
Key facts.
- ConflictBank (2024): frontier models confidently incorporate conflicting retrieved information into outputs without uncertainty signaling - confident wrong outputs from retrieval conflicts.
- The compound failure path: bad retrieval (wrong or conflicting context) feeds an agent plan, which the agent executes with confidence, and the downstream effects propagate before verification would have caught the plan error if it existed.
- Retrieval errors are the most common single-layer failure in RAG-based agent systems, present in 40-60% of production agent deployments at measurable rates - but retrieval errors alone are often recoverable if downstream verification is present.
- The absence of verification at the plan layer - between retrieval and execution - is what transforms a recoverable retrieval error into an unrecoverable execution error. The interaction is catastrophic because neither layer alone would produce the worst outcomes.
- A more capable model swallows the retrieval conflict more convincingly; the wrong fact propagates as cost downstream.
The compounding mechanism
Step 1: Retrieval. The agent queries its knowledge base for context about a customer's contract terms. The knowledge base returns two conflicting documents - one with the current terms and one from a superseded version. The retrieval layer does not flag the conflict. Both documents enter the context.
Step 2: Planning. The model reads both documents, selects the superseded terms (without signaling uncertainty or flagging the conflict), and builds a response plan based on those terms. If a verification layer existed at this step - one that checked the plan's factual claims against authoritative sources - it would flag the discrepancy between the plan's stated terms and the current contract record. The verification layer does not exist.
Step 3: Execution. The agent executes the plan: it communicates the wrong contract terms to the customer, updates the CRM with the wrong terms, and generates a summary based on the wrong terms. All three actions propagate the retrieval error through systems and to the customer. The original retrieval error is now a customer communications error, a data integrity error, and an audit compliance issue simultaneously.
With verification at step 2: the plan verification checks the stated contract terms against the contracts system of record, detects the discrepancy, and routes the session to a human reviewer before any action is taken. The retrieval error is caught. The execution never runs. The damage is zero.
Designing verification that catches retrieval-induced errors
Plan factual verification checks claims in the agent's plan against authoritative external systems before the plan is executed. This is the retrieval-error firewall: even if retrieval surfaces wrong or conflicting context, the plan verification step queries the system of record directly and confirms or rejects the plan's factual basis.
Retrieval conflict detection flags when retrieved documents contain conflicting statements about the same entity or claim. This requires structured comparison of retrieved chunks against each other - not just relevance ranking. A conflict-aware retrieval layer that surfaces conflicts explicitly gives the agent (and the downstream verification layer) the signal needed to route the session appropriately.
Source attribution in the plan allows verification to trace each plan claim back to its retrieved source and evaluate the source's authority. A plan claim sourced from a superseded document is flaggable; a plan claim sourced from the system of record is not. Source attribution requires structured tagging of retrieved context at the retrieval layer - which must be a design-time decision, not a retrofit.
# Verification that catches retrieval-induced plan errors
def plan_verification_with_retrieval_check(plan, retrieval_context, authority_db):
for claim in plan.factual_claims:
# Check claim against authoritative system (bypasses retrieval)
authoritative_value = authority_db.lookup(claim.entity, claim.attribute)
if authoritative_value is None:
yield VerificationWarning(f"Cannot verify claim: {claim}")
elif not authoritative_value.matches(claim.value):
yield VerificationError(
f"Plan claim conflicts with authoritative record: "
f"plan={claim.value}, authoritative={authoritative_value}"
)Check for conflicts within retrieved context
conflicts = detect_retrieval_conflicts(retrieval_context)
for conflict in conflicts:
yield VerificationWarning(f"Retrieval conflict detected: {conflict}")

Failure layer interaction matrix
| Retrieval quality | Plan verification present | Outcome | Damage scope |
|---|---|---|---|
| Good retrieval | No | Usually correct execution | None (typically) |
| Good retrieval | Yes | Correct execution, verified | None |
| Bad retrieval | No | Wrong execution, propagated | Full downstream |
| Bad retrieval | Yes | Caught before execution | None (caught early) |
The Pattern Intelligence Layer requires plan-level verification as a distinct step for all patterns that include retrieval. Retrieval errors are a known, quantifiable risk - not an edge case. Plan verification that checks claims against authoritative systems before execution is the control that converts a recoverable retrieval error into an actual recovery. Without it, retrieval quality determines execution quality, and retrieval quality degrades in every production system over time as contexts change and knowledge bases lag.

