The Poisoned Chalice of LLM Evaluation Report

· Source: cs.SE updates on arXiv.org · Field: Technology & Digital — Artificial Intelligence & Machine Learning, Software Development & Engineering, Cybersecurity & Data Privacy · Depth: Advanced, long

Summary

The Poisoned Chalice of LLM Evaluation Competition, co-located with FSE-AIWare 2026, addresses the critical issue of data contamination in large language model (LLM) evaluation for software engineering. This problem arises when LLMs perform well on benchmarks due to prior exposure to training data, rather than genuine generalization, especially problematic for models with undisclosed training corpora. The competition framed this as a white-box membership inference task on source code, providing participants with curated datasets from The Stack Edu and The Heap, targeting StarCoder2 3B/7B models, and using Mellum-4B as a held-out evaluation model. Submissions were evaluated using AUC-ROC on unseen data to ensure generalizability. SERSEM, a structure-aware method, emerged as the clear winner, achieving AUC-ROC scores of 0.773 on StarCoder2-3B and 0.753 on Mellum, significantly surpassing other methods and baselines like Loss, MinK%Prob, and PAC. The competition highlights the challenge of robust contamination detection and the need for more efficient, generalizable methods.

Key takeaway

For AI Security Engineers or ML Engineers evaluating code LLMs, you must account for data contamination risks that inflate performance metrics. Relying solely on reported benchmarks without verifying training data exposure can lead to misleading conclusions about model capabilities. Implement robust white-box membership inference techniques, like those explored in the Poisoned Chalice competition, to detect prior exposure. Prioritize methods demonstrating strong generalization across diverse codebases and models, such as SERSEM, to ensure your evaluations are trustworthy and reflect true model performance.

Key insights

Data contamination in LLM evaluation for software engineering requires robust, generalizable white-box membership inference methods.

Principles

Method

The competition used white-box membership inference on source code, providing labeled member/non-member datasets (The Stack Edu, The Heap) and target models (StarCoder2, Mellum). Evaluation was via AUC-ROC on held-out data.

In practice

Topics

Code references

Best for: Research Scientist, AI Scientist, Machine Learning Engineer, AI Security Engineer

Related on AIssential

Open in AIssential →

Editorial summary, takeaway, and curation by AIssential. Original article published by cs.SE updates on arXiv.org.