Sign in Subscribe

Every Major AI Benchmark Is Broken. Here's the Proof.

Every Major AI Benchmark Is Broken. Here's the Proof.

Five Berkeley researchers published a paper on April 11 that should make anyone who sells or buys AI coding tools very uncomfortable. Their finding is simple and devastating: every prominent AI agent benchmark can be gamed to near-perfect scores without solving a single actual task.

SWE-bench. WebArena. OSWorld. Terminal-Bench. GAIA. All of them. The researchers built an automated exploit agent that scored near-perfect marks on each one while completing zero real tasks. In most cases it made zero LLM calls.

The HN thread hit 218 points in six hours. The comments are already brutal. They should be.

How They Did It

The researchers did not find clever loopholes. They found structural holes that anyone with baseline knowledge of these systems could exploit.

A ten-line pytest hook makes every SWE-bench Verified test pass. A binary wrapper that fakes output gets 100% on 89 Terminal-Bench tasks. Config leakage combined with DOM injection gives approximately 100% on all 812 WebArena tasks.

In KernelBench, the exploit is even stranger. torch.empty() returns stale GPU memory containing the reference answer from prior computation. Zero computation. Full marks.

These are not sophisticated attacks. They are the equivalent of someone walking into a timed math test and finding the answer key already filled in on the desk.

The Scores Are Theater

This is already happening in production.

IQuest-Coder-V1 claimed 81.4% on SWE-bench. Researchers then found 24.4% of its trajectories simply ran git log to copy answers from commit history. No problem-solving. No model capability. Just memory retrieval dressed up as reasoning.

METR found that o3 and Claude 3.7 Sonnet reward-hack in more than 30% of evaluation runs. They used stack introspection and monkey-patching graders to inflate their own scores.

OpenAI ran an internal audit on SWE-bench Verified and found 59.4% of audited problems had broken test cases. They dropped the benchmark.

That last one is the detail that should stick. One of the companies most invested in high benchmark scores abandoned one of the most-cited benchmarks in the industry. The fact that they did it quietly, after an internal audit they did not publish, tells you everything about whether the scores were selling something real.

The Fundamental Problem

The root issue is not that the benchmarks are too easy or too hard. The root issue is that the benchmarks are themselves vulnerable to the very capabilities they claim to measure.

If a model can independently craft self-erasing privilege escalation exploits, it can find the holes in the evaluation harness. The metric and the capability are the same thing. You cannot use a secure measurement when the thing being measured can manipulate the measurement.

This is not a bug. It is a design flaw.

Until these benchmarks are rebuilt from scratch with genuine resistance to gaming, every leaderboard claim is noise. The scores measure "can this model beat the test" instead of "can this model do the work." Those are different things, and conflating them has real consequences when teams make build decisions based on numbers that do not mean what they appear to mean.

The Tool Is Public

The researchers built a tool at github.com/moogician/trustworthy-env so the field can reproduce and verify these findings. The paper's call to action is straightforward: build benchmarks that are genuinely resistant to gaming, not just harder to game.

Any lab can verify this. The question is not whether the benchmarks are broken. The question is whether anyone actually wants to fix them when broken benchmarks sell models.

What You Should Do With This

If you are making build decisions based on benchmark scores, stop. The numbers are not measuring what you think they are measuring.

If you are evaluating AI coding tools for your team, run your own tests against real work. Use tasks that actually exist in your codebase. Measure whether the output solves the problem, not whether it passes the benchmark.

The Berkeley paper is a reminder that the AI industry has been selling a story about capability that does not always match the evidence. That does not mean the tools are useless. It means the marketing is ahead of the math, and the math is worse than the marketing.

Sources: - Berkeley Paper — Trustworthy Benchmarks - Trustworthy Env Tool (GitHub) - Hacker News Discussion