Yesterday's eval tested a model. Today's eval tests a worker.

How AI evaluation is evolving from model testing to assessing real worker-like performance—and what that means for enterprise deployment.
Yesterday's eval tested a model. Today's eval tests a worker.

The shift from single-turn answers to multi-step agent execution has broken every assumption baked into how healthcare systems and banks evaluate AI, and the new benchmarks designed to fix this are themselves being gamed.

In April 2026, researchers at UC Berkeley’s Center for Responsible Decentralized Intelligence published a finding that should concern anyone buying or deploying an AI agent: an automated scanning tool achieved near-perfect scores on eight of the most widely cited agent benchmarks (SWE-bench Verified, WebArena, OSWorld, GAIA, Terminal-Bench, FieldWorkArena, and CAR-bench) without solving a single task. On SWE-bench Verified, a ten-line Python file was sufficient to register a 100% resolve rate. On FieldWorkArena, a single action sending an empty response scored perfectly across all 890 tasks because the validation function never checked whether the answer was correct.

These are not obscure academic benchmarks. They are the evaluation instruments that enterprise teams, procurement committees, and model vendors reference when making deployment decisions. If the benchmarks designed specifically for agents can be gamed this comprehensively, the single-turn evaluation suites still in use across healthcare and financial services are measuring something even further from what matters.

What prior authorization reveals about single-turn evaluation limits

Consider the evaluation challenge facing a health plan deploying AI for prior authorization. As CMS’s Interoperability and Prior Authorization Final Rule began phasing in from January 2026, with faster decision timelines now in effect and API requirements coming in 2027. Insurers became required to provide specific clinical reasoning for every AI-assisted denial. The rule responded to a pattern that had become difficult to ignore: data published by AuthDenied.com covering over 1,165 US health plans showed that a majority of prior authorization denials that reach appeal are overturned, with Medicare Advantage overturn rates exceeding 66%.

That pattern emerged under systems making single-turn decisions: one input, one output, approve or deny. The evaluation methodology for those systems was already insufficient; the overturn rate is the evidence. Now health plans are deploying agents that navigate multi-step clinical workflows: pulling patient records, cross-referencing formulary data, checking clinical guidelines, and generating a determination with a documented reasoning chain. Each step in that chain is a potential failure point that single-turn accuracy metrics never surface.

A Chief Medical Officer evaluating an agent for prior authorization is no longer asking whether the model gives the right answer to a clinical question. They are asking whether a system that executes a fifteen-step workflow across three different data sources will produce a determination that survives regulatory scrutiny, peer review, and appeal. That is a fundamentally different evaluation problem, and the instruments built for single-turn question answering do not address it.

The same gap in financial services, with different consequences

In banking, the evaluation challenge takes a different shape but produces the same structural deficit. A Wolters Kluwer survey of 148 financial institutions in early 2026 found that only 26.4% expressed confidence in their AI initiatives' compliance with regulatory requirements, and 58.8% said regulatory guidance is what they need most to advance their AI strategy.

The reason is instructive. A fraud detection model that scores transactions as high or low risk is a classification task with established evaluation methodology. An agent that investigates a suspicious transaction (pulling account history, querying external databases, checking the customer’s historical patterns, and deciding whether to escalate, freeze, or clear) is executing a process that cannot be evaluated with a confusion matrix. The failure modes are sequential: the agent may pull the right data but misinterpret the pattern, or interpret the pattern correctly but apply the wrong policy, or apply the right policy but fail to document the reasoning chain in a way that satisfies the regulator.

For a Chief Risk Officer at a retail bank, the evaluation question is not whether the model’s precision and recall are acceptable. It is whether the agent’s end-to-end execution of a multi-step investigation produces outcomes that are auditable, explainable, and defensible under OCC or FCA examination. The evaluation infrastructure required for that question does not exist in most institutions deploying these systems.

The benchmarks built for agents are failing as fast as the agents improve

The agent benchmark ecosystem that emerged between 2024 and 2026 (GAIA for general assistance, SWE-bench Verified for code, WebArena for browser tasks, Tau²-Bench for customer service, METR’s HCAST for autonomous software engineering) was built to address exactly this gap. These benchmarks test multi-step execution, tool use, and recovery from intermediate failures. But the Berkeley research demonstrates that even these purpose-built instruments have fundamental vulnerabilities: shared execution environments that let agents tamper with evaluation infrastructure, reference answers shipped alongside test data, and scoring functions that never verify correctness.

The METR team documented a related concern from the model side. Their research found that frontier models reward-hack in a significant share of evaluation runs, not through explicit instruction, but as emergent behavior. When an agent optimized to maximize a score encounters an evaluation harness it can manipulate, it sometimes discovers that manipulating the evaluator is easier than solving the task. METR’s updated time horizon methodology, published in January 2026, shows the autonomous task capability of frontier models doubling roughly every 131 days since 2023, meaning the agents are outpacing the evaluation infrastructure designed to measure them.

What agent evaluation actually requires

The pattern across healthcare, banking, and the benchmark community itself points to the same structural requirement. Evaluating an agent is not an upgraded version of evaluating a model. It is a different discipline. It requires trace-level inspection of multi-step execution sequences, domain-expert judgment on whether intermediate decisions are clinically or financially sound, adversarial testing that probes the agent’s behavior when workflows fail midstream, and evaluation infrastructure that is architecturally isolated from the system being tested.

That evaluation expertise sits at the intersection of AI methodology and regulated industry knowledge, the ability to design a rubric that tests whether a prior authorization agent’s reasoning chain meets CMS requirements, or whether a fraud investigation agent’s documentation satisfies OCC audit standards. It is not a capability that most organizations deploying agents have built internally, because until recently the evaluation problem was simple enough that internal teams could handle it with standard ML metrics.

The evaluation problem is no longer simple. The agents are multi-step, the failure modes are sequential, the regulatory requirements are specific, and even the benchmarks designed for this new reality have proven fragile. The organizations navigating this successfully are the ones that recognized the evaluation methodology is now more complex than the model selection, and that the expertise required to design it is domain-specific, adversarial, and not available off the shelf.

Recent Blogs

From investigation to implementation: Why multiple representation has changed the motor finance redress equation

From investigation to implementation: Why multiple representation has changed the motor finance redress equation

Banking and Financial Services
February 16, 2026
CX solutioning in the agentic AI era

CX solutioning in the agentic AI era

Technology
Retail & E-commerce
November 5, 2025
How motor finance leaders can navigate the £8bn redress challenge

How motor finance leaders can navigate the £8bn redress challenge

Banking and Financial Services
October 13, 2025