame), and hallucinations are common (the model confidently flags benign events as suspicious).

Practical hybrid: Use CLIP as a first-pass filter (reject obvious negatives), then run a supervised anomaly detector on high-confidence frames. Reduces GPU cost by 70% while maintaining 85%+ AUC.

The detection pipeline — architecture & data flow

Every production VAD system follows this flow:

1. Decode. Read H.264/H.265 frames from RTSP stream (IP camera) or file. Typical throughput: 1080p25 ≈ 600 MB/sec raw YUV. Cost bottleneck at scale (thousands of streams).

2. Preprocessing. Resize (e.g., 1080p → 224×224), normalize (ImageNet mean/std or per-stream statistics), optional denoising. ≈5–10ms per frame on CPU.

3. Object detection & tracking. Run YOLO (or Faster R-CNN) to find people, vehicles, objects. Link detections across frames with DeepSORT or Kalman filters. ≈30–50ms per frame on GPU. See our YOLO + DeepSORT guide for production details.

4. Feature extraction. Crop detected objects, extract embeddings (pose, appearance, motion vectors). Optional: compute optical flow for the entire frame or per-tracked object. ≈10–20ms per frame.

5. Temporal model. Feed a sliding window of frame features (e.g., 16 frames, 0.64 sec at 25fps) to I3D, video-MAE, or MemAE. Outputs a scalar anomaly score per frame or per clip. ≈50–200ms depending on architecture.

6. Scoring & thresholding. Smooth scores temporally (median filter, exponential moving average). Set a threshold (e.g., score > 0.7 = alert). Suppress repeated alerts on the same track within a window (e.g., 5 sec).

7. Alerting. Push anomalies to a message queue (Kafka, SQS), write to a database, and emit webhooks or MQTT to operator dashboards. Keep metadata: frame timestamp, crop, anomaly confidence, object ID, zone.

YOLO + DeepSORT as the object detection layer

YOLO v8n (nano) detects objects at 30+ FPS on a Jetson Orin Nano. DeepSORT re-identifies objects across frames, creating persistent track IDs. Together, they form the bottleneck of most pipelines: if tracking fails, downstream anomaly detection is useless.

YOLO configuration. v8n for edge (<50ms per frame), v8s/v8m for cloud. Confidence threshold 0.5–0.6 to balance false positives (extra overhead) against missed detections (cascading miss in anomaly detection).

DeepSORT configuration. Uses a deep appearance feature (ReID model trained on person re-identification datasets) + Kalman motion prediction. If a person leaves frame for >30 frames (>1 sec at 25fps), the track dies. Hyperparameters (max_age, n_init) control how long to keep zombie tracks (useful for occlusion, harmful for multiple intrusions).

For production guidance, read our YOLO + DeepSORT production guide, which covers edge cases (camera handoff, occlusion recovery, drift in the ReID model).

Comparison matrix — which approach for your constraints

Edge vs cloud inference — when to push to the camera

The choice between edge and cloud is not about raw GPU power. It’s about latency, bandwidth, privacy, and cost at scale. See our edge vs cloud guide for a deeper comparison.

Edge (inference on the camera or edge box). Deploy I3D, X3D, or lightweight YOLO to a Jetson Orin Nano (40 TOPS, ≈$249), Hailo-8 accelerator (≈$90, 13 TOPS), or Google Coral TPU (4 TOPS). Advantages: zero bandwidth cost, sub-100ms latency, GDPR-friendly (frames never leave the site), works offline. Disadvantage: tight inference budgets (can run one model, not a model ensemble), harder to update (firmware push to 1000 cameras is a 2-week project).

Cloud (inference on AWS/GCP/Azure GPUs). Stream H.264 frames to servers running Tesla T4 (16GB VRAM, ≈$0.30/hr), L4 (≈$0.60/hr), or H100 (≈$3/hr). Advantages: scales to 1000s of cameras on one cluster, model updates are one-click, you can ensemble five detectors if you want. Disadvantage: egress bandwidth costs (≈$0.01–0.05 per GB, adds up), 200–500ms round-trip latency, GDPR friction (frames cross international borders).

Hybrid: edge for lightweight detection (YOLO object detection), cloud for heavy models (video-MAE anomaly scorer). YOLO runs on Jetson (30 ms), sends bounding boxes (100 KB/sec) to cloud, cloud scores boxes (high GPU utilization). Latency: ≈150ms. Bandwidth: 100 KB/sec ≈ $0.06/camera/month. This is the Fora Soft default for 50+ camera deployments.

Hardware footprint & cost math

One 1080p camera at 25 fps generates 1.3 MB/sec raw video. At H.264 compression (50:1), that’s 26 KB/sec over the network. Inference cost varies wildly by hardware and model.

Per-camera inference cost, 1080p25, one model (I3D or YOLO+I3D)

Jetson Orin Nano (edge). Hardware: $249 one-time. Power: 15W continuous. Inference: I3D at ≈100ms/frame = 2.5 frames/sec (10x slower than real-time). Workaround: process every 4th frame, accumulate anomaly scores. Effective throughput: real-time at 1/4 resolution or 6 fps at full resolution. Cost: $249 + $1.50/month power + $5/month for edge licensing (if any) = $6.50/month per camera amortized over 24 months.

AWS T4 GPU (cloud, shared). One T4 ($0.30/hr) handles ≈8 parallel 1080p25 streams with I3D (50ms per stream, 4 concurrent). Cost per camera: $0.30 × 24 ÷ 8 = $0.90/month compute + $0.05/month egress (1080p25 × 26 KB/sec × 2.6M seconds/month × $0.01/GB) = $0.95/month. Latency: 150–200ms. Add 50% for orchestration overhead: $1.43/camera/month.

AWS L4 GPU (cloud, better). One L4 ($0.60/hr) handles ≈15 streams. Cost: $0.60 × 24 ÷ 15 = $0.96/month compute + $0.05 egress = $1.01/month. Latency: 120–150ms. With overhead: $1.51/camera/month.

Rule of thumb: Edge (Jetson Nano) is cheaper <50 cameras. Cloud (T4/L4) wins at >100 cameras because orchestration cost is amortized. Hybrid (edge YOLO + cloud I3D) is sweet-spot at 50–500 cameras: $3–4/camera/month.

Datasets and benchmarks

UCF-Crime (1.9M frames, 128 hrs). Real surveillance video, 80 normal clips, 41 anomalous (fights, robberies, vandalism). Highly imbalanced. Used in every paper since 2017. Benchmark is video-level AUC (does the model rank anomalous videos higher than normal). Caveat: all anomalies are violent or criminal; models overfit to motion intensity.

ShanghaiTech (317 hrs, subway/street scenes). Frame-level annotations for pixel-level anomalies (loitering, crowd, etc.). More granular than UCF-Crime. Benchmark: pixel-level AUC or frame-level detection rate at low false-alarm rate.

Avenue & XD-Violence. Smaller benchmarks, specific scenarios (abandoned objects, violence). Rarely used in production (domain too narrow).

Street Scene. Recent (2024) 400-hr dataset of real CCTV from public spaces. More diverse anomaly types (bicycle theft, unauthorized entry, sleeping on bench). Becoming the industry standard but still fragmented across proprietary implementations.

Mini case study — construction site monitoring

Situation: A mid-size construction company with 12 active sites, each with 3–4 cameras. Goal: detect safety violations (workers without hard hats, equipment left unattended, unauthorized entry after hours) and trespassing. Current state: 15 operators watching dashboards 24/7, missing events on slow days, making mistakes on busy days.

Solution (week 1–4): We collected 2 weeks of continuous footage from 4 reference sites (40 hrs unlabeled video). Week 1–2: built a self-supervised MemAE on the 40 hrs (training cost: $50 on Lambda GPU cloud). Week 3: labeled 200 frames per site with safety violations (hard-hat detection via YOLO + pose, unattended equipment via DeepSORT gaps). Fine-tuned a supervised I3D on the 200 labeled frames per site. Week 4: deployed on edge (Jetson Orin in a weatherproof box per site).

KPIs (before/after, 8-week run): False alarms dropped from 47 per camera per day (operators disable system by week 2) to 8 per camera per day (acceptable, operators actively monitoring). Mean time to detect safety violations: 3.2 min (before: 12 min, contingent on which operator was watching). Undetected incidents: 2 out of 18 tracked (88% recall). Hardware cost: $249 × 36 cameras = $8,964 one-time. Operational cost: $2/camera/month (edge licensing + remote monitoring). Payback: $8,964 ÷ (5 accidents per year prevented × $50K incident cost) in under 2 weeks.

A decision framework — pick your approach in five questions

Q1. Do you have labeled anomaly data (frame-level or video-level timestamps)? Yes → Go to Q2. No → Go to Q3.

Q2. Do you have >500 labeled clips or >50k labeled frames? Yes → Use supervised (I3D, SlowFast, video-MAE fine-tuned). No → Use weakly-supervised (RTFM, MGFN) if you have >200 video-level labels; else use self-supervised pre-training + fine-tune on your small labeled set.

Q3. Do you have >3 months of continuous, unlabeled video from the same camera(s)? Yes → Pre-train video-MAE on your footage, fine-tune on small labeled set (Go to Q4). No → Use MemAE (unsupervised, no training time) or CLIP zero-shot (instant, no training).

Q4. Do you need real-time inference (<50ms latency) and can tolerate lower AUC (<85%)? Yes → Deploy X3D on edge (Jetson Nano). No → Deploy video-MAE fine-tuned on cloud (T4/L4 GPU).

Q5. Are your anomaly definitions stable, or do they change week-to-week? Stable → Commit to supervised or pre-trained self-supervised training (sunk cost, good ROI). Changing → Use CLIP zero-shot (update the prompt, no retraining) or a lightweight rule-based system (motion + object detection).

Five pitfalls that sink VAD projects

1. Data drift kills your model, not concept drift. You trained on July 2025 footage (daytime, green trees). September: leaves turn red, grass dies, sun angle changes. Your model performance drops 15–20% without retraining. Production teams don’t notice until operators start muting alerts. Solution: monitor AUC weekly (score your model on a holdout set from the previous week). Retrain every 4–6 weeks or whenever AUC drops >5%.

2. False-alarm fatigue destroys adoption. An operator sees 50 alerts per shift, 45 are false positives. By day 3, they disable notifications. By day 7, they disable the system. Solution: tune your threshold conservatively (start at 95% precision, accept 40% recall). Use a scoping call to define what your team actually cares about. Alerts should be rare and reliable.

3. Overfitting to the benchmark (UCF-Crime, ShanghaiTech). Papers report 90% AUC on UCF-Crime, then fail on your customer’s data (different lighting, camera angle, scene). UCF-Crime is violent crime only; it doesn’t cover loitering, unauthorized entry, or equipment theft. Solution: collect 2 weeks of your customer’s footage and validate your model there before signing a contract. A 15% AUC drop from benchmark to real-world is normal and acceptable.

4. Lighting, occlusion, and seasonal sensitivity. Night-vision CCTV (grayscale, high noise), heavy rain, moving shadows, and winter vs summer cause silent failures. YOLO confidence drops, tracking fails, and anomaly scores become noise. Solution: collect training/validation data across the full range of lighting and weather you’ll see. Use augmentation (random brightness, contrast, Gaussian noise) during training. Validate quarterly with footage from all seasons.

5. Scope creep into face recognition. A customer asks: “Can you identify the person running?” or “Alert if a known shoplifter enters the store”. This pivots you from anomaly detection into biometric identification, which is heavily regulated (EU AI Act banned mass biometric surveillance as of Feb 2025, Illinois BIPA, Texas BIPA-style). You’ll need legal review, opt-in consent, and a privacy-impact assessment. Solution: set clear scope boundaries in your contract. Offer object detection + trajectory (what they did, not who they are), not identification.

KPIs — what to measure

Quality KPIs (does the model detect real anomalies?). (1) AUC or ROC curve (threshold-agnostic measure of ranking ability; 90% = excellent, 70% = baseline, 50% = random guessing). (2) Precision at a fixed recall (e.g., “precision when we catch 80% of anomalies”). (3) Mean time to detect (MTTD) — how many seconds after an anomaly starts does the system alert? Typical targets: MTTD < 5 sec, precision > 80% at 70% recall.

Business KPIs (does the system reduce operational cost?). (1) False alarm rate per camera per day (FAR). Acceptable: < 10 per camera per day (one every 2–3 hours). (2) Undetected incidents per month (missed anomalies that operators found later or customers reported). (3) Operator dwell time on false positives (in seconds; if > 30 sec, the operator is investigating, wasting time). Target: < 5 min per operator per shift investigating false positives.

Reliability KPIs (does the system stay online and accurate?). (1) Uptime (% of cameras with inference running > 99.5%). (2) AUC drift (AUC week-over-week change; > 5% drop = trigger retraining). (3) Inference latency (p50, p99; target: p99 < 200ms for cloud, < 100ms for edge).

Compliance — GDPR, EU AI Act, BIPA

Video surveillance is heavily regulated. VAD systems must clear three gates:

GDPR (EU, EEA). Frames are personal data if they identify or could identify a person. If you process video in the EU or store it on EU servers, GDPR applies. Requirements: (1) Lawful basis (public safety, employer right to monitor, contract). (2) Data minimization (keep frames only as long as needed; anomaly detections can stay, raw frames should be deleted after 72 hours unless legally required). (3) Right to explanation (operators must be able to understand why the system flagged an anomaly). Recommendation: deploy edge inference so frames never leave the camera premises; send only anomaly alerts (timestamp, confidence, object class) to the cloud.

EU AI Act (2025 onwards). Real-time biometric mass surveillance (facial recognition across an open crowd) is banned. Biometric mass surveillance includes re-identification (matching a person across cameras using appearance embeddings). Anomaly detection per se is not banned, but using it to identify individuals is. Recommendation: detect events (person running, crowd gathering), never identities.

BIPA (Illinois, Texas expanding). Requires informed consent before capturing or using biometric data (face, fingerprints, voice, gait). VAD systems must disclose biometric use (if any) and offer an opt-out. Fines: $1,000–$5,000 per violation. Recommendation: avoid appearance-based re-identification; if you must use it, clearly label it in privacy notices and provide an opt-out.

When NOT to use AI video anomaly detection

Neural VAD is powerful but expensive. Sometimes classical computer vision wins. Consider a rule-based system if:

Your anomalies are spatially or temporally simple. “Alert if a person enters zone A.” Object detection (YOLO) + zone rules beats any neural anomaly detector. Cost: $0/camera (just YOLO on edge). Latency: 50ms. You’re done in a week.

You have fewer than 10 cameras. Neural VAD is a fixed cost (months of engineering) amortized across cameras. At 5 cameras, a rule-based system is faster and cheaper. At 500 cameras, neural beats rules.

Your camera setup is unstable or will change frequently. If the camera moves, rotates, or is replaced every 3 months, retraining the neural model becomes a constant burden. Rules (zone coordinates) are easier to adapt.

Regulatory risk is high. If your jurisdiction is uncertain about biometric surveillance, or if your customer demands zero AI involvement, rules give you an audit trail and are trivially explainable. Neural models can hallucinate; rules cannot.

FAQ

What to read next

Video anomaly detection in 2026 — pick the right architecture

Video surveillance anomaly detection has matured into five pragmatic paradigms: supervised (90% AUC, needs 500+ labels), weakly-supervised (84% AUC, needs video-level labels only), self-supervised (88% AUC fine-tuned, requires unlabeled backlog), transformer-based (90% AUC, state of the art but 150–200ms latency), and zero-shot (60% AUC, instant, no training). Pick based on your data maturity, latency budget, and camera count. Deploy YOLO+DeepSORT for object tracking, feed temporal features to I3D or video-MAE, and tune your threshold ruthlessly to keep false-alarm fatigue below operator tolerance (< 10 alerts per camera per day). Monitor AUC weekly and retrain every 4–6 weeks to fight data drift. Edge inference wins < 50 cameras; cloud wins > 100 cameras; hybrid (edge YOLO + cloud VAD) is the sweet spot at 50–500 cameras.

The gap between a research baseline (UCF-Crime paper) and a production system (anomalies your team actually cares about, with false alarms low enough that operators keep the system enabled) is 3–4 months of engineering and continuous observation. Start with supervised or weakly-supervised if you have labels; pre-train video-MAE on your backlog if you don’t. Validate aggressively on your own footage before signing a contract.

Fora Soft has shipped VAD systems on NetCam, DSI Drones, and 15+ customer networks. Our playbook is not theory; it’s production-battle-tested. If you’re starting a new deployment or scaling an existing pilot, we can scope your specific constraints in a 30-minute call and recommend the exact architecture and timeline for your use case.