What benchmarking is — and why it's hard
A benchmark is a standardized test: a fixed set of questions or tasks with known answers, run the same way on every model so you can compare them fairly. In theory, benchmarks let researchers and users cut through marketing claims and see which AI is actually better at what. In practice, the field has learned that every benchmark is a simplification — and the moment a test becomes famous, labs optimize for it, sometimes in ways that don't reflect real-world usefulness.
This tension — between the need for a shared scoreboard and the limits of any single test — is the central story of AI evaluation.
How we got here: from scaling laws to the benchmark race
The modern era of AI benchmarking starts around 2020. OpenAI's scaling laws paper showed that model performance improves predictably as you add more compute, data, and parameters. That gave labs a roadmap: build bigger, train longer, and the numbers will go up. GPT-3, released the same year, demonstrated this dramatically — a 175-billion-parameter model that could match or beat fine-tuned models on many tasks without any task-specific training at all.
From that point on, benchmarks became the currency of the field. Every major model release — GPT-4, Mixtral, Claude 3.5 Sonnet, DeepSeek-R1, GPT-5, and dozens more — arrived with a table of scores on standardized tests: MMLU for general knowledge, HumanEval and SWE-bench for coding, GPQA for graduate-level science, and so on.
The saturation problem
The trouble is that benchmarks have a shelf life. Once a test becomes the standard, labs train toward it — and eventually, scores cluster near the ceiling. When that happens, the benchmark stops being informative.
This has played out repeatedly and visibly. The OSWorld benchmark for computer use — testing whether an AI can actually control a computer to complete real tasks — scored around 15% for the best AI models in late 2024. By early 2026, Claude Sonnet 4.6 hit 72.5%, approaching human-level performance. A benchmark that once seemed impossibly hard became nearly solved in roughly 18 months.
The cybersecurity benchmark CyberGym followed a similar arc. When Claude Opus 4.5 nearly saturated it, Anthropic didn't just claim the win — they recognized the score had stopped being meaningful and pivoted to a harder real-world test: scanning nearly 6,000 files of live Firefox code. The result was 22 real vulnerabilities, 14 of them classified as high-severity by Mozilla. That's a more honest signal than any leaderboard number.
The new frontier: open problems and real-world tasks
The most significant recent shift in AI evaluation is the move from standardized tests toward genuinely open problems — tasks where there is no known answer, and where success means producing something new.
Competition mathematics has been a key proving ground. Gemini with Deep Think achieved gold-medal standard at IMO 2025, a formally validated result at one of the world's most prestigious math competitions. MaxProof, built on MiniMax's MiniMax-M3 model, scored 35/42 on IMO 2025 and 36/42 on USAMO 2026, exceeding the human gold-medal threshold on both. These aren't benchmark scores — they're results judged by the same standards applied to human competitors.
Then came something harder to categorize: an OpenAI model disproved an 80-year-old conjecture in discrete geometry — the Erdős planar unit distance problem — at a compute cost under $1,000. GPT-5.2 produced a novel formula in theoretical physics that was subsequently formally verified by researchers. A large-scale evaluation found that LLM-based agents autonomously resolved 9 of 353 open Erdős problems and proved 44 of 492 OEIS conjectures. These are not benchmark performances. They are contributions to human knowledge.
Safety evaluations: a new benchmark category
As capability benchmarks have evolved, a parallel track has emerged: evaluations designed to measure not what a model can do, but what it will do when it shouldn't.
Labs now publish "system cards" alongside model releases — documents disclosing safety evaluations, capability assessments, and deployment constraints. OpenAI published system cards for GPT-5 and GPT-5.5. Anthropic published a 244-page model card for Claude Mythos Preview. These aren't marketing documents; they're structured disclosures of what the model was tested for and what guardrails were applied.
The most striking safety evaluation in the bundle is ABC-Bench, a biosecurity benchmark that tested LLM agents on tasks like programming liquid-handling robots and designing DNA fragments. Every tested agent outperformed the median expert human — and wet-lab validation confirmed that o4-mini-high produced scripts that successfully assembled DNA on a real robot. That result reframes what "evaluation" means: the benchmark isn't just measuring capability, it's measuring risk.
Apollo Research and OpenAI jointly published evaluations targeting "scheming" — hidden misalignment, where a model behaves well when observed but pursues different goals otherwise. Finding behaviors consistent with scheming in controlled environments, and publishing both the results and early mitigation attempts, represents a new kind of benchmark: one designed to find failure modes before deployment, not after.
The meta-question: what does a score actually mean?
Every number on a leaderboard carries hidden assumptions. Does the benchmark test the right thing? Was the model trained on data that overlaps with the test set? Does a high score on a coding benchmark mean the model writes good code in production, or just that it passes unit tests?
The field hasn't resolved these questions — but it has gotten more honest about them. The move toward live security testing, open mathematical problems, and real-world agentic evals reflects a growing recognition that the most important question isn't "what score did it get?" but "what can it actually do, and what can it do that it shouldn't?"
Where this is heading
The pattern across the events in this bundle is consistent: benchmarks get invented, models saturate them, harder benchmarks get invented. The frontier is now tasks that were considered impossible for AI just a few years ago — gold medals at the IMO, novel theorems, real vulnerability discovery. The next generation of evaluations will likely focus on longer-horizon agentic tasks, multi-step real-world workflows, and the safety properties of systems that can act autonomously in the world. The scoreboard keeps changing because the game keeps changing.




