Guide

LLM evaluation and benchmarking explained

A model that scores well on a leaderboard can still fail your product. LLM evaluation is the discipline of measuring whether a language model — plus your prompts, retrieval layer, and tools — actually does what users need. Public benchmarks like MMLU or HumanEval are useful coarse signals; production quality comes from task-specific golden datasets, automated graders, and continuous monitoring. This guide explains what to measure, how to build an eval harness, and where common measurement traps hide.

Why evaluation is not optional

LLM outputs are non-deterministic, context-sensitive, and expensive to produce at scale. Without evaluation you cannot answer basic questions: Did the last prompt change break refund handling? Is the cheaper model good enough for tier-one support? Did a RAG index update introduce hallucinations on policy pages?

Demos lie by selection bias — you show the three prompts that work. Evaluation forces you to run hundreds or thousands of representative cases and score outcomes systematically. Teams that skip this step discover regressions from paying users, support tickets, or viral social posts about wrong answers.

Three layers of measurement

  • Model benchmarks — vendor-published scores on academic tasks (reasoning, coding, knowledge). Good for comparing base models before integration.
  • Application evals — your prompts, tools, and retrieval pipeline on your inputs with your success criteria. This is what ships.
  • Production monitoring — live traffic sampling, user feedback, escalation rates, and drift detection after deploy.

Treat benchmarks as a hiring screen and app evals as the job interview. A model that tops MMLU may still refuse valid JSON in your agent tool-calling schema.

Public benchmarks: what they measure (and miss)

Research benchmarks standardize tasks so models can be compared on equal footing. They are invaluable for model selection but weak proxies for product quality.

Common benchmark families

  • Knowledge & reasoning — MMLU, GPQA, ARC. Multiple-choice or short-answer questions across domains. Tests breadth, not your domain docs.
  • Code generation — HumanEval, MBPP. Function-level Python with unit tests. Real for codegen assistants; irrelevant for a legal summarizer.
  • Instruction following — IFEval, MT-Bench. Checks whether the model obeys formatting constraints and multi-step instructions.
  • Math — GSM8K, MATH. Chain-of-thought accuracy on textbook problems.
  • Long context — needle-in-a-haystack, RULER. Whether the model retrieves a fact buried in a long prompt — relevant if you stuff entire PDFs into the context window.

Benchmark limitations every team should know

  • Contamination — training data may include benchmark questions, inflating scores.
  • Format mismatch — benchmarks use fixed prompts; your system prompt and few-shot examples change behavior dramatically.
  • No retrieval — most benchmarks test parametric knowledge only. A RAG app can outperform a larger model on company-specific questions with zero benchmark signal.
  • Leaderboard chasing — vendors optimize for public suites; your edge case taxonomy is never on the chart.

Use benchmarks to shortlist two or three base models, then run your own eval set before committing spend or a fine-tuning cycle.

Building an application eval dataset

A golden dataset (or eval set) is a curated list of inputs with expected outcomes or grading rubrics. Quality beats quantity: 200 well-chosen cases that mirror production traffic beat 10,000 synthetic paraphrases that all look the same.

Sourcing examples

  • Production logs — sample real user queries (redact PII). Include failures your support team already fixed manually.
  • Edge cases — ambiguous pronouns, empty retrieval results, conflicting documents, adversarial prompt injection attempts, and out-of-scope questions.
  • Regression anchors — every bug you fix becomes a permanent test case so it never ships again.
  • Synthetic augmentation — use an LLM to generate variations of real tickets, but always human-review a subset.

Label types

  • Reference answer — gold text for summarization or Q&A. Graders compare semantic similarity, not byte equality.
  • Structured output — JSON schema, function name + arguments. Pass/fail on valid parse and field correctness.
  • Rubric scores — 1–5 on helpfulness, tone, safety. Better for open-ended chat than exact match.
  • Binary constraints — must cite source ID, must not mention competitor X, must refuse medical diagnosis.

Version your dataset in git or a database table. When you change prompts or retrieval chunking, re-run the full suite and diff scores — that diff is your deploy gate.

Metrics and automated graders

Manual review does not scale. Most teams combine cheap automatic metrics with periodic human audit on a stratified sample.

Classical NLP metrics (use with caution)

  • Exact match / F1 — fine for classification or short factual answers; brittle on paraphrases.
  • BLEU / ROUGE — n-gram overlap with reference text. Correlates weakly with human judgment on creative or explanatory answers.
  • Embedding similarity — cosine distance between answer and reference embeddings. Better for semantic match; still blind to factual errors with fluent wording.

LLM-as-judge

A separate model scores outputs against a rubric ("Is the answer grounded in the provided context? Rate 1–5."). This scales human-like judgment and powers many RAG eval frameworks. Pitfalls:

  • Position bias — judges favor the first answer in pairwise comparisons unless you swap order and average.
  • Leniency drift — the judge model version changes; recalibrate against human labels quarterly.
  • Self-preference — models may rate their own family's style higher.
  • Cost — judging every case with GPT-4-class models adds up; use smaller judges for screening and expensive judges for disputes.

RAG-specific metrics

  • Context precision / recall — did retrieval return the right chunks?
  • Faithfulness (groundedness) — is every claim in the answer supported by retrieved text?
  • Answer relevance — does the response address the question regardless of sources?

Pair retrieval metrics with end-to-end answer quality. Perfect retrieval with a bad synthesizer still fails users; great answers from lucky retrieval hide index problems until content changes.

Evaluation in the development loop

Treat evals like unit tests for non-deterministic code. Integrate them into the same habits that keep backend services reliable.

CI regression suites

  • Run a smoke eval (20–50 cases) on every pull request — fast, blocks obvious breakage.
  • Run the full golden set nightly or before model swaps — track score trends in a dashboard.
  • Pin model name, temperature, and prompt hash in eval reports so results are reproducible.
  • Fail the build on score drops beyond a tolerance, not on single flaky cases — use statistical thresholds.

Comparing prompt and model changes

When iterating prompt engineering, run A/B evals: same inputs, old vs new prompt, same model. When comparing models, keep prompts fixed. Changing both at once makes attribution impossible. Log token usage per case — a 2% quality gain that doubles cost may not be worth it.

Human evaluation cadence

Automate the bulk, but humans should regularly score a random 50–100 production responses. Disagreements between human and LLM-judge reveal rubric gaps. Refresh the golden set when product scope shifts — stale evals give false confidence.

Production monitoring and online eval

Offline evals cannot capture shifting user behavior, seasonal queries, or adversarial traffic. Production monitoring closes the loop.

  • Implicit signals — thumbs down, conversation abandonment, re-asks of the same question, escalation to human agents.
  • Explicit feedback — lightweight rating widgets; correlate with session metadata (model version, retrieval latency).
  • Shadow testing — run candidate model/prompt on duplicate traffic without serving it; compare scores offline before cutover.
  • Canary deploys — route 5% of traffic to the new stack; watch error rates and quality proxies before full rollout.
  • Drift alerts — embedding distribution of incoming queries shifts when marketing launches a new product line; retrieval must catch up.

Online A/B tests measure business outcomes (conversion, resolution time) not just NLP scores. The best model on faithfulness may be too verbose for mobile users. Align eval metrics with what the business actually optimizes.

Common mistakes and anti-patterns

  • Evaluating on training examples — fine-tune eval must be held-out; memorization inflates scores.
  • Single-number worship — one aggregate score hides catastrophic failures on refunds or safety.
  • Ignoring latency and cost — quality per dollar and p95 latency belong on the same dashboard as accuracy.
  • No negative tests — verify the system refuses harmful requests and says "I don't know" when context is empty.
  • Chasing public leaderboards — swap models because MMLU moved 0.3 points while your ticket-resolution eval dropped 8%.
  • Stale judges — LLM-as-judge prompts written for GPT-3.5-era failure modes miss new model quirks.

Key takeaways

  • Public benchmarks help pick base models; application evals determine whether your product works.
  • Build a versioned golden dataset from real traffic, bugs, and edge cases — not only synthetic happy paths.
  • Combine automatic metrics, LLM-as-judge, and periodic human review; no single scorer is sufficient.
  • For RAG, measure retrieval and faithfulness separately, then end-to-end answer quality.
  • Run evals in CI, track trends over time, and monitor production for drift — evaluation is continuous, not a one-time checklist.

Related reading

All guides Vector databases