Frontier models still fail half your incidents: reading ITBench-AA like an SRE

ITBench-AA put frontier models against 59 real Kubernetes incident diagnoses — all scored below 50%. What the benchmark measures and how to use it.


Diagram: ITBench-AA scores for frontier models, all below the 50% line, with a breakdown of what the benchmark measures versus what production adds

Every vendor deck I’ve seen this year has a slide claiming their AI SRE “resolves incidents autonomously.” In May 2026 we finally got a public, independent number to hold against that claim: ITBench-AA, from Artificial Analysis and IBM Research, put frontier models against 59 real Kubernetes incident-diagnosis tasks.

The best model scored 46.7%. Every model scored below 50%.

Depending on which side of the hype war you’re on, that number is either proof that AI SRE is a fraud or an inconvenient detail to bury. Both readings are wrong, and both waste the most useful public data point this field has produced. This post is the SRE’s reading: what the benchmark actually measures, why the number is what it is, and — the part that matters — how to use it.


What the test actually is

The setup is more honest than most benchmarks manage. Each of the 59 scenarios (40 from IBM’s public ITBench, 19 private, three repeats each) hands the agent an offline snapshot of a Kubernetes incident: alerts, events, traces, metrics, application topology. The agent gets shell access to dig through the data and must emit a structured diagnosis naming the entities — deployments, pods, namespaces, network policies — that actually caused the failure.

The failure modes are the ones you know: a feature flag misconfiguration, a wrong environment variable, a missing container image. And crucially, the scenarios cascade — downstream services fail loudly while the root cause sits quietly upstream, which is exactly the shape of every interesting incident you’ve worked.

The scoring is the detail worth understanding: average precision at full recall. The agent must find all contributing factors, and every wrong entity it names along the way costs it. You can’t win by listing everything that looks suspicious — which happens to be the failure mode of both junior engineers and language models. The metric is, in effect, a measure of discrimination under noise: can you tell the root cause from its symptoms?

Mid-2026 answer: Claude Opus 4.7 at 46.7%, GPT-5.5 at 45.8%, GLM-5.2 at 42.7%. For calibration, the original ITBench paper found agents fully resolving just 13.8% of SRE scenarios — so the trajectory is steep. The level is still: the best models, given clean data and unlimited focus, misdiagnose the majority-adjacent share of incidents.


Why this number, specifically

The low scores aren’t a knowledge gap. These models can recite Kubernetes failure taxonomy better than anyone on your team. The gap is between generating explanations and eliminating them.

An LLM produces plausible causal stories almost for free. Incident diagnosis is the opposite discipline: most plausible stories are wrong, and the work is ruling them out against evidence. When a cascading failure makes fifteen things look broken, precision-at-full-recall punishes exactly what models do naturally — including the symptomatic services in the diagnosis because they are, plausibly, involved. This is the confident-wrong-answer problem from observability for AI systems, measured under lab conditions and assigned a number.

Anyone who’s watched an agent triage a real alert storm recognizes the behavior. The agent’s first hypothesis is fast and often right; its fifth entity is a downstream victim dressed as a cause. That’s not a reason to un-deploy anything — it’s the empirical shape of the capability, and shapes like this are what governance is for.


The number is an autonomy input, not a verdict

Here’s the move that turns a benchmark score into an engineering decision. In the reliability gap I argued agents should hold authority proportional to measured reliability, and in error budgets for autonomy that the measurement should gate promotion mechanically. ITBench-AA is exactly the kind of evidence that framework consumes — an independent, adversarially scored measurement of diagnostic reliability.

Read as an autonomy input, sub-50% says:

  • Diagnosis-as-hypothesis is earned. A first-responder that produces a ranked root-cause hypothesis in two minutes, for a human to verify, is paying for itself at these accuracy levels — triage compression is exactly where production reports say the toil reduction is real.
  • Diagnosis-as-trigger is not. Wiring automated remediation to an agent’s root-cause call means acting on a coin-flip-adjacent diagnosis with production authority. At 47% precision, the expected cost of the wrong half dominates — this is when not to use AI, quantified.
  • The trend line, not the level, sets your review cadence. From 13.8% to 46.7% in roughly a year is fast. If your autonomy policy was written against last year’s capability, it’s stale in the safe direction — which is the cheap kind of stale, but worth a scheduled re-look with each major model release.

And because the benchmark exists publicly: it’s a vendor filter. “Autonomous incident resolution” claims now have an independent number to be checked against. Ask vendors where their agent lands on ITBench-style evaluation. The ones measuring will have an answer and caveats; the ones marketing will have a story about why benchmarks don’t apply to them.


What the benchmark can’t see

The honest caveats cut both directions.

The benchmark is easier than production. The snapshot is frozen — real incidents evolve while you diagnose them. Nothing is at stake — a wrong answer loses points, not customer-minutes, so the score can’t price the asymmetry between a harmless miss and a confidently wrong diagnosis that anchors the whole response effort. And the surrounding work is absent: severity calls, comms, deciding what’s safe to try while uncertain. Diagnosis is the most benchmarkable part of incident response, not the whole job.

The benchmark is also harder than your deployment. It’s zero-shot against unfamiliar systems. Your agent knows your topology, your runbooks, your last two hundred incidents — context engineering exists precisely to close that gap. Scores measure the floor of a well-integrated deployment, not its ceiling. The Catchpoint SRE Report 2026’s split — half of practitioners say AI reduced toil, half say no change or more work — is probably this integration gap talking: the capability is the same for everyone; the context plumbing isn’t.

And one methodological grain of salt: 59 tasks, Kubernetes-only, one incident family per task, three repeats. It’s the best public measurement we have, and it’s still a narrow slice of what “SRE work” means. Treat it as a calibrated data point, not a syllabus.


What to do Monday

  • Benchmark your own agent on your own incidents. Take your last twenty postmortems, reconstruct the observable state at detection time, and score your agent’s diagnosis against the known root cause. This is cheaper than it sounds and infinitely more relevant than any public number.
  • Score with precision, not vibes. Adopt the benchmark’s discipline: full recall required, wrong entities penalized. “It mentioned the right service in paragraph three” is how demo-driven autonomy decisions get made.
  • Set autonomy from the measured number. Ranked hypotheses at 47% precision: ship it as an assist. Automated remediation at 47% precision: that’s a budget you’ll exhaust by Thursday.
  • Re-measure on every model change. The 13.8%→46.7% jump means capability moves faster than policy. A quarterly re-run of your private benchmark is the cheapest governance instrument you can own.
  • Use the public number in vendor conversations. It’s the reference point that turns “our AI resolves incidents” into a conversation with units.

The most useful thing about ITBench-AA isn’t the 46.7% — it’s that the field now has an independent, adversarial, public measurement at all. SRE grew up the moment it started counting things it previously argued about. AI SRE just hit the same milestone. The models will cross 50%, then 70%, and the teams who benefit won’t be the ones who believed hardest either way — they’ll be the ones who were already measuring when it happened.

Frequently asked questions

What is ITBench-AA and what does it measure?

ITBench-AA is a benchmark launched in May 2026 by Artificial Analysis with IBM Research, evaluating frontier models on 59 Kubernetes incident root-cause-analysis tasks (40 from IBM's public ITBench release, 19 private), run 3 times each. Agents get an offline snapshot of an incident — alerts, events, traces, metrics, topology — plus shell access, and must produce a structured diagnosis identifying the entities responsible for the failure. Scoring is average precision at full recall: the agent has to find all contributing factors, and is penalized for burying them in wrong guesses.

Why do AI agents score so low on SRE benchmarks?

Because incident diagnosis is a needle-in-a-haystack discrimination problem, not a knowledge problem. The scenarios feature cascading failures where downstream services fail loudly while the root cause — a feature flag, a wrong environment variable, a missing image — sits quietly upstream. Models are good at generating plausible explanations and bad at ruling them out, so symptomatic entities leak into diagnoses and precision collapses. The original ITBench paper found state-of-the-art agents fully resolving only 13.8% of SRE scenarios; ITBench-AA's best mid-2026 scores under 47% show real progress on diagnosis while remaining far from human-level reliability.

Does a sub-50% benchmark score mean AI SRE tools are useless?

No — it means unsupervised autonomous diagnosis isn't earned yet, which is a different claim. A model that correctly diagnoses half of incidents in minutes is a powerful first-responder if its output is treated as a ranked hypothesis for a human to verify, and worse than useless if treated as ground truth for automated remediation. The benchmark number tells you which rung of the autonomy ladder the capability supports today: assist and advise, with bounded execution only where verification is cheap. Production data agrees — teams report AI reliably compressing triage toil while full resolution stays human-led.

What do SRE benchmarks fail to capture about production incident response?

Four things, mostly. Benchmarks are offline — the snapshot doesn't change while you investigate, but real incidents evolve mid-diagnosis. They're consequence-free — a wrong answer costs score, not customer minutes, so they can't price the asymmetric cost of confident wrong diagnoses. They isolate diagnosis from the messy surrounding work: deciding severity, communicating, choosing safe mitigations under uncertainty. And they can't measure the organizational half of reliability — whether your rollback works, whether your runbook is current, whether anyone can act on the diagnosis. A benchmark score is an upper bound on the easy part.