Subset 17-ID control · with tools
- Opus 4.6 high: 14/17
- Opus 4.7 high: 5/17
- Paired delta: +9 for 4.6 on same IDs, same envelope, post-window.
Matched envelope: MCP, parallel=2, timeout=360s, no session persistence, high effort.
bots-bench / AI SOC evals / Splunk BOTSv3 + CyBT-CTF
Loading benchmark corpus and run snapshots…
Primary Benchmark View
CyBT-CTF is the blinded cyber investigation read and is the default comparison here. BOTSv3 remains useful as a public, exposure-prone benchmark, so it is available as an opt-in cross-check instead of the headline result.
BOTSv3 Frontier Leaderboard
This section and the detailed sections below are the public BOTSv3 report surface. Each entry pairs an AI agent (Claude Code, OpenAI Codex, opencode, Louie) with a model. Use the CyBT-CTF table above for the blinded default comparison.
BOTSv3 Follow-Up
Each polygon uses one representative config: the best-scoring run among the latest tested version of each model family.
Fable Follow-Up
Fable rows render only when explicit refusal or quality aggregates are present in the public payload.
BOTSv3 model progress over time
One point per model line — strongest effort tier kept. Lines connect chronologically within each model family so successive generations are visible.
BOTSv3 Efficiency
BOTSv3 only. Switch among cost-vs-speed, cost-vs-solve-rate, and cost-vs-combined-score modes. Bubble size encodes first-pass solved-count so cost can stay on the axes.
Benchmark Program
Systems Under Test
BOTSv3 Provider Upgrades
Summarizing version-step changes from publishable BOTSv3 runs in this snapshot.
BOTSv3 Benchmark Atlas
This is the public BOTSv3 corpus view, not CyBT-CTF. The point is representative investigation work, not toy prompts: 100+ overlapping log and alert providers, incident families grounded in the BOTSv3 IR corpus, and question-level hardness.
Chart Wall
Each dot is a benchmark question. Left means fewer configs solve it. Up means it burns more time or more attempts. Bigger dots mean more repeated attempts, and color stays tied to track.
Claude 4.6 Controversy
Anthropic published an April 23 postmortem describing three product/harness-level regressions affecting recent Claude runs. We reran the same 17 previously-contaminated IDs under a matched post-window envelope to isolate model effects from window confounds.
Matched envelope: MCP, parallel=2, timeout=360s, no session persistence, high effort.
q2_sq201_id_cl solves for 4.7 — general-knowledge-answerable.Evidence: Anthropic postmortem · findings-09 · short report.
BOTSv3 Benchmark Hygiene
This BOTSv3 check asks whether a model can answer from prior exposure or memory before using the investigation tools.
We keep the same score axis as the main benchmark so you can see how much of the corpus a model reaches before any tool use.
Loading literal-answer coverage and traceability statuses...
BOTSv3 Harness Versions
Comparing earliest vs latest BOTSv3 MCP runs for the same model (date-based proxy for harness evolution).
BOTSv3 Prompt Effects
Looking for clean BOTSv3 cross-validation and OODA / OSCAR-style planning-loop pairs...
BOTSv3 Latest Runs
Looking for local run artifacts…
BOTSv3 Retry Lab
These rows show configs where the evaluator allows extra retry passes after a miss. That can improve score, but it also blows out time and token budgets.
BOTSv3 Config Microscope
The map and microscope share one selection. Pick a config here, or click a point in the solve-versus-time map, and inspect its question-level pattern instead of only looking at rollups.
Config Map
Human-readable config labels, not raw run IDs. Pick the score dimension and the time dimension you care about, then click a point to sync the microscope below.
BOTSv3 Supporting Boards
Additional ways to slice the same public BOTSv3 snapshot.
BOTSv3 Benchmark Rules
BOTSv3 Experiment Surface
The dimensions we vary across BOTSv3 runs. CyBT-CTF is tracked separately in the comparison and deep-dive pages.