How Verification Gaps Interact With Bad Retrieval to Amplify Agent Failures

A retrieval error that surfaces the wrong context is recoverable if verification catches the downstream plan error. Without verification, the bad retrieval becomes a bad plan becomes a bad action - three compounded failures from one source.

B

Balagei G Nagarajan

5 MIN READ


ConflictBank (arXiv:2408.xxxxx, 2024 - a dataset of conflicting knowledge claims across retrieved contexts) demonstrated that frontier models confidently incorporate conflicting information from retrieved documents into their outputs without signaling uncertainty. When the retrieved context contains a conflict, the model picks one version and presents it with full confidence. Without a verification layer that detects the conflict before the plan is executed, the wrong version propagates as a certain fact through all downstream steps.
Verification gap failure interaction hero
All three actions propagate the retrieval error through systems and to the customer.
— from “How Verification Gaps Interact With Bad Retrieval to Amplify Agent Failures”

Key facts.

  • ConflictBank (2024): frontier models confidently incorporate conflicting retrieved information into outputs without uncertainty signaling - confident wrong outputs from retrieval conflicts.
  • The compound failure path: bad retrieval (wrong or conflicting context) feeds an agent plan, which the agent executes with confidence, and the downstream effects propagate before verification would have caught the plan error if it existed.
  • Retrieval errors are the most common single-layer failure in RAG-based agent systems, present in 40-60% of production agent deployments at measurable rates - but retrieval errors alone are often recoverable if downstream verification is present.
  • The absence of verification at the plan layer - between retrieval and execution - is what transforms a recoverable retrieval error into an unrecoverable execution error. The interaction is catastrophic because neither layer alone would produce the worst outcomes.
  • A more capable model swallows the retrieval conflict more convincingly; the wrong fact propagates as cost downstream.

The compounding mechanism

Step 1: Retrieval. The agent queries its knowledge base for context about a customer's contract terms. The knowledge base returns two conflicting documents - one with the current terms and one from a superseded version. The retrieval layer does not flag the conflict. Both documents enter the context.

Step 2: Planning. The model reads both documents, selects the superseded terms (without signaling uncertainty or flagging the conflict), and builds a response plan based on those terms. If a verification layer existed at this step - one that checked the plan's factual claims against authoritative sources - it would flag the discrepancy between the plan's stated terms and the current contract record. The verification layer does not exist.

Step 3: Execution. The agent executes the plan: it communicates the wrong contract terms to the customer, updates the CRM with the wrong terms, and generates a summary based on the wrong terms. All three actions propagate the retrieval error through systems and to the customer. The original retrieval error is now a customer communications error, a data integrity error, and an audit compliance issue simultaneously.

With verification at step 2: the plan verification checks the stated contract terms against the contracts system of record, detects the discrepancy, and routes the session to a human reviewer before any action is taken. The retrieval error is caught. The execution never runs. The damage is zero.

Designing verification that catches retrieval-induced errors

Plan factual verification checks claims in the agent's plan against authoritative external systems before the plan is executed. This is the retrieval-error firewall: even if retrieval surfaces wrong or conflicting context, the plan verification step queries the system of record directly and confirms or rejects the plan's factual basis.

Retrieval conflict detection flags when retrieved documents contain conflicting statements about the same entity or claim. This requires structured comparison of retrieved chunks against each other - not just relevance ranking. A conflict-aware retrieval layer that surfaces conflicts explicitly gives the agent (and the downstream verification layer) the signal needed to route the session appropriately.

Source attribution in the plan allows verification to trace each plan claim back to its retrieved source and evaluate the source's authority. A plan claim sourced from a superseded document is flaggable; a plan claim sourced from the system of record is not. Source attribution requires structured tagging of retrieved context at the retrieval layer - which must be a design-time decision, not a retrofit.

# Verification that catches retrieval-induced plan errors
def plan_verification_with_retrieval_check(plan, retrieval_context, authority_db):
 for claim in plan.factual_claims:
 # Check claim against authoritative system (bypasses retrieval)
 authoritative_value = authority_db.lookup(claim.entity, claim.attribute)
 if authoritative_value is None:
 yield VerificationWarning(f"Cannot verify claim: {claim}")
 elif not authoritative_value.matches(claim.value):
 yield VerificationError(
 f"Plan claim conflicts with authoritative record: "
 f"plan={claim.value}, authoritative={authoritative_value}"
 )

Check for conflicts within retrieved context

conflicts = detect_retrieval_conflicts(retrieval_context) for conflict in conflicts: yield VerificationWarning(f"Retrieval conflict detected: {conflict}")

Retrieval error plus verification gap compound failure diagram

Failure layer interaction matrix

Retrieval qualityPlan verification presentOutcomeDamage scope
Good retrievalNoUsually correct executionNone (typically)
Good retrievalYesCorrect execution, verifiedNone
Bad retrievalNoWrong execution, propagatedFull downstream
Bad retrievalYesCaught before executionNone (caught early)

The Pattern Intelligence Layer requires plan-level verification as a distinct step for all patterns that include retrieval. Retrieval errors are a known, quantifiable risk - not an edge case. Plan verification that checks claims against authoritative systems before execution is the control that converts a recoverable retrieval error into an actual recovery. Without it, retrieval quality determines execution quality, and retrieval quality degrades in every production system over time as contexts change and knowledge bases lag.

Frequently asked questions


Share this post

Join the discussion

Have a take, a war story, or a question? Sign in with GitHub to comment and react. Comments are powered by GitHub Discussions, ad-free and yours to moderate.

Continue Reading

Find where your agent breaks, before you build it

Faultmap maps where your agent will fail from the goal and your data, then hands you the first test suite it has to pass.