Assessing AI Capability and Frontier Model Risk: What Enterprise Buyers Actually Need to Evaluate

Frontier AI models — Claude, GPT-5.5, Gemini, Mythos, and emerging open-weight equivalents — have capabilities that traditional enterprise vendor evaluation methods do not assess effectively. Static benchmark scores miss the capability shifts that happen between model updates. Buyer-specific use cases are not represented in public benchmarks. Emergent capabilities (capabilities that appear when models are given tool access, longer context, or more sophisticated prompting) do not appear in single-turn evaluations. For enterprise buyers, the gap between "what we evaluated" and "what we deployed" can be substantial. This guide covers the structured approach to assessing frontier AI capability, monitoring capability over time, and operationalising dynamic assurance.

Why static benchmarks miss what matters

Public benchmarks (MMLU, HumanEval, GSM8K, MATH, SWE-bench, GPQA, HLE) measure aggregate capability across diverse tasks. They are useful for comparing models but limited for buyer use case prediction. Three specific limitations: contamination — models may have been exposed to benchmark content during training, inflating scores; relevance gap — buyer use cases are usually narrower and more specific than benchmark coverage; capability ceiling vs floor — benchmarks measure peak performance, not failure modes that matter operationally. The CAISI, AISI, and other safety institute evaluations provide more rigorous assessment but do not cover buyer-specific use cases.

Buyer-specific capability evaluation

The most predictive capability assessment uses buyer-specific test sets. Building a buyer test set: identify 50-200 representative tasks from actual or anticipated use; include adversarial examples and edge cases; cover the failure modes that matter for the buyer's risk profile; include cases that test alignment with buyer values (refusal of inappropriate requests, handling of ambiguous instructions). Run the test set across candidate models with identical conditions. Score on accuracy, calibration (does the model know when it doesn't know?), refusal behaviour (does it refuse appropriately?), and failure mode quality (when wrong, how wrong?). Repeat at each material model update.

Capability dimensions to assess

Task performance: accuracy on the specific tasks the buyer needs. Reasoning depth: performance on multi-step reasoning, with chain-of-thought when relevant. Tool use and agentic behaviour: how the model uses tools, follows instructions across multi-step workflows, recovers from errors. Multimodality: vision, audio, document processing as applicable. Code generation: if applicable, correctness, security awareness, library currency. Security and dual-use capabilities: cybersecurity offence/defence capability, biorisk awareness, CBRN content handling — these affect the buyer's risk profile even if not directly used. Alignment with buyer values: handling of sensitive topics, refusal behaviour, helpful-honest-harmless tradeoffs.

AI Safety Institute evaluations as reference

The international network of AI Safety Institutes — US CAISI, UK AISI, Australia AISI, Canada AISI, Japan AISI, South Korea AISI — now conducts pre-deployment evaluation of major frontier models. CAISI has pre-deployment evaluation agreements with Microsoft, Google DeepMind, xAI, OpenAI, and Anthropic. These evaluations cover safety-relevant capabilities (hacking, weapons-related, deception, autonomous replication). Buyers can reference these evaluations to understand baseline frontier model capability profile. They are not substitutes for buyer-specific evaluation but provide useful context. The Australian AISI is at industry.gov.au, the UK AISI at aisi.gov.uk, and the US CAISI at the NIST AISI page.

Continuous monitoring is operational requirement

Static assessment at procurement is insufficient. Frontier model capabilities shift with model updates (vendor releases new versions on weekly to monthly cadence), with tool integration (when the model gains access to a new tool, its effective capability changes), and with context accumulation (longer conversations or more retrieval can produce different behaviour). Operational requirements: automated capability test runs at each model update, alerting on material score changes, structured review of vendor change notifications, periodic adversarial probing for new capabilities. The Five Eyes Agentic AI Guidance (1 May 2026) provides the most directly applicable framework for evaluating autonomous AI capabilities.

Useful third-party resources

• US Center for AI Standards and Innovation (CAISI) — Frontier model pre-deployment evaluations
• UK AI Safety Institute
• METR — Independent capability and threat research
• Apollo Research — AI alignment evaluations
• Anthropic Research — Capability evaluations and safety publications
• OpenAI Research — Model card and evaluation publications
• Five Eyes Agentic AI Guidance

Related reading on AIRiskAware

• Frontier AI Risk for Enterprise Governance
• Agentic AI Governance for Enterprise
• Big Tech AI 2026: Governance Implications
• Integrated Assurance: APRA, ISO, Frontier AI
• For Chief AI Officers