ENISA, White House reports hit by fabricated AI citations
TL;DR
- Three government policy documents in the past year — from ENISA, South Africa, and the White House — shipped with fabricated AI-generated citations.
- A 2023 study cited in the piece found 55% of GPT-3.5 citations and 18% of GPT-4 citations were entirely fabricated.
- Stanford's Rachel A. George argues verification belongs in the publishing pipeline: automated citation checks, AI disclosure standards, and trained human reviewers.
Three separate government policy documents in the last year shipped with fabricated citations, and in one case the ChatGPT fingerprints were still in the file. That is the pattern Rachel A. George catalogues in TechPolicy.Press, and it is the reason she frames research integrity as a national security problem rather than an academic one.
George, a Stanford lecturer in international relations who also holds a fellowship at Stanford Law School and a nonresident post at the Carnegie Endowment for International Peace, walks through three cases. ENISA, the European cybersecurity agency, published threat landscape reports with 26 incorrect footnotes out of 492 and later issued corrections. South Africa's government withdrew a draft AI policy after discovering at least six of its sixty-seven academic citations were fabricated. The White House's Make Our Children Healthy Assessment cited nonexistent studies and contained dozens of "oaicite" markers, which the piece identifies as OpenAI fingerprints.
The reason to care about this now, versus two years of stories about lawyers and students getting caught with hallucinated cites, is where these documents sit. Threat assessments and health assessments feed into budgets, regulations and eventually operational decisions. George cites a 2023 study finding 55 percent of GPT-3.5 citations and 18 percent of GPT-4 citations were entirely fabricated, and a 2025 analysis of GPT-4o that generated roughly one-in-five fabricated citations, with nearly two-thirds either fabricated or inaccurate once bibliographic errors are included. Fabrication rates increase for specialized or less prominent topics, which is precisely where most policy analysis lives.
Her prescription is to treat citation checking as infrastructure rather than a virtue: automated verification in the publishing pipeline, disclosure standards for AI use in research, and investment in human reviewers who can catch the tells. The honest caveat is that this is an argument, not a controlled study, and the fabrication percentages come from academic samples that may not describe how staffers actually use these tools in a policy shop. What the reporting does not tell you is whether any of the three flagged documents changed a real decision before the corrections landed, or how many other reports from the same window are quietly carrying the same problem. What it does give you is a plausible reason for anyone shipping a report this quarter to run the bibliography through a checker before it goes out.
Shared on Bluesky by 3 AI experts
-
Policymakers treat critical infrastructure as physical: power grids, communications networks, transportation systems, and satellites. In the age of generative AI, writes Rachel A. George, another kind deserves equal atte…
View on Bluesky →
Originally reported by techpolicy.press
Read the original article →Original headline: The Next National Security Challenge Is Research Integrity | TechPolicy.Press