The Poisoned Chalice of LLM Evaluation Report
Summary
The Poisoned Chalice of LLM Evaluation Competition, co-located with FSE-AIWare 2026, addresses the critical issue of data contamination in large language model (LLM) evaluation for software engineering. This problem arises when LLMs perform well on benchmarks due to prior exposure to training data, rather than genuine generalization, especially problematic for models with undisclosed training corpora. The competition framed this as a white-box membership inference task on source code, providing participants with curated datasets from The Stack Edu and The Heap, targeting StarCoder2 3B/7B models, and using Mellum-4B as a held-out evaluation model. Submissions were evaluated using AUC-ROC on unseen data to ensure generalizability. SERSEM, a structure-aware method, emerged as the clear winner, achieving AUC-ROC scores of 0.773 on StarCoder2-3B and 0.753 on Mellum, significantly surpassing other methods and baselines like Loss, MinK%Prob, and PAC. The competition highlights the challenge of robust contamination detection and the need for more efficient, generalizable methods.
Key takeaway
For AI Security Engineers or ML Engineers evaluating code LLMs, you must account for data contamination risks that inflate performance metrics. Relying solely on reported benchmarks without verifying training data exposure can lead to misleading conclusions about model capabilities. Implement robust white-box membership inference techniques, like those explored in the Poisoned Chalice competition, to detect prior exposure. Prioritize methods demonstrating strong generalization across diverse codebases and models, such as SERSEM, to ensure your evaluations are trustworthy and reflect true model performance.
Key insights
Data contamination in LLM evaluation for software engineering requires robust, generalizable white-box membership inference methods.
Principles
- LLM benchmark performance can be inflated by data contamination.
- Membership inference can detect contamination without full training corpus access.
- Generalization across models and datasets is crucial for robust evaluation.
Method
The competition used white-box membership inference on source code, providing labeled member/non-member datasets (The Stack Edu, The Heap) and target models (StarCoder2, Mellum). Evaluation was via AUC-ROC on held-out data.
In practice
- Use structure-aware methods like SERSEM for contamination detection.
- Prioritize methods that generalize across diverse code languages.
- Evaluate MIAs on held-out models and datasets.
Topics
- LLM Evaluation
- Data Contamination
- Membership Inference Attacks
- Software Engineering
- Code Language Models
- StarCoder2
- SERSEM
Code references
Best for: Research Scientist, AI Scientist, Machine Learning Engineer, AI Security Engineer
Related on AIssential
Editorial summary, takeaway, and curation by AIssential. Original article published by cs.SE updates on arXiv.org.