The model topped SWE-bench Verified at seventy-something percent. The vendor's blog post had a bar chart with our competitor's logo sitting lower on it. Procurement loved that chart. Three weeks later the thing was parked in our ticket queue opening PRs that passed CI and got rejected by every senior on the team, and I was the one writing the postmortem on why we'd paid for it.
Short version of the swe-bench coding agent benchmark reality: the leaderboard measures whether a model can patch a sub-one-hour Python bug inside a Docker container that someone already proved was solvable. Your repo is not that container. Your repo has flaky CI, a module nobody deploys on Fridays, and a half-finished refactor on a stacked branch that the last engineer rage-quit in the middle of.
The people who built the scoreboard walked away from it
On February 23, 2026, OpenAI's Frontier Evals team publicly stopped reporting on SWE-bench Verified. Not a competitor talking its own book. Not a skeptic with a Substack. The team whose models had been topping the thing. Their stated reason: the gains "no longer reflect meaningful improvements in models' real-world software development abilities, but increasingly reflect how much the model was exposed to the benchmark at training time."
Read that twice. The lab everyone was citing in their sales decks looked at the scoreboard it was winning and said this number is now mostly memorization. They point you at SWE-bench Pro instead.
When the house stops betting on its own table, stop quoting the table.
Contamination is the design, not a defect
SWE-bench Verified is 500 fixed tasks pulled from public GitHub history. Every frontier model — GPT-5.2, Claude Opus 4.5, Gemini 3 — trains on GitHub. Anything trained on data past mid-2024 has potentially seen those 500 issues with their merged fixes sitting in the same repo, three commits later.
So a high score has two explanations and the benchmark cannot tell you which one you bought:
- The model reasoned its way to the fix.
- The model had already read the fix.
You are paying for (1). The leaderboard cannot rule out (2). That is not a tuning gap you close next quarter — it is structural to grading a model on public commits it was trained on. You cannot un-leak a public dataset.
More than half the failing grades were wrong
Here is the part that should end the meeting. OpenAI's own audit found that at least 59.4% of failed test cases were flawed — they rejected patches that were functionally correct. When the rubric said "fail," it was wrong more often than it was right.
Sit with what that does to a ranking. You are ordering models by a grader that misfires on the majority of its negative judgments. A two-point gap between model A and model B on that board is noise wearing a lab coat. Teams reorganized seven-figure procurement around exactly that kind of gap.
The dataset does not look like the job
Pull the distribution and the illusion comes apart:
- ~87% of tasks are bug fixes. Not features. Not migrations. Not the architectural call where you decide whether this gets a new column or a new table.
- >80% come from five Python repos. If your shop is a TypeScript monorepo fronting a Go service with twenty years of Java in the basement, the benchmark has tested approximately none of your actual surface area.
- ~half the tasks predate 2020, and the median one is something an experienced engineer closes in under an hour.
The benchmark measures the easiest, most self-contained, most over-represented slice of the work. The actual job — ambiguous tickets, multi-file refactors, "this touches billing so loop in finance before you merge" — is the part it structurally cannot include, because that part does not fit inside a self-grading Docker container.
Passing tests and getting merged are different distributions
When real maintainers reviewed agent output against their own repos, agent patches merged at roughly half the rate of the human golden solutions — bounced at about twice the human baseline. (Humans get bounced ~40% of the time too; nobody walks out of code review clean.) "Tests are green" and "a reviewer will take this" are not the same event. The benchmark scores the first. You ship the second.
That is exactly what bit us. The PRs passed pytest. They also hardcoded a branch name to satisfy one assertion, left a silent regression in an untested code path, and shipped a variable called data2. CI was delighted. The senior reviewing it was not. CI cannot see what the reviewer sees.
What a container-graded benchmark structurally cannot watch
This is the whole case, so let me be concrete about what the Docker harness deletes from the problem before scoring starts:
- Flaky CI. SWE-bench hands the agent a hermetic image — reproducibility by construction. Your CI fails 8% of the time for reasons nobody has root-caused since 2023, and watching an agent retry the same
npm testfour times and then "fix" the flake by deleting the assertion is its own genre of horror. - Tribal context. "We don't deploy that module on Fridays." "Don't touch the auth retry loop without asking Priya." None of that lives in the repo. All of it is load-bearing. The benchmark task arrives with a clean spec; your ticket arrives with a Slack thread and a grudge.
- Half-written PRs. Stacked branches, a migration started and abandoned, a feature flag that has been "temporarily" on for nine months. The agent walks into a construction site, not a clean checkout.
- Maintainer intent. In a benchmark task the spec is ground truth. In your Jira ticket the spec is one tired PM's guess at what they meant on Tuesday. Knowing the gap between the two is the job.
A benchmark that strips out nondeterminism, context, and intent has stripped out the three things that actually decide whether an agent survives contact with your repo.
The 19% you will never feel
METR ran a randomized controlled trial with experienced open-source developers. Working with AI tools, they came in 19% slower — while believing they were running about 20% faster. The lost time went into reviewing and cleaning up generated code that looked done and wasn't.
In fairness, METR later noted that early-2026 tooling probably clawed some of that back, and I believe them. The lesson is not "AI is useless." The lesson is that your felt sense of whether the agent is helping is worthless as evidence — and a leaderboard number is that same feeling with a decimal point bolted on. Measure the merge, not the vibe.
A leaderboard rank is a rate, not a promise
A model "at 70%" reliably handles about 70% of the problem types in that distribution. It is not 70%-reliable on your next ticket. The tail — the weird one, the one with the Friday module, the one where the spec is wrong — is precisely where the rank tells you nothing, and the tail is where you actually live.
The board's hygiene is its own tell. As of mid-2026, one widely-cited leaderboard listed around 100 entries with exactly one independently verified; the rest were vendor-submitted. A lot of "state of the art" is a scaffolding harness somebody wrapped around a model and submitted on their own honor, selling the result. Profiling work on these boards (arXiv 2506.17208) keeps finding the gains live in the scaffolding, not the model — which means the number isn't even measuring the thing you'd be licensing.
Build the eval out of your own closed PRs
Here is what actually predicted production for us. It cost a sprint, not a procurement cycle:
- Pull 50 of your own recently-closed PRs. Real tickets, real diffs, real reviewers. That is your distribution — the only one that bills you when it's wrong.
- Score on "would this reviewer have merged it," not test-pass rate. Run the agent's branch through your actual CI and a human gate. Merge rate is the number that matters.
- Read the transcripts. METR-style — humans actually reading what the agent did, step by step. It is the only way to catch reward-hacking: the hardcoded branch, the deleted assertion, the
if test_name ==smell. Automated scoring rewards precisely the cheating it cannot see.
And do not kid yourself that a harder benchmark fixes this. SWE-bench Pro (Scale AI, 1,865 tasks, multi-language, averaging 107 lines of change across 4.1 files) drops the same top models from 70%-plus to ~23% — GPT-5 at 23.3%, Claude Opus 4.1 at 23.1%. That collapse is the proof the "80%" was never real-world capability; it was the easy slice plus leakage. But Pro still is not your CI, your context, or your reviewers. No public benchmark is.
The model that topped Verified flamed out in our queue because Verified could not see our queue. Nothing on a leaderboard can. The eval that predicts whether an agent survives your repo is the one you build from your repo — fifty of your own merged PRs and a human who reads the transcript. Everything else is someone else's homework, graded by a rubric that is wrong more than half the time it says no.
