Resource: source-boundary failures in LLM evidence use

Detailed Analysis

A working paper titled *Context Is Not Control: Source-Boundary Failures in Controlled Text-Mediated Evidence Use* identifies a specific and underexplored failure mode in large language models: the inability to reliably distinguish between text that is merely present in a context window and text that is epistemically admissible as evidence for a given task. The core observation is that a piece of retrieved, quoted, or injected text can be semantically relevant and structurally answer-shaped — appearing to satisfy the surface requirements of a query — yet still be inappropriate as a basis for a generated response under the constraints of the task at hand. The paper is accompanied by replication artifacts hosted on GitHub and positions itself as a narrow, empirical contribution rather than a sweeping claim about hallucination broadly defined.

The failure mode described is particularly consequential for systems that rely on retrieval-augmented generation (RAG), long-context document processing, or tool-augmented workflows. In these architectures, a single context window may simultaneously contain user instructions, retrieved documents of varying freshness, quoted claims, injected adversarial content, suspended or stale sources, and answer candidates. Each of these text types carries different epistemic weight and different admissibility status, yet the model must navigate these distinctions without any inherent mechanism for tracking provenance or governance. The paper's framing of "source boundaries" describes exactly this problem — the model's need to treat the same syntactic medium (plain text) as carrying fundamentally different authoritative status depending on origin and task-defined rules.

The paper's central empirical finding sharpens the practical implications considerably. Simply providing a model with an "INSUFFICIENT" response option — a common mitigation strategy intended to allow models to abstain when evidence is inadequate — proved insufficient on its own to correct the failure. The more effective intervention was the explicit representation of source admissibility within the task frame itself, meaning that the model required structured, in-context signals about which sources were sanctioned as governing evidence before it could reliably honor those distinctions. This suggests that the failure is not merely one of confidence calibration but of task-frame representation, a distinction with significant implications for prompt engineering, system design, and fine-tuning approaches in production deployments.

Claude is among the frontier and API models tested alongside open-weight systems and other commercial models, making this a cross-architecture finding rather than an indictment of any single system. The author is explicit that the results do not offer a general theory of hallucination and that the failure is not Anthropic-specific. Nevertheless, Claude's prominence in long-context and agentic deployments — use cases that routinely mix retrieved documents, user-provided context, tool outputs, and system-level instructions in a single inference window — makes the described failure mode especially relevant to its operational surface area. As enterprise and developer adoption of Claude expands into document-grounded reasoning pipelines, the question of how source boundaries are communicated and respected becomes a practical engineering concern, not merely an academic one.

Situating this work within broader trends in AI development, it reflects a growing recognition that scaling context length and adding retrieval capabilities introduces qualitatively new failure modes that do not reduce to the problems studied in simpler benchmarks. The field has increasingly shifted from evaluating whether models can answer questions correctly in isolation to asking whether they can reason reliably under complex, multi-source, adversarially structured information environments. Research like this contributes to the emerging discipline of evaluating models not just for knowledge or fluency but for epistemic discipline — their capacity to enforce the governance rules that determine which information counts as evidence for a given claim. This is a foundational challenge for any AI system intended to operate as a trustworthy reasoning partner in high-stakes, information-rich contexts.