Roundup
Backend is the workload the benchmarks understand best. SWE-bench Verified is built from real GitHub issues in real server-side codebases — APIs, data models, business logic, the exact kind of multi-file surgery backend work is made of. So for once, the leaderboard is a genuinely useful guide rather than a loose proxy. That said, there's still no "backend benchmark" that covers your database, your framework, and your deployment quirks, so the honest advice is the same as always: rank by general ability, then test on your own stack. The live board is at /benchmarks.
The board, and why it maps to backend
Backend is repo-surgery: editing real files inside a large codebase without breaking the other endpoints. That's SWE-bench Verified almost exactly, so trust the SWE column heavily here. Terminal-Bench (TB) matters too — backend work lives in the shell, running migrations, managing services, wrangling deploys. LiveCodeBench (LCB) is the least relevant of the three for this workload.
| Model | SWE | TB | LCB |
|---|---|---|---|
| 95.0 | 83.1 | 89.8 | |
| 88.6 | 78.9 | 87.8 | |
| 85.2 | – | 82.4 | |
| 80.6 | 83.4 | 85.3 | |
| 77.6 | – | 87.5 | |
| 74.8 | 78.4 | 87.3 |
A dash means the lab hasn't published that suite yet. Because backend is the workload SWE-bench models directly, this ordering is more trustworthy for backend than for any other stack we cover.
The pick for backend: Claude Opus 4.8
For API work, data models, and business logic, Opus 4.8 is our default and the sweet spot. At 88.6 on the benchmark that's essentially "backend skill," it handles the thing backend punishes weaker models for: changing a data model and knowing which endpoints, serializers, and migrations it ripples into. It holds enough context to reason across the request lifecycle — routing, validation, business rule, database, response — without losing the thread. Fable 5 (95.0) is the step up for the genuinely hard work: a schema migration nobody wants to touch, a concurrency bug, a performance rewrite. Sonnet 5 (85.2) is a strong high-volume builder for routine endpoints where you want to keep costs down. Whichever backend language you're in, our Python deep-dive is the natural companion.
The budget pick: DeepSeek V4 Pro
Most backend token volume is routine: a CRUD endpoint, a serializer, a validation rule, a standard migration. That doesn't need a frontier model. DeepSeek V4 Pro posts a capable 77.6 SWE-bench at $0.435 / $0.87 per million tokens — roughly a tenth of Opus's rate — and it does the mechanical 80% for pennies. Run a two-tier setup: Opus (or Fable for the hard 10%) on the tricky work, DeepSeek grinding the volume. GPT-5.3 Codex ($1.75 / $14, and a strong 78.4 Terminal-Bench) is the other value pick, especially if your backend life involves a lot of shell and deploy plumbing. The full budget tier is in the cheapest coding models roundup.
Flag: the backend is the security surface
This is the part no benchmark scores and the part that matters most. The backend is where auth lives, where user data lives, where the database is. AI models will happily write code that works and is exploitable: SQL built by string concatenation instead of parameterized queries, missing authorization checks, secrets logged in plaintext, unvalidated input trusted straight into a query, an endpoint that leaks another user's records. A higher SWE-bench score means fewer of these on average — it does not mean zero. So every AI-generated backend change needs a human security pass: parameterize every query, verify auth and authorization on every endpoint, validate and sanitize all input, keep secrets out of code and logs, and check for the classic injection and access-control holes. Our AI coding agent security guide and security checklist are the references to keep open.
Test it on your own stack
The board is trustworthy for backend, but your framework and database aren't in it, so still run your own bake-off. Take real tasks — add an endpoint that touches three models, write a non-trivial migration, fix a bug that spans the service layer — and give the same prompt to two or three models. Score them on: did it follow your framework's conventions instead of generic patterns, did it parameterize queries and check authorization without being told, and how many corrections did it take. The security instinct is part of the score — a model that writes clean logic but forgets the auth check is a liability, not a help.
What we'd run for backend
One model: Opus 4.8, with Fable 5 for the hard 10%. Two-tier for volume: Opus driving, DeepSeek V4 Pro or Sonnet 5 grinding routine endpoints. Whatever you run, the human security pass is non-negotiable — the backend is not the place to trust a model unreviewed. Bring your own keys to pay the lab's real per-token rate instead of a reseller's markup: bring your own keys. The board updates monthly at /benchmarks, and the best coding model roundup has the full frontier picture.