A pre-launch expert evaluation of Evrópuvefur, a government-funded LLM service answering EU questions for Icelandic citizens, compared curated RAG retrieval against open web search across 551 expert evaluations of 449 AI-generated answers. Web search answered more questions but flagged at least one untrustworthy or irrelevant source in 35% of answers; curated sources were rarely flagged but limited coverage caused the model to decline responses. A prompt ablation showed weak steering: adding a trusted-domain list to the system prompt raised citations to those domains only from 12% to 21%. The paper argues source trustworthiness is a measurable but largely invisible quality dimension in public AI deployments.
A paper from arXiv examines how newsrooms disclose AI involvement in news content, finding that neither brief labels nor detailed disclosures achieve the goal of building reader trust. A controlled experiment with 34 readers shows detailed disclosures trigger a 'transparency dilemma' that can reduce trust, while one-line labels create an information gap requiring cognitive effort to fill. Readers instead preferred disclosure designs centered on user agency, including detail-on-demand interactions, proportional AI-ratio visualizations, and explicit 'no AI' labels. The author frames this as a design problem for the HCI community rather than a journalism ethics problem alone.
Researchers evaluated six commercial AI chatbots (Gemini 3 Flash/Pro, Grok 4, Claude 4.5 Sonnet, GPT-5, GPT-4o mini) on 2,100 factual questions derived from same-day BBC News reporting across six regional services over 14 days in February 2026. Top systems exceed 90% multiple-choice accuracy on breaking news but lose 11-17% under free-response conditions. Key findings include systematic Hindi-language underperformance (79% vs. 89-91% elsewhere) driven by Anglophone retrieval bias, retrieval failures accounting for over 70% of errors, and dramatic accuracy collapse (to 19-70%) on questions containing subtle false premises. A detection-accuracy paradox is identified: the best false-premise detector does not yield the best adversarial accuracy, suggesting premise detection and answer recovery are partially independent capabilities.
Researchers introduce FORGE, a benchmark measuring how often search-augmented LLMs recommend fake products when retrieval results are polluted with fabricated reviews or promotional pages. Across 12 commercial and open-weights models, a single polluted page causes fooled rates up to 27%, rising to 73.8% when all top-3 results are replaced. Notably, chain-of-thought reasoning does not mitigate the vulnerability and often generates spurious social proof to justify false recommendations. Three defenses tested—skepticism prompting, model-prior filtering, and cross-document consensus—each carry significant drawbacks.
Researchers conducted the first empirical study of ERC-8004, a permissionless trust protocol for AI agent economies built on Ethereum, BNB Smart Chain, and Base, covering deployment through May 2026. They found that most agent registrations are inactive placeholders (only 3–15% expose live service endpoints), and the reputation registry is functionally broken: values are incommensurable, feedback is rarely grounded in verifiable interactions, and Sybil behavior is rampant (59–91% of reviewers flagged as coordinated). After removing Sybil-flagged feedback, up to 89% of rated agents have no valid reputation signal, rendering the protocol unreliable as a trust basis for autonomous agent transactions. The paper provides protocol-design recommendations and an empirical baseline for future AI agent market research.
Researchers introduce SearchGEO, a controlled evaluation framework for measuring endorsement corruption in LLM-based web-search agents, combining a manipulation pipeline, five-mode attack taxonomy, and multiple output metrics. Evaluating 13 LLM backends on 308 cases each, they find attack success rates ranging from 0.0% on Claude-Sonnet-4.6 to 31.4% on Gemini-3-Flash, with model-family-specific vulnerability patterns. An auxiliary probe escalating endorsement to install commands reveals a behavioral split: Claude over-rejects while GPT over-trusts. The findings argue for treating adversarial search content robustness as a first-class safety evaluation dimension for deployed agents.
This commentary piece argues that as AI-generated advice becomes more consequential, users need systematic methods to evaluate AI reliability and quality—analogous to a job interview process. The author proposes frameworks for assessing AI outputs before trusting them for important decisions. The piece addresses the practical challenge of calibrating trust in AI systems across different use cases.
A new arXiv preprint identifies a critical measurement gap in legal AI evaluation: existing benchmarks test paralegal and ancillary tasks rather than doctrinal legal reasoning, which is the interpretive core of legal work. The authors argue this gap is not merely methodological but legally significant, because the EU AI Act's 'appropriate accuracy' requirement for high-risk AI in the judicial domain cannot be operationalized without a doctrinal-reasoning benchmark. The paper proposes a benchmark framework aimed at filling this gap under EU AI Act compliance requirements.
OpenAI proposes a safety technique in which two AI agents debate a topic and a human judge determines the winner, with the goal of making it easier for humans to supervise AI systems that may be more capable than themselves. The core intuition is that it is easier to verify a correct argument than to generate one, so a dishonest agent can be caught by an honest opponent. The paper introduces debate as a scalable oversight mechanism applicable to complex tasks where direct human evaluation is infeasible.