How We Broke Top AI Agent Benchmarks: And What Comes Next

4/11/2026 at 7:50:03 PM

This is a phenomenal paper on exploits and hopefully changes the way benchmarking is done.

From the paper: We achieved near-perfect scores on all of them without solving a single task. The exploits range from the embarrassingly simple (sending {} to FieldWorkArena) to the technically involved (trojanizing binary wrappers in Terminal-Bench), but they all share a common thread: the evaluation was not designed to resist a system that optimizes for the score rather than the task.

by ggillas

4/11/2026 at 9:40:51 PM

> hopefully changes the way benchmarking is done

The purpose of a system is what it does.

AI companies want adcopy, not legitimate benchmarks. Even this very paper will be twisted into a means to that end. "Oooo, AI is exploiting our benchmarks. Scary alignment problem!!!one! Our AI is so good we can't contain it, INVEST NOW!"

by SlinkyOnStairs

4/12/2026 at 12:57:50 AM

I work at OpenAI and I really don't find this to be the case.

We're pretty diligent about applying search blocklists, closing hacking loopholes, and reading model outputs to catch unanticipated hacks. If we wanted to, we could choose to close our eyes and plug our ears and report higher scores for Terminal-bench, SWE-bench, etc. that technically comply with the reference implementation but aren't aligned with real value delivered to users, but we don't do this. My impression is that Anthropic and other labs are similar. E.g., in the Sonnet 4.6 system card they use a model to detect potential contamination and manually score those outputs as 0 if human review agrees there was contamination. If all the labs cared about was marketing material, it would be quite easy not to do this extra work.

There are ton of other games you can play with evals too (e.g., test 100 different model checkpoints or run secret prompt optimization to steer away from failing behaviors), but by and large what I've seen inside OpenAI is trustworthy.

I won't say everything is 100% guaranteed bulletproof, as we could always hire 100 more SWEs to improve hack detection systems and manually read outputs. Mistakes do happen, in both directions. Plus there's always going to be a bit of unavoidable multiple model testing bias that's hard to precisely adjust for. Also, there are legitimate gray areas like what to do if your model asks genuinely useful clarifying questions that the original reference implementation scores as 0s, despite there being no instruction that clarifying questions are forbidden. Like, if you tell a model not to ask clarifying questions is that cheating or is that patching the eval to better align it with user value?

by tedsanders

4/12/2026 at 10:00:16 AM

I remember the gpt-5 benchmarks and how wildly inaccurate they were data-wise. Linking one[0] that I found so that other people can remember what I am talking about. I remember some data being completely misleading or some reaching more than 100% (iirc)

And this is something which has reached the public eye in one of the most anticipated videos basically. So I find it a bit rough as to think that OpenAI has the best practices for data, and if the public can be shown these inaccurate graphs themselves on based on benchmarks. I find it a bit harder to trust the benchmarks themselves and if OpenAI wants legitimate benchmarks.

Also I find it wild that after 1 month of this, nobody talked about it. I remember thinking that this is gonna be the highlight for a long time that a mega billion dollar company did such basic graph errors. I feel like we are all forgetting a lot of things as our news cycle keeps on moving faster.

(Another tangential point is about the OpenAI/Google employees who had signed the pledge yet nothing came out of it and this is something more recent & I also remember one of your comments on Hackernews.)

> I'm an OpenAI employee and I'll go out on a limb with a public comment. I agree AI shouldn't be used for mass surveillance or autonomous weapons. I also think Anthropic has been treated terribly and has acted admirably. My understanding is that the OpenAI deal disallows domestic mass surveillance and autonomous weapons, and that OpenAI is asking for the same terms for other AI companies (so that we can continue competing on the basis of differing services and not differing scruples). Given this understanding, I don't see why I should quit. If it turns out that the deal is being misdescribed or that it won't be enforced, I can see why I should quit, but so far I haven't seen any evidence that's the case. [1]

This is a bit off-topic so sorry about that, but I hope that you realize that you did say you will go out on a limb with public comment so please don't mind if I ask for some questions, everyone supported you then and heck, even I thought that maybe I was wrong and I thought that I should trust you more than my gut-instincts because you clearly must know so much more than me/us but that aged like fine milk.

I would really love some answers or your thoughts now on that off-topic thought as well if possible as these are just some questions which are unanswered by you and I would love to have a respectful discussion about it, sorry for catching you off guard, waiting for your reply and I wish you to have a nice day ted.

[0]: https://www.reddit.com/r/BetterOffline/comments/1mk6ofz/gpt5...

[1]: https://news.ycombinator.com/item?id=47191196

by Imustaskforhelp

4/12/2026 at 1:17:15 AM

>The purpose of a system is what it does.

I am so tired of this saying.

It's not true, in general. Systems almost universally have unintended consequences and result in side effects their designers did not foresee.

Designing benchmarks resistant to adversarial attempts to exploit the benchmark software is just something no one was thinking about when they created SWE-bench.

by Legend2440

4/12/2026 at 3:49:20 AM

https://en.wikipedia.org/wiki/The_purpose_of_a_system_is_wha...

You are misunderstanding the saying. It is entirely about unintended consequences and viewing the system for what it actually does and not any stated intentions of the designers.

by burpingtree

4/12/2026 at 4:33:43 AM

I will propose that you are wrong.

1. We must ignore the intentions of the designers (your claim), and instead see what the outcomes are

2. Therefore we should ignore Beer's intentions when designing the phrase POSWID, and instead see how it is used.

3. The overwhelming majority of people using it on the internet (including the GP comment) is to imply that the people perpetuating the system actually desire the outcome.

So the purpose of POSWID is clearly to imply intent.

by aidenn0

4/12/2026 at 4:03:29 AM

Well that’s stupid and completely ignores the meaning of the word “purpose”.

by jimbokun

4/12/2026 at 9:58:44 AM

If you accept what the system actually does now, and decides to live with it as it is, you just deprecated the original "purpose" and made it irrelevant. You embraced "the purpose is what it does" - to you.

IMHO the saying is meant to make you reflect.

by actionfromafar

4/12/2026 at 6:58:53 AM

It does not ignore the word. It subverts it, and that's the point. It's the system equivalent of "death of the author", which states that omes a work is written, the authors intent loses relevance and the work must be examined on its own. The aurhors opinion or relationship to the work carries no more weight than any other persons.

That's not "true" in any demonstrable sense, but it can be a useful form of analysis. As it is with "purpose of a system"

by delusional

4/12/2026 at 10:05:46 AM

I'd go further and say this is also the cybernetics equivalent of the religious teachings about humans, specifically the whole "judge by one's deeds, not by one's words" thing. So it's not like it's a novel idea.

Also worth remembering that most systems POSIWID is said about, and in fact ~all important systems affecting people, are not designed in the first place. Market forces, social, political, even organizational dynamics, are not designed top-down, they're emergent, and bottom-up wishes and intentions do not necessarily carry over to the system at large.

by TeMPOraL

4/12/2026 at 1:46:30 AM

I think the point is that if the side effects become known and are accepted, or if they are known and rejected, then indeed the purpose of the system is what it does.

by hrimfaxi

4/12/2026 at 7:47:31 AM

I think the point of the saying is that as systems tend to expand, sooner or later we become part of them. That means that we can no longer see them from outside, we're now part of the system and our goals and the system's goals will align. Then the purpose of the system can't be anything else than what it does.

by nurbl

4/12/2026 at 3:19:23 AM

Same. Anyone who has designed anything at all in any domain realizes that what your intentions are and what materializes are often not the same. You have practical constraints in the real world. That doesn’t somehow make the constraints the purpose. The saying makes no sense.

by user3939382

4/12/2026 at 12:13:40 AM

That is Anthropic’s shtick to a tee.

by anon373839

4/12/2026 at 2:43:22 AM

Funny, I just made https://model-tracker.com because model performance change all the time, and it would be good to have a subjective signal of what people are actually feeling today. And also, benchmarks are flaky af as this paper shows.

The idea is knowing what to try first today saves a bit of time.

by keepamovin

4/12/2026 at 3:27:28 AM

Interesting, little different than this other site I saw on HN this week:

https://marginlab.ai/trackers/claude-code

by Barbing

4/12/2026 at 2:49:05 AM

I would love to see a stable test over time with a hold out set of easy/medium/hard challenges. I, like many others, have noticed a large drop in recent performance w/ Claude Opus (and Sonnet) and more sites like these would hold the labs more accountable to sneaky backend changes that nerf/degrade performance.

by siliconc0w

4/12/2026 at 2:55:08 AM

working on something similar to evaluate model performance over time using tasks based on your own code. obviously this is still susceptible to the same hacking mechanics documented here, but at a local level, it's easier to detect/fix, and should give a stronger signal of subjective harness/agent/context performance than these large generic benchmarks

also I keep hearing complaints that opus is nerfed, but IMO it's nice to have objective data to back that. I feel like half of the nerfing complaints are people getting past honeymoon phase...

by bisonbear

4/11/2026 at 7:55:36 PM

>hopefully changes the way benchmarking is done.

Yeah the path forward is simple: check if the solutions actually contain solutions. If they contain exploits then that entire result is discarded.

by operatingthetan

4/11/2026 at 8:07:54 PM

Could it really be that not only we vibeslop all apps nowadays but also don't care to even check how ai solved a benchmark it claimed solved?

by siva7

4/12/2026 at 5:09:05 AM

This is already well known, all these AI benchmarks use a different model to judge whether or not the solution was correct.

It’s… remarkably poor, and as demonstrated in the paper, easily gamed. Worst yet, these benchmarks teach AIs to be very short-sighted and hyper-focused on completing the task, rather than figuring out the best solution.

by stingraycharles

4/11/2026 at 10:39:35 PM

Every ai labs train on the test set. That is a big part of why we see benchmark climbing from 1% to 30% after a few models iterations

by retinaros

4/12/2026 at 3:57:51 AM

Models themselves definitely aren't getting better.

by latentsea

4/11/2026 at 8:39:15 PM

Frontier model developers try to check for memorization. But until AI interpretability is a fully solved problem, how can you really know whether it actually didn't memorize or your memorization check wasn't right?

by SpicyLemonZest

4/11/2026 at 8:16:24 PM

Probably a more interesting benchmark is one that is scored based on the LLM finding exploits in the benchmark.

by operatingthetan

4/11/2026 at 8:24:34 PM

In human multiple choice tests they sometimes use negative marking to discourage guessing. It feels like exploits should cancel out several correct solutions.

by ZeroGravitas

4/11/2026 at 9:29:28 PM

Unfortunately, very few LLM benchmarks do this. LLMs get such high scores on many benchmarks because there's no difference between answering "I don't know" as giving a made up answer, and made up answers can improve the score some of the time, so by chasing higher benchmark numbers on these kinds of benchmarks, the labs are prioritizing guessing over accuracy.

The Artificial Analysis Omniscience benchmark does penalize guessing, so it actually helps you determine which LLMs are likely to just guess rather than telling you they don't know. Only a very few of the frontier models actually score higher than 0 on this, where 0 means that it's equally likely to return a correct answer as it is to return a hallucination on factual questions.

by lambda

4/12/2026 at 7:57:06 AM

But that requires me to do things :(

by nananana9

4/11/2026 at 8:02:48 PM

Also, fuzz your benchmarks

by Leynos

4/11/2026 at 11:49:17 PM

solution is simple:

if bug { dont }

by Aperocky

4/12/2026 at 12:13:37 AM

> evaluation was not designed to resist a system that optimizes for the score rather than the task.

Welcome to benchmarks in general, but especially reasoning. Robustness and sensitivity research says nothing is robust, everything is sensitive, feels like every paper says "yeah we made a new benchmark that shuffles the order of multiple choice options in the question set and found a 40% drop in model performance"

by robot-wrangler

4/11/2026 at 7:59:01 PM

2024: Industry group invalidates 2,600 official Intel CPU benchmarks — SPEC says the company's compiler used unfair optimizations to boost performance https://www.tomshardware.com/pc-components/cpus/spec-invalid...

2003: Nvidia accused of cheating in 3DMark 03 https://www.gamespot.com/articles/nvidia-accused-of-cheating...

It's almost like the benchmarks were designed with zero understanding of the history of benchmark manipulation.

I like what LLM's are doing and providing. But the industry as a whole seems to live in a vacuum that ignores so much of the hard lessons that have been learned over the last 50 years of computing. It is doing itself a disservice.

by zer00eyz

4/11/2026 at 8:51:23 PM

What was the cheat in the 2024 Intel situation? The TomsHardware article and the Phoronix article they linked were quite vague. (Not to say I have any doubts, just curious, hadn’t heard of this one).

by bee_rider

4/11/2026 at 11:37:19 PM

Intel basically benchmaxxed their compiler optimizations. They used detailed knowledge of the benchmark to make their compiler generate machine code to do better on the benchmark in a way that was not beneficial for non-benchmark scenarios.

by BugsJustFindMe

4/12/2026 at 6:07:56 AM

I assumed as much, I’m just wondering what exactly they did. For example IIRC some phone company would detect that a benchmark was running by checking for the program name, and then allow the clock to boost higher (increase thermal limits) if it was a benchmark (like you could literally avoid the cheating behavior by changing the name of the program being run).

by bee_rider

4/11/2026 at 8:06:49 PM

> It's almost like the benchmarks were designed with zero understanding of the history of benchmark manipulation.

I wonder if this common? We should call it Goodharts law while someone does the research on how common this is.

For real, I’ve assumed from the jump these things were all gamed, with the amount of money on the line.

by irishcoffee

4/11/2026 at 9:33:05 PM

This is an interesting catalog of vulnerabilities, but I'm not sure how groundbreaking the main insight is.

Evaluating AI models has always relied largely on trust. If you want to game the benchmarks, you can. Simply train on your test data.

When an AI agent has autonomous control over the same computing environment where its scores are recorded, it's not surprising that it can, in principle, falsify its scores. A more interesting question would be whether agents behave in this way automatically, without manual tuning by the researcher.

That said, the main takeaway of "don't trust the number, trust the methodology" is valid. It's already a truism for researchers, and spreading the word to non-researchers is valuable.

by mzelling

4/12/2026 at 12:42:26 AM

This isn't even training on the test data.

This is modifying the test code itself to always print "pass", or modifying the loss function computation to return a loss of 0, or reading the ground truth data and having your model just return the ground truth data, without even training on it.

by jmalicki

4/12/2026 at 2:09:19 AM

If you're prepared to do that you don't even need to run any benchmark. You can just print up the sheets with scores you like.

There if a presumption with benchmark scores that the score is only valid if the benchmark were properly applied. An AI that figures out how to reward hack represents a result not within the bounds of measurement, but still interesting, and necessitates a new benchmark.

Just saying 'Done it!' is not reward hacking. It is just a lie. Most data is analysed under the presumption that it is not a lie. If it turns out to be a lie the analysis can be discarded. Showing something is a lie has value. Showing that lying exists (which appears to be the level this publication is at) is uninformative. All measurements may be wrong, this comes as news to no-one.

by Lerc

4/12/2026 at 3:10:21 AM

I think the point of the paper is to prod benchmark authors to at least try to make them a little more secure and hard to hack... Especially as AI is getting smart enough to unintentionally hack the evaluation environments itself, when that is not the authors intent.

by jmalicki

4/12/2026 at 12:22:31 AM

Yep. I think the idea that the benchmark is determinative is just as deluded as the notion that it should be unbreakable.

Benchmarks are on the honor system. Even the tightest benchmark can be cheated. If the benchmark is so secret and air-gapped that it can't be cheated by models, it can be cheated by its own authors. You can't use benchmarks to gate out cheating.

If you don't have the honor system in mind when you're reading scores, you're wasting your time. Is it some unknown outfit with wild claims? Is it connected to Epstein, Russia, the real estate "industry", or sleazeballing in general? Do they have previous history of ratgaming the numbers? Replace its scores with asterisks and move on.

by boring-human

4/12/2026 at 12:37:12 AM

> I'm not sure how groundbreaking the main insight is.

I think it likely is groundbreaking for a number of people (especially non-tech CTOs and VPs) who make decisions based on these benchmarks and who have never wondered what the scores are actually scoring.

by jmye

4/12/2026 at 2:58:36 AM

I'm not sure if the paper's findings are all that actionable. The paper doesn't say "here's how benchmarks are currently being gamed." It says "here's how benchmarks could in theory be gamed."

Whether benchmark results are misleading depends more on the reporting organization than on the benchmark. Integrity and competence play large roles in this. When OpenAI reports a benchmark number, I trust it more than when that same number is reported by a couple Stanford undergrads posting "we achieved SOTA on XYZ benchmark" all over Twitter.

by mzelling

4/12/2026 at 3:34:41 AM

I think that’s totally fair!

I guess I look at this less as an “ah ha! They’re all cheating!” and more of a “were you guys even aware of what the benchmarks represented and how they checked them?”

by jmye

4/11/2026 at 10:02:24 PM

[dead]

by hawk_aa

4/11/2026 at 8:20:10 PM

If only the blog itself wasn't written by AI?

>No reasoning. No capability. Just exploitation of how the score is computed.

shudder

by danslo

4/11/2026 at 8:39:54 PM

Yes, marks of AI all over the place. Also the SVGs.

>No solution written, 100% score.

Its weird. Turns out that hardest problem for LLMs to really tackle is long-form text.

by cpldcpu

4/11/2026 at 8:59:11 PM

Maybe in one shot.

In theory I would expect them to be able to ingest the corpus of the new yorker and turn it into a template with sub-templates, and then be able to rehydrate those templates.

The harder part seems to be synthesizing new connection from two adjacent ideas. They like to take x and y and create x+y instead of x+y+z.

by basch

4/12/2026 at 3:58:22 AM

Most of the good major models are already very capable of changing their writing style.

Just give them the right writing prompt. "You are a writer for the Economist, you need to write in the house style, following the house style rules, writing for print, with no emoji .." etc etc.

The large models have already ingested plenty of New Yorker, NYT, The Times, FT, The Economist etc articles, you just need to get them away from their system prompt quirks.

by Quarrel

4/12/2026 at 5:22:50 AM

No, the failure is the human written prompt

by benob

4/12/2026 at 8:23:29 AM

You know, after a while this excuse is not valid anymore.

by not_that_d

4/11/2026 at 9:01:03 PM

Someone here mentioned a whole ago that the labs deliberately haven't tried to train these characteristics out of their models, because leaving them in makes it easier to identify, and therefore exclude, LLM-generated text from their training corpus.

by sidpatil

4/11/2026 at 10:24:03 PM

But it's odd that these characteristics are the same across models from different labs. I find it hard to believe that researchers across competing companies are coordinating on something like that.

by blymphony

4/11/2026 at 8:59:12 PM

I wonder what college freshman-level writing classes are teaching about writing voice and AI. The tell-tale patterns are pretty frustrating to read.

by alexchantavy

4/11/2026 at 10:44:48 PM

Whatever classes these guys took, they skipped the one on scientific misconduct.

by stefan_

4/12/2026 at 12:48:14 AM

Agreed. The premise is interesting but reading content like this is grating.

by wxw

4/12/2026 at 7:14:47 AM

im actually getting so tilted that people can't just be forthcoming about when they used AI to write something. 99% of readme.mds i run into now on github piss me off. out of all the things people could cede to automation, they foolishly went and self-owned their ability to communicate. smfh.

if you've worked on something diligently and understand it and have novel insight to share, let's hear _your_ damn voice.

by trueno

4/12/2026 at 4:51:31 AM

What exactly is making you shudder - the writing style, or the fact that AI was used at all? Because if it's the latter, just so you know, you're going to be shuddering for the rest of your life.

by 0xbadcafebee

4/12/2026 at 2:27:34 AM

Writing is still an art, and AI will never be able to do it well like all other forms of art.

by 1270018080

4/11/2026 at 8:39:39 PM

[flagged]

by gaythread

4/12/2026 at 5:27:09 AM

This is great work by Dawn Song 's team. A huge part of botsbench.com for comparing agents & models for investigation has been in protecting against this kind of thing. As AI & agents keep getting more effective & tenacious, some of the things we've had to add protections against:

- Contamination: AI models knowing the answers out of the gate b/c pretraining on the internet and everything big teams can afford to touch. At RSAC for example, we announced Anthropic's 4.6 series is the first frontier model to have serious training set contamination on Splunk BOTS.

- Sandboxing: Agents attacking the harness, as is done here - so run the agent in a sandbox, and keep the test harness's code & answerset outside

- Isolation: Frontier agent harnesses persist memory all over the place, where work done on one question might be used to accelerate the next. To protect against that, we do fresh sandboxing per question. This is a real feature for our work in unlocking long-horizon AI for investigations, so stay tuned for what's happening here :)

"You cannot improve what you cannot measure" - Lord Kelvin

by lmeyerov

4/12/2026 at 8:59:31 AM

Benchmark is not designed for the red team testing. I don't even think it make sense to "fix" the issue the article is suggesting. Yes, you can break the running contest by driving a car. Does this mean we need to make running contest car-proof?

by rapiz

4/11/2026 at 7:52:40 PM

> “These are not isolated incidents. They are symptoms of a systemic problem: the benchmarks we rely on to measure AI capability are themselves vulnerable to the very capabilities they claim to measure.”

As a researcher in the same field, hard to trust other researchers who put out webpages that appear to be entirely AI-generated. I appreciate it takes time to write a blog post after doing a paper, but sometimes I'd prefer just a link to the paper.

by Cynddl

4/11/2026 at 8:50:33 PM

I think we should all consider the possibility that part of the reason Anthropic hasn't immediately released Mythos is that it would be slightly disappointing relative to the benchmark scores.

by lukev

4/11/2026 at 9:02:36 PM

The models don’t get better on every dimension as they scale up - there’s trade offs.

I’m convinced specialised models are the way but this means writing off the investment in existing assets which they won’t do for obvious reasons.

by eiens

4/12/2026 at 1:00:11 AM

This was my suspicion. They had a bad training run that was really good at a few things.

by mortsnort

4/12/2026 at 4:13:58 AM

Doesn't seem to match the buzz internally at Anthropic about it?

by latentsea

4/12/2026 at 2:14:31 AM

[dead]

by eiens

4/11/2026 at 8:43:59 PM

The more research on this topic is created, the more knowledge how to game them will be stored in future training data. And since it comes from university, it is ranked higher in data corpus. It sounds like a self fulfilling prophecy.

by SoKamil

4/11/2026 at 8:45:32 PM

Damned old Goodhart's Law: "When a measure becomes a target, it ceases to be a good measure".

https://en.wikipedia.org/wiki/Goodhart%27s_law

by abirch

4/12/2026 at 5:11:02 AM

There are two independent issues here and I've seen people conflating them in this thread. Let's clarify:

1. Should you care or even read SWE-bench etc. scores?

The answer is no, but it has nothing to do with the vulnerabilities presented in this article. There is absolutely no reason to care about a benchmark whose dataset has been publicly available for a while. Any other way to look at benchmark scores is cargo-culting.

2. What does this article actually tell us?

It means that even if you prepared a private set of problems as benchmark, you still need to pay extra attention to how AI actually solves them. You can't lie to yourself and think this process can be 100% automated, because LLMs, as this article shows, might get the tests passed without solving the problems in a meaningful way.

by raincole

4/11/2026 at 9:07:03 PM

Yes good evals are really hard - that’s not really news.

This team is doing a good job. They use problems that were created in last 30days to avoid training set leakage. https://swe-rebench.com/

by bbcc90

4/11/2026 at 11:25:33 PM

It feels like short-term thinking has been trained into LLMs.

They're good at solving well-defined puzzles under time constraints. It's interesting because that was the benchmark for hiring software engineers at big tech. The tech interview was and still is about fast puzzle-solving. Nothing about experience, architecture or system design in there... I suspect that's why it has a bias towards creating hacks instead of addressing the root cause.

by socketcluster

4/12/2026 at 12:11:40 AM

I tend to prefer the ARC-AGI benchmarks for the most part. But it's always interesting when a new version drops, all the frontier models drop less than 20% or something. And then in the next few releases they get all they way up to 80%+. If you use the models it doesn't feel like those models are that much more generally intelligent.

Most frontier models are terrible at AGI-3 right now.

These models are already great no question, but are they really going be that much more intelligent when we hit 80% again?

by spprashant

4/11/2026 at 11:32:21 PM

If FieldWorkArena treats any answer as correct answer, then everyone would be getting near 1.0 (missing only when the agent is stuck in a loop or crashes). That obviously isn't what we see on their leaderboard. So does it mean the paper only found a bug in some eval code on github that no one actually uses for anything? That doesn't seem to support their claim that AI benchmarks are broken, it only supports the claim that "unused code is often buggy".

(Not commenting on any other benchmarks, just this one.)

by _cs2017_

4/12/2026 at 4:35:28 AM

> But even setting aside the leaked answers, the scorer’s normalize_str function strips ALL whitespace, ALL punctuation, and lowercases everything before comparison. This means:

I don't understand the concern here

by usaar333

4/12/2026 at 4:18:36 AM

whats the point of doing this. You have found loop holes to exploit and aced the benchmark.We did something similar with the DAB Benchmark. This exploit seems like an extension of it with lookups for the gold standard for other benchmarks.

UC Berkley will be better placed if the grads spend their time in suggesting ways to make the benchmark better.. Instead of making such simple exploits

by thinkevolve

4/11/2026 at 8:07:57 PM

I'm honestly confused by the design of SWE-bench and why is considered reliable.

It's based on existing GitHub PRs and Issues, the full dataset is on HuggingFace and is one year old now. All frontier models 100% have those issues and PRs in their training data so obviously they are good at reproducing fixes for them when confronted with the same codebase and similar requests. Am I missing something? How is this considered the most reliable benchmark?

by lnrd

4/11/2026 at 8:36:16 PM

Frontier model developers do not consider SWE-bench to be reliable. OpenAI announced in February (https://openai.com/index/why-we-no-longer-evaluate-swe-bench...) that they consider it hopelessly contaminated, advocating for a new version SWE-bench Pro that was published more recently. (They seem to believe that even the publicly accessible part of the SWE-bench Pro problem set will be more resistant to training set contamination issues in the future, for reasons that to be honest I don't really understand.)

by SpicyLemonZest

4/12/2026 at 12:35:41 AM

This exploiting of benchmarks isn't that interesting to me since it would be obvious. The main way I assume they're gaming the benchmarks is by creating training data that closely matches the test data, even for ARC where the test data is secret.

by davebren

4/12/2026 at 12:41:01 AM

They said they used things like submitted a `conftest.py` - e.g. what would be considered very blatant cheating, not just overfitting/benchmaxxing. Did you read the AI slop in the post?

This is basically a paper about security exploits for the benchmarks. This isn't benchmark hacking like having hand coded hot paths for a microbenchmarks, this is hacking like modifying the benchmark computation code itself at runtime.

by jmalicki

4/12/2026 at 12:49:08 AM

I get it, but why would anyone trust what these companies say about their model performance anyway. Everyone can see for themselves how well they complete whatever tasks they're interested in.

by davebren

4/11/2026 at 9:21:25 PM

I wonder if this puts into question the mythos benchmark which smashed basically all coding benchmarks to a staggering degree.

by czhu12

4/12/2026 at 7:54:47 AM

This is a cracker wow

by Frederick0

4/12/2026 at 12:34:52 AM

It's still a good benchmark to see which model cheats the best, I suppose.

by arikrahman

4/11/2026 at 7:53:35 PM

I always assumed that these benchmarks would happen in a sandbox. I'm surprised that no one realized this sooner.

by charcircuit

4/12/2026 at 3:33:41 AM

Running benchmarks at scale and protecting against reward hacking is non-trivial.

by revel

4/11/2026 at 7:59:22 PM

I'm surprised anyone took them seriously in the first place.

by ModernMech

4/11/2026 at 10:12:43 PM

What else can people do? Try the dozen of commercial offerings themselves? Okay I suppose that's doable, you task one engineer to try them one by one for one month. But then the next model drops and you start all over again...

But then what about local models? You have hundreds of variations to test yourself. It's simply not doable unless it's your full time hobby.

You need benchmarks to at least separate the cream from the crop, so you're left with only a few choices to test yourself.

by tredre3

4/11/2026 at 8:10:14 PM

a LOT of the people who love benchmarks are middle management hard-selling GenAI/LLM as magic tech sauce to vaguely technical executives who only want to know about the money aka headcount savings they so desperately desire.

their collective butts are already glued to the hype train as they chase numbers they (often) manufactured to justify the latest round of tech spend.

lots of good use cases out there - like the incredible progress with medical imaging analysis or complex system models for construction - and lots of crap use cases that need benchmarks to cosplay relevance.

by subulaz

4/11/2026 at 8:01:06 PM

We need good benchmarks or we are just left following the hype train.

by operatingthetan

4/12/2026 at 7:54:57 AM

This is a cracker wow!!

by Frederick0

4/12/2026 at 4:31:28 AM

The fact these guys got an LLM to write that page about this is diabolical.

Unreadable.

by avazhi

4/11/2026 at 8:39:43 PM

Not really on the topic, but I have wondered if we need a different type of test to help find model architecture potential. Standardized training sets followed by testing to see the potential curves of a model. train on x, test, add y, test, add z, test. At each increment you see how well the model is absorbing the information and extrapolate how well that architecture may do if more fully trained.

by jmward01

4/11/2026 at 8:41:06 PM

The real question is how to close to VW and Deiselgate are these offenses? And what exposure do these companies have? I would assume securities fraud, if only because Matt Levine says everything is securities fraud.

by jgalt212

4/11/2026 at 8:14:13 PM

what are the point of benchmarks?

by oliver236

4/11/2026 at 8:16:51 PM

If there was not benchmark, number would not go up.

by andai

4/11/2026 at 9:20:33 PM

Are you serious? To help you pick a model.

by esafak

4/12/2026 at 9:55:06 AM

[dead]

by sanghyunp

4/12/2026 at 7:41:59 AM

[dead]

by arthi1899

4/12/2026 at 5:15:14 AM

[dead]

by telivity-real

4/12/2026 at 8:30:45 AM

[dead]

by genie3io

4/12/2026 at 7:59:00 AM

[dead]

by neuzhou

4/11/2026 at 11:24:37 PM

[dead]

by vampiregrey

4/11/2026 at 8:38:43 PM

[dead]

by rajptech

4/12/2026 at 12:09:32 AM

[dead]

by usefulpatch

4/12/2026 at 1:34:45 AM

[flagged]

by semanticintent

4/12/2026 at 2:18:44 AM

> A validator that checks "did the assistant reply?" instead of "was the reply correct?" was never a benchmark. It was a participation trophy

People can't even write a two paragraph comment without ai now

by esperent