Papers
Topics
Authors
Recent
Search
2000 character limit reached

Phantom References: Hallucinated Citations That Survive Peer Review at Top-Tier Conferences

Published 1 Jul 2026 in cs.DL and cs.AI | (2607.00738v1)

Abstract: LLMs can generate polished scientific text that includes unsupported claims, allowing hallucinations to enter the archival record. Assessing this risk via technical statements is difficult and often requires expert judgment, but citations provide a more auditable surface: a reference either resolves to a real scholarly work with compatible authorship, or it does not. We measure citation hallucination in peer-reviewed proceedings using a conservative definition limited to identity-level failures: non-existent works and substantial author-list mismatches. We explicitly exclude ordinary bibliographic drift (e.g., venue/year differences, publication-status updates, minor name variants). To audit citations at scale, we build RefChecker, a verification pipeline that resolves bibliography entries against multiple bibliographic sources and escalates unresolved cases to web-search re-verification. We apply RefChecker to accepted camera-ready papers from ICLR, ICML, NeurIPS, and USENIX Security. Hallucinated citations have entered the archival record. While reference-level rates are usually below 1%, proceedings are large enough that paper-level failures are visible: in 2025, roughly one in twenty NeurIPS and USENIX Security papers contains at least two likely hallucinated academic-paper-like references under our strict definition. We also observe post-ChatGPT increases in several venues, including a tail of papers with 5+ failures in a single bibliography, and likely hallucinated citations even among award-winning papers. These results suggest peer review alone does not reliably enforce citation integrity, yet auditing is tractable (about 0.04$ per paper in one venue-scale scan). We open-source RefChecker for routine, reproducible citation verification before publication (https://github.com/markrussinovich/refchecker).

Summary

  • The paper reveals that automated reference verification exposes hallucinated citations that persist in peer-reviewed AI research.
  • The RefChecker pipeline cross-checks bibliographic entries using multiple authoritative databases to ensure rigorous validation.
  • Findings indicate that peer review fails to flag fabricated citations, emphasizing the critical role of cost-effective, scalable auditing.

Hallucinated Citations in Peer-Reviewed AI Research: A Large-Scale Audit

Introduction

The proliferation of LLMs has transformed scientific writing, offering unprecedented capabilities to generate polished, seemingly authoritative academic text. However, this advance has introduced new vulnerabilities, with LLM-generated manuscripts susceptible to โ€œhallucinationsโ€ โ€” outputs that are fluent, plausible, yet ungrounded in factual reality. While much attention has focused on claim-level hallucination, โ€œPhantom References: Hallucinated Citations That Survive Peer Review at Top-Tier Conferencesโ€ (2607.00738) exposes a different facet of this risk: the emergence of entirely fabricated or misattributed citations in the bibliographies of peer-reviewed, published papers.

Methodology

The authors introduce RefChecker, an open-source, scalable pipeline designed to audit citations in scholarly manuscripts by cross-referencing bibliographic entries against multiple authoritative databases (Semantic Scholar, OpenAlex, CrossRef, DBLP, ACL Anthology). When references resist straightforward verification โ€” either due to non-matching titles or substantial author-list divergences โ€” RefChecker escalates the check to LLM-guided web search, seeking concrete publication evidence.

The target corpus comprises ~48,000 camera-ready papers from ICLR, ICML, NeurIPS, and USENIX Security, spanning 2021โ€“2026. The study restricts itself to accepted manuscripts with authority-controlled publication records, ensuring high-fidelity extraction and validation. Hallucinated references are conservatively defined as those that fail identity-level checks: either the referenced work does not exist, or the cited authors diverge substantially from index metadata. Ordinary โ€œbibliographic driftโ€ (year/venue changes, minor name variants) is not counted. Figure 1

Figure 1: Schematic overview of the RefChecker measurement pipeline, highlighting multi-source verification and escalation paths.

Key Findings

Prevalence of Hallucinated References

Despite a low per-reference hallucination rate (sub-1% in most venue-years), the aggregate effect across thousands of papers and hundreds of thousands of citations is striking. In NeurIPS and USENIX Security proceedings for 2025, approximately 5% of accepted papers contain at least two likely hallucinated academic-paper-like references, even under the strictest definitions. Incidence increases post-ChatGPT, both in absolute numbers and in the frequency of papers with multiple (โ‰ฅ5) hallucinated citations in a single bibliography. Figure 2

Figure 2

Figure 2: Paper-level prevalence of hallucinated references across conference-years.

Figure 3

Figure 3: Distribution of hallucinated references per affected paper, normalized by conference family.

Figure 4

Figure 4

Figure 4: Share of papers with five or more hallucinated references, a risk-concentrating tail.

Figure 5

Figure 5: Maximum number of hallucinated references observed in a single paper across conference families.

Nature and Composition of Errors

Manual adjudication and error decomposition reveal that these are identity-level failures: the reference either points to a non-existent work or misattributes authorship to an unrelated group. Minor metadata inconsistencies are not responsible for the bulk of flags. Figure 6

Figure 6: Decomposition of hallucinated reference types: lack of evidence for existence vs. author-list mismatch vs. multi-field discrepancies.

Peer Review and Reviewer Awareness

Analysis indicates that peer review offers no protective signal against hallucinated citations. Papers with unverified references receive reviewer scores statistically indistinguishable from clean papers; acceptance tier (poster/oral/spotlight) is similarly uninformative. Figure 7

Figure 7: Mean reviewer ratings for clean vs. affected papers show negligible differences.

Figure 8

Figure 8: Hallucinated-reference rates by acceptance tier, indicating lack of filtering at higher selectivity levels.

Comparison of accepted and rejected submissions (ICLR 2023) demonstrates similar hallucination rates, despite substantial reviewer score differences. Figure 9

Figure 9: Hallucinated-reference rates in accepted vs. rejected submissions, highlighting independence from reviewer ratings.

Research Area Exposure

The phenomenon is distributed broadly across areas: no domain is immune, and even LLM/foundation model papers have only a slightly lower incidence. Figure 10

Figure 10: Prevalence by primary research area; all major subfields affected.

Cost and Feasibility of Automated Auditing

Auditing a major venueโ€™s proceedings with RefChecker costs approximately four cents per paper, suggesting operational scalability for integration into conference workflows โ€” a non-trivial result for future governance and editorial policy.

Author Feedback and Workflow Analysis

Direct author engagement suggests that most hallucinations originate in workflow breakdowns. LLM-based tools and automated bibliography generators are frequently implicated; few cases reflect intentional deception. Post-publication corrections are often made ad hoc when errors are discovered.

Implications

Practical Implications for Scientific Governance

The evidence demonstrates that peer review is not currently structured to detect bibliographic fabrications. LLM-assisted authoring, by making it effortless to generate plausible BibTeX entries from partial cues, increases both the ease and the risk of introducing unverifiable citations. The findings have led major AI conferences to implement new policies, with hallucinated references explicitly cited as grounds for desk rejection, and a requirement for concrete, evidence-based auditing (rather than detector scores alone).

Theoretical Implications

This audit sharpens the distinction between โ€œunverifiableโ€ at the claim level versus at the citation layer. While claim-level fact verification remains intractable at scale, reference-level verification is automatable, externally auditable, and cost-effective. The study substantiates that automated verification, rather than peer review, is the only viable mechanism for safeguarding the citation layer as LLMs are further embedded in academic writing pipelines.

Future Developments in AI and Scientific Publishing

  • Rise of Citation-Verification Tooling: The demonstrated tractability and cost-effectiveness will likely drive widespread adoption of automated reference-checking as a default step in submission workflows, relegating hallucinated citations to pre-publication correction rather than post-publication discovery.
  • Toward Unified Citation Infrastructure: The fragmentation of bibliographic metadata across incompatible indexes is a major source of false positives; the creation of canonical, open, unified citation registries would mitigate many current verification ambiguities and improve both authoring and auditing precision.
  • Evolution of Best Practices: As LLM integration deepens, expect heightened expectations for provenance and auditability, not just for factual claims but for all references in scholarly communication.
  • Co-evolution of LLMs and Verification: Future LLM-based authoring tools may incorporate real-time, retrieval-based verification, reducing hallucination rates at the point of generation. Conversely, stronger detectors and automated curation will become integral to scholarly publishing infrastructure, as outlined in concurrent work (Zhao et al., 8 May 2026, Xu et al., 6 Feb 2026, Rao et al., 3 Apr 2026).

Conclusion

The "Phantom References" study establishes that hallucinated citations have become an endemic failure mode in high-stakes, peer-reviewed AI research. These citations persist through to publication due to limitations of human review and the frictionlessness of LLM-based manuscript preparation. Automated, externally auditable reference verification is both viable and urgently needed, given the low cost and high leverage demonstrated. Ensuring the integrity and verifiability of the citation layer must now become a foundational norm in scientific publishing, particularly as LLMs further permeate authoring workflows.

Paper to Video (Beta)

No one has generated a video about this paper yet.

Whiteboard

No one has generated a whiteboard explanation for this paper yet.

Explain it Like I'm 14

Overview: What this paper is about

This paper looks at a growing problem in science: fake or wrong citations slipping into real, peerโ€‘reviewed conference papers. A citation is supposed to be like a street address that leads readers to the exact source of an idea. But with AI tools that sometimes โ€œhallucinateโ€ (confidently make things up), itโ€™s become easier to generate polished references that point to nowhereโ€”or to the wrong people. The authors built a tool, RefChecker, to see how often this happens in top computer science conferences and how big the problem really is.

The big questions the paper asks

  • How often do published research papers include โ€œphantomโ€ referencesโ€”citations to papers that donโ€™t exist or that list the wrong authors?
  • Did this problem get worse after tools like ChatGPT became widely used?
  • Do standard peer reviews catch these problems?
  • Is the issue spread across many papers, or concentrated in a few with lots of bad citations?
  • Can we check citations at conference scale quickly and cheaply?

How they studied it (in simple terms)

Think of each paperโ€™s reference list as a set of addresses you can try to look up on a map. The authors built RefChecker, a โ€œreference detectiveโ€ that:

  • Reads a paperโ€™s bibliography from the PDF and breaks each entry into parts (title, authors, year, venue, DOI, etc.).
  • Looks up each reference in several trusted โ€œmapsโ€ (big databases like Semantic Scholar, OpenAlex, CrossRef, DBLP, ACL Anthology, and arXiv).
  • If a reference still looks suspiciousโ€”no match found or the author list looks very differentโ€”it uses a web search (with an AI helper) to hunt for an official page for that work.
  • Calls a reference โ€œlikely hallucinatedโ€ only if:
    • No real work can be found that matches, or
    • A real work exists but the authors listed in the citation are substantially wrong.

Importantly, they did NOT count normal, harmless differences like the year changing from a preprint to a final version, the venue changing, minor spelling differences in names, or publication-status updates. They focused only on โ€œidentityโ€ errors: nonโ€‘existent works or big author mismatches.

They ran this on cameraโ€‘ready (final) versions of accepted papers from top conferences (ICLR, ICML, NeurIPS, and USENIX Security) from 2021โ€“2025 (and a partial 2026 year for ICLR). These are the versions that live in the permanent record.

Main findings and why they matter

Here are the key takeaways, explained plainly:

  • Singleโ€‘reference view looks small, but thatโ€™s misleading:
    • Fewer than 1% of individual references are likely hallucinated in most years and venues. That sounds tiny.
    • But conferences publish thousands of papers containing hundreds of thousands of references. Even a tiny rate means lots of bad citations appear across the proceedings.
  • Paperโ€‘level view shows a real problem:
    • In 2025, about 1 in 4 accepted papers at some venues (like NeurIPS) had at least one likely hallucinated citation.
    • About 1 in 20 accepted papers at NeurIPS and USENIX Security had at least two likely hallucinated citationsโ€”even when counting only citations to other academic papers.
    • Some papers had many bad citations in a single bibliography (5 or more), with the worst case having 20. Thatโ€™s no longer a typo; itโ€™s a serious reliability problem.
  • Itโ€™s not just small mistakes:
    • Most flagged problems were identity errors: the cited work couldnโ€™t be found at all, or the author list was substantially wrong. Minor year/venue differences were excluded.
  • Peer review didnโ€™t catch it:
    • Papers with hallucinated citations had almost the same reviewer scores as clean papers.
    • Even highly rated or awardโ€‘winning papers sometimes included likely hallucinated citations.
    • Rejected and accepted papers had very similar hallucinatedโ€‘citation rates, suggesting reviewers arenโ€™t catching these issues.
  • The problem grew after ChatGPT:
    • Rates increased in several conference series after public LLMs took off, and a few venues showed a noticeable โ€œtailโ€ of papers with many bad citations.
    • The timing suggests changing authoring habits (e.g., using AI to fill in references from memory) may be part of the cause.
  • Good news: itโ€™s fixable and cheap:
    • Scanning an entire conference cost about 4 cents per paper in one example.
    • The authors openโ€‘sourced RefChecker so conferences and journals can run these checks before publication.

Why this matters: Citations are the backbone of scientific trust. If a paper points to work that doesnโ€™t exist or credits the wrong authors, readers canโ€™t verify claims, and the scientific record gets messy. Because AI tools can produce polished but madeโ€‘up references, automated checks are becoming essential.

What this research means going forward

  • For authors and students: Doubleโ€‘check your references, especially if an AI tool helped generate them. Treat references like directions to a destination: make sure they lead somewhere real and give credit to the right people.
  • For reviewers and conferences: Peer review alone isnโ€™t catching this. Adding automated citation checks to the submission process is practical, inexpensive, and likely necessary.
  • For the research community: As AI becomes part of writing, we need guardrails that keep the citation layer trustworthy. Tools like RefChecker can help keep the scientific record clean without slowing down research.
  • For policy: Some conferences already list hallucinated references as grounds for desk rejection. This study provides concrete, auditable evidence to support fair, transparent enforcement.

In short, the paper shows that โ€œphantomโ€ references are slipping into real, published workโ€”but also that we now have a practical way to spot and prevent them at scale.

Knowledge Gaps

Below is a single, actionable list of the paperโ€™s unresolved knowledge gaps, limitations, and open questions for future work.

  • Quantify measurement accuracy: conduct a stratified manual adjudication of flagged and unflagged citations to estimate precision/recall, inter-rater reliability, and provide confidence intervals for venue- and year-level rates.
  • Benchmark against alternative systems: run a head-to-head evaluation with GhostCite/CiteVerifier and other tools on a shared, publicly released gold set to compare precision, recall, and operational costs.
  • Release reproducible evidence: publish timestamped evidence logs (e.g., source snapshots, resolver traces) and a de-identified, adjudicated benchmark of citations (even if partially masked) to enable independent replication without deanonymizing papers.
  • Control for data-source drift: snapshot bibliographic databases (Semantic Scholar, OpenAlex, CrossRef, DBLP, ACL Anthology) and LLM versions used at audit time to separate real trends from backend coverage changes and API behavior.
  • Sensitivity analysis of pipeline thresholds: report how rates change with author-overlap cutoffs (including 1โ€“2 author cases), title-similarity thresholds, DOI/URL mismatch rules, and escalation criteria; include ablations on each verification source.
  • Robustness to extraction noise: quantify parser errors by venue/style (GROBID vs LLM parsing), provide per-format error rates, and test alternative parsers; assess how extraction failures bias hallucination estimates.
  • Define and validate โ€œacademic-paper-likeโ€ detection: specify the classifier/heuristics used to categorize reference types and measure misclassification rates, especially for workshop/tech reports, theses, and non-English venues.
  • Expand the failure taxonomy: measure โ€œsemantic mis-citationโ€ (correct identity but wrong work for the claim) and claim-to-source support gaps, not just identity mismatches; evaluate feasibility with retrieval-augmented claim checking.
  • Cross-lingual and name-disambiguation coverage: evaluate performance on non-English titles, transliteration/diacritics, large/consortium author lists, and incorporate ORCID/author IDs to reduce false author mismatches.
  • Adversarial robustness: develop and test a threat model (e.g., spoofed landing pages, SEO poisoning, DOI squatting) and harden the verifier (multi-source corroboration, cryptographic DOI resolution, archive checks).
  • False-negative characterization: estimate undercounting due to sparse indexing (older, niche, non-CS fields), title changes across versions, and metadata errors where the work exists but cannot be retrieved by current sources.
  • Causality with LLM-assisted authoring: go beyond temporal correlationโ€”use author surveys, blinded audits of submission toolchains, or instrumented writing experiments to attribute increases to specific practices/tools.
  • Generalizability beyond AI/security conferences: replicate on journals, monographs, humanities/social-science venues, biomedical outlets, and non-English proceedings to assess field- and language-specific dynamics.
  • High-count tail diagnosis: perform root-cause analysis of papers with 5+ hallucinated citations (author workflows, tooling, time pressure, team size, institution/region, language background) using privacy-preserving aggregation.
  • Reviewer/editor workflow trials: run prospective deployment studies (A/B) in real submission pipelines to measure detection yield, reviewer workload impact, false-positive burden, and effects on acceptance decisions.
  • Policy impact evaluation: conduct event studies around ICLR/ICML 2026 policy changes to quantify desk-reject rates, author remediation behavior, and any displacement to other error types.
  • Post-publication dynamics: track whether hallucinated citations are corrected via camera-ready fixes, errata, or later versions; estimate half-life and propagation of fabricated citations in the citation graph.
  • Downstream harm assessment: study how hallucinated citations influence follow-on work (e.g., secondary citations, survey propagation, meta-analyses) and quantify the probability and cost of error propagation.
  • Coverage of non-paper artifacts: design specialized validators for datasets, software, benchmarks, RFCs, and standards (e.g., registry checks, hash/DOI for software releases) and measure their hallucination rates.
  • Retraction/withdrawal awareness: add retraction-status checks (CrossMark/Retraction Watch/PMC) and quantify the prevalence of citing retracted works or preprints superseded by materially different versions.
  • Cost and scalability under load: characterize cost variance by venue/year and escalation rate; model throughput, rate limits, and failure modes at journal-scale deployments; include human-in-the-loop triage costs.
  • Multi-model cross-checking: reduce dependence on a single LLM for deep search by using diverse models/providers and majority/consensus protocols; measure gains in robustness vs. cost.
  • Evidence quality grading: define a rubric for acceptable โ€œsource pagesโ€ (publisher vs. aggregator vs. personal pages) and quantify how source-type affects verification accuracy and adversarial risk.
  • Identity resolution across versions: formalize matching across preprint/proceedings/journal versions where titles/authors change; quantify errors due to version drift and propose version-linking heuristics.
  • Citation-style effects: analyze how different bibliographic styles (numeric vs. authorโ€“year; abbreviated titles/venues) affect extraction and verification accuracy across venues.
  • Distinguishing LLM-induced vs. conventional errors: combine audit signals (e.g., bursty BibTeX generation patterns, unusual venueโ€“year combos) with author surveys to separate LLM hallucinations from typos or copy-paste errors.
  • Ethical notification and remediation: specify procedures for notifying authors/venues, appeals, correction windows, and thresholds for public reporting; evaluate community perceptions via user studies.
  • UI/feedback for authors: design and test author-facing tools that surface concrete fixes (e.g., DOIs, canonical titles), measure adoption and error reduction in pilot studies.
  • Data governance and privacy: assess legal/ethical implications of processing submissions at scale (PII in PDFs/bibliographies), data retention policies, and compliance across jurisdictions.

Practical Applications

Overview

This paper introduces RefChecker, an open-source, low-cost pipeline that verifies scholarly references against multiple authoritative bibliographic sources and escalates unresolved cases to targeted web search. The study shows that identity-level โ€œphantom referencesโ€ (non-existent works or substantial author-list mismatches) are already present in camera-ready papers across top conferences, that peer review does not reliably catch them, and that conference-scale audits are feasible (approximately $0.04 per paper in one venue). These findings and the toolโ€™s design enable practical applications across publishing, software, education, policy, and day-to-day research workflows.

Immediate Applications

The following applications can be deployed with current capabilities of RefChecker and the multi-source verification approach described in the paper.

  • Editorial pre-publication checks for conferences and journals (Publishing, Software)
    • What: Integrate RefChecker into submission systems (e.g., OpenReview, EasyChair, HotCRP, Editorial Manager) to automatically scan bibliographies at submission, revision, and camera-ready stages. Use tiered triage (e.g., auto-notify authors for 1โ€“2 flags; mandatory correction/manual review for โ‰ฅ5 flags, reflecting the high-count tail).
    • Tools/workflows: โ€œCitation lintingโ€ CI jobs; decision-dashboard widgets listing flagged references with evidence; automated emails with suggested DOIs/URLs.
    • Assumptions/dependencies: Access to PDFs/BibTeX; API access to Crossref/OpenAlex/Semantic Scholar/DBLP; networked execution; policy agreement on thresholds and due-process review; acceptance of small false-positive rate.
  • Reviewer assistance during peer review (Academia, Publishing, Software)
    • What: Display a per-paper โ€œcitation integrity summaryโ€ to reviewers (counts of verified/flagged references, examples, links to evidence).
    • Tools/workflows: Reviewer sidebar panels; batch-scans of new submissions; downloadable audit logs.
    • Assumptions/dependencies: Reviewer platforms expose UI hooks; organizers accept that automated flags are advisory, not verdicts.
  • Pre-submission checks for authors and labs (Academia, Daily Research Practice)
    • What: Provide a CLI/GUI or Overleaf plug-in that scans drafts and suggests fixes (missing/incorrect DOIs, wrong author lists, broken URLs) before submission.
    • Tools/products: Overleaf/VS Code extension; GitHub Action for paper repositories; local โ€œrefcheckโ€ CLI that outputs a fix-it report and patched BibTeX.
    • Assumptions/dependencies: PDF/BibTeX export available; willingness to run a check; internet access for verification.
  • Reference-manager integrations (Software, Academia)
    • What: Plug-ins for Zotero, EndNote, Mendeley to validate items during import and before bibliography generation.
    • Tools/workflows: โ€œValidate selected itemsโ€ button; background sync that enriches entries with DOIs/arXiv IDs.
    • Assumptions/dependencies: Extension APIs; mapping fields consistently to source databases.
  • Publisher production QA and copyediting support (Publishing)
    • What: Run RefChecker during copyediting/typesetting to catch drift introduced by template conversions or proof edits.
    • Tools/workflows: Batch pipeline that flags changed identifiers/author lists between accepted and typeset versions.
    • Assumptions/dependencies: Access to production artifacts; stable identifiers across stages.
  • Institutional research integrity services (Universities, Libraries, Research Offices)
    • What: Offer a campus service to scan manuscripts, theses, and reports for phantom references and to recommend corrections.
    • Tools/workflows: Self-serve portal; librarian triage queue for high-count cases; monthly summary reports.
    • Assumptions/dependencies: Institutional hosting; privacy policies for ingestion of manuscripts.
  • Preprint server and repository scanning (arXiv, institutional repos) (Publishing, Academia)
    • What: Nightly scans of new postings to surface likely hallucinated citations back to authors via moderation dashboards or automated notes.
    • Tools/workflows: Event-driven jobs on new submissions; author notifications with opt-in fixes.
    • Assumptions/dependencies: Cooperation with repository operators; clear messaging to avoid reputational harm.
  • LLM writing-assistant guardrails for citations (Software, Education, Media)
    • What: Require retrieval-backed, verified references when LLMs propose citations; suppress or mark unverifiable items.
    • Tools/workflows: LLM plug-ins that call RefChecker before emitting BibTeX; inline warnings in chat UIs.
    • Assumptions/dependencies: Model/tooling supports plug-ins; acceptance that coverage may be incomplete for niche sources.
  • Compliance and QA for reports in regulated sectors (Healthcare, Finance, Government, Legal, Newsrooms)
    • What: Scan white papers, regulatory submissions, policy reports, and articles to ensure cited evidentiary sources exist and match authors.
    • Tools/workflows: โ€œSource guardianโ€ batch scans with exportable audit trails; thresholds for manual legal/medical review.
    • Assumptions/dependencies: Domain-specific sources (e.g., PubMed, SSRN) included; policy governing acceptable evidence.
  • Educational use for grading and instruction (Education)
    • What: Course management systems and plagiarism detectors add a โ€œreference verificationโ€ step for assignments and theses, with formative feedback.
    • Tools/workflows: LMS plug-ins returning a citation integrity score; teach students to repair references using suggested fixes.
    • Assumptions/dependencies: Instructor buy-in; careful handling of false positives to avoid penalizing students unfairly.

Long-Term Applications

These opportunities require further research, scaling, standardization, or broader adoption.

  • Cross-publisher citation verification standard and APIs (Publishing, Policy)
    • What: A common, machine-readable schema and API across publishers and indices for robust reference validation and corrections.
    • Potential outcomes: An industry-wide โ€œVerified Citationโ€ badge; automated corrections propagating across platforms.
    • Dependencies: Multi-stakeholder coordination (publishers, Crossref, ORCID, repositories); governance for dispute resolution.
  • Submission gating with automated desk-reject policies backed by evidence (Publishing, Policy)
    • What: Policy-driven thresholds (e.g., โ‰ฅ5 identity-level failures) trigger conditional desk rejections, with transparent evidence packages and appeal workflows.
    • Potential outcomes: Reduced reviewer burden; higher baseline citation integrity.
    • Dependencies: Clear definitions and due process; calibrated thresholds per field; human-in-the-loop validation to avoid wrongful rejections.
  • Institution- and funder-level analytics (Academia, Policy)
    • What: โ€œCitation Integrity Indexโ€ dashboards for departments, institutions, and funded projects; risk-based monitoring and training interventions.
    • Potential outcomes: Targeted integrity programs; requirements in grant applications for pre-submission verification.
    • Dependencies: Data-sharing agreements; careful metrics design to avoid perverse incentives.
  • Training-time and inference-time alignment for LLMs (Software, AI)
    • What: Use verified citation signals to fine-tune models to avoid fabricated references; enforce retrieval-verified citation generation at inference.
    • Potential outcomes: Safer scholarly writing assistants; benchmarks for citation faithfulness.
    • Dependencies: Curated training data with ground-truth labels; model and toolchain support for retrieval constraints.
  • End-to-end provenance-aware authoring environments (Software, Publishing)
    • What: Authoring tools (Overleaf, Google Docs, Word) that maintain verifiable links from inline citations to canonical source pages and identifiers, updating automatically across preprint-to-proceedings transitions.
    • Potential outcomes: Fewer production-stage errors; automated drift reconciliation.
    • Dependencies: Product integrations; reliable identifier adoption; UX that balances automation with author control.
  • Expansion beyond papers to other scholarly artifacts (Datasets, Software, Standards) (Academia, Software, Policy)
    • What: Extend identity checks to datasets (DOIs), software (release tags, archives), standards/RFCs, and clinical trial registries.
    • Potential outcomes: Better reproducibility and credit; reduced misattribution of non-paper artifacts.
    • Dependencies: Coverage and persistence of identifiers (DataCite, Zenodo, GitHub Archives); parsers for diverse formats.
  • Multilingual and global coverage (Academia, Publishing)
    • What: Robust verification for non-English venues, transliteration variants, and regional indices.
    • Potential outcomes: Equitable integrity checks across geographies and languages.
    • Dependencies: Additional sources (Scielo, CNKI, J-STAGE); improved name/title normalization across scripts.
  • Large-scale retrospective audits and remediation (Publishing, Academia)
    • What: Scan historical proceedings and journal volumes; issue corrigenda for identity-level errors; update citation graphs.
    • Potential outcomes: Cleaner scholarly record; improved bibliometrics.
    • Dependencies: Access to backfiles; publisher workflows for errata; community norms on post-publication fixes.
  • Discovery engines and knowledge graphs with integrity signals (Software, Research Tools)
    • What: Search and recommendation systems weight references by verification status; expose integrity overlays in Google Scholar-like interfaces.
    • Potential outcomes: Users find and trust sources more effectively; fewer propagation cascades from phantom references.
    • Dependencies: Integration partnerships; real-time updating as corrections land.
  • Autonomous reference-repair assistants (Software)
    • What: Agents that propose and apply fixes (e.g., correct DOIs/author lists), with audit trails and human approval, at scale for large proceedings or journal special issues.
    • Potential outcomes: Faster camera-ready turnaround; consistent bibliographies.
    • Dependencies: High-precision matching; editorial acceptance of semi-automated edits.
  • Sector-specific compliance frameworks (Healthcare, Legal, Government)
    • What: Codify โ€œevidence verifiabilityโ€ requirements in regulatory guidance (e.g., clinical evaluation reports, legal briefs, policy impact assessments).
    • Potential outcomes: Reduced risk from fabricated sources in critical decisions.
    • Dependencies: Regulator buy-in; domain-tailored source whitelists; secure handling of sensitive documents.

Notes on feasibility and common dependencies

  • Verification coverage varies by field and artifact type; gaps in bibliographic databases can create false positives if not mitigated by human review.
  • PDF parsing quality and metadata completeness materially affect accuracy; direct BibTeX/CSL input reduces risk.
  • Web search escalation relies on LLMs; providers, cost, and internet access are operational dependencies.
  • Policies should emphasize evidence packages and appeals to prevent reputational harm from automated flags.
  • Identifier adoption (DOIs, arXiv IDs, ORCID) and stable source pages greatly improve robustness across all applications.

Glossary

  • ACL Anthology: A curated digital archive of computational linguistics literature and metadata used for citation verification. "Semantic Scholar, OpenAlex, CrossRef, DBLP, and the ACL Anthology."
  • academic-paper-like references: Bibliography entries that point to scholarly works (e.g., papers) rather than websites, software, or datasets. "In 2025, restricting attention to academic-paper-like references, roughly one in twenty accepted papers at NeurIPS and USENIX Security contains at least two likely hallucinated references under our strict definition."
  • acceptance tier: The selectivity category assigned to accepted conference papers (e.g., poster, spotlight, oral). "Hallucinated-reference prevalence by acceptance tier (OpenReview-covered accepted papers only)."
  • AI slop: A policy term for low-quality AI-generated text that interferes with peer review. "and treats low-quality AI-generated content (``AI slop'') as interference with the peer-review process"
  • arXiv identifier: A unique ID for preprints on arXiv used to locate and verify cited works. "The cited arXiv identifier is inconsistent with the matched work or points elsewhere."
  • author-identity corruption: A citation error where a real work is attributed to a substantially different set of authors. "The second is author-identity corruption: a real paper exists, but the citation assigns it to a substantially different set of authors."
  • author-list mismatches: Substantial discrepancies between the cited authors and the actual authors of a work. "We define a conservative notion of hallucinated citation that counts identity-level failures: non-existent works and substantial author-list mismatches."
  • BibTex: A LaTeX-oriented format for storing and formatting bibliographic references. "A rough title, a partial memory of a paper, or a URL can become a polished BibTex entry in seconds"
  • bibliographic drift: Benign changes in citation metadata (e.g., venue, year, publication status) that don't change work identity. "We explicitly exclude ordinary bibliographic drift, such as venue changes, year changes, publication-status updates, and minor name variants."
  • camera-ready: The final, publication-bound version of a paper prepared after acceptance. "We apply RefChecker to accepted camera-ready papers from ICLR, ICML, NeurIPS, and USENIX Security."
  • CrossRef: A major DOI registration agency and metadata database used to resolve and verify scholarly references. "Each normalized reference is checked against multiple bibliographic sources, including Semantic Scholar, OpenAlex, CrossRef, DBLP, and the ACL Anthology."
  • DBLP: A comprehensive computer science bibliography used for disambiguating and verifying CS publications. "Each normalized reference is checked against multiple bibliographic sources, including Semantic Scholar, OpenAlex, CrossRef, DBLP, and the ACL Anthology."
  • deep-check verdict: The outcome label (e.g., LIKELY, UNLIKELY, UNCERTAIN) from the pipelineโ€™s escalated verification step. "The deep-check verdict; only LIKELY verdicts that survive metadata re-verification are counted as likely hallucinated."
  • desk rejection: An editorial decision to reject a submission without full review due to policy violations or clear deficiencies. "ICLR~$2026$ permits desk rejection for LLM use yielding hallucinated references while insisting on concrete evidence over detector scores"
  • deterministic filters: Rule-based checks applied before escalation to more expensive verification steps. "RefChecker first applies deterministic filters: a reference is escalated when it cannot be verified"
  • deterministic retrieval: A retrieval approach with predictable outputs that reduces hallucinations in generated citations. "pairing models with deterministic retrieval sharply improves BibTex generation."
  • DOI: Digital Object Identifier; a persistent, unique alphanumeric string identifying a digital document. "The cited DOI is missing, inconsistent, or resolves to a different work."
  • extract-retrieve-judge pipeline: A multi-agent verification pattern that extracts a claim, retrieves evidence, and judges support. "CiteAudit pairs a benchmark with a multi-agent extract-retrieve-judge pipeline"
  • FActScore: A benchmark for assessing factual consistency of generated content. "and FActScore"
  • GhostCite: A large-scale study and toolset auditing citation validity across AI/ML and security venues. "GhostCite, however, is less conservative in selecting candidate hallucinations and would require more manual effort to filter them."
  • GROBID: An open-source tool that extracts structured bibliographic data from PDFs. "PDFs can fall back to GROBID when available."
  • grounded citation: A practice of linking generated statements to explicit, verifiable sources. "a parallel line of works makes generations checkable through attribution and grounded citation, measuring whether a statement is supported by its source"
  • hallucinated citation: A reference that appears scholarly but points to a non-existent work or wrong authorship. "We define a conservative notion of hallucinated citation that counts identity-level failures"
  • high-count tail: The subset of papers containing many failures (e.g., โ‰ฅ5), concentrating risk and attention. "a high-count tail of papers with multiple (5+) failures in the same bibliography"
  • identity-level failures: Errors that change the identity of the cited work (e.g., fabrication, wrong authors). "identity-level failures: non-existent works and substantial author-list mismatches."
  • inline citations: In-text references that are directly tied to retrieved evidence in generated outputs. "training models to emit inline citations grounded in retrieved evidence"
  • LLMs: AI systems trained on large corpora that can generate fluent but sometimes ungrounded text. "LLMs make it easy to produce scientific text that is polished, confident, and unsupported by real evidence."
  • LLM-driven deep web search: An escalated verification step where an LLM conducts targeted web searches to find authoritative sources. "Escalated references are sent to an LLM with web-search capability for verification." / "LLM-driven deep web search"
  • OpenAlex: An open, comprehensive index of scholarly works and their metadata used for verification. "Each normalized reference is checked against multiple bibliographic sources, including Semantic Scholar, OpenAlex, CrossRef, DBLP, and the ACL Anthology."
  • OpenReview: A platform hosting submissions, reviews, and metadata for many ML conferences. "camera-ready PDFs are openly accessible through OpenReview or official conference proceedings pages."
  • post-ChatGPT period: The timeframe after ChatGPTโ€™s public release, used to compare pre- and post-adoption behaviors. "The post-ChatGPT period shows a significantly higher-count tail"
  • publication-version drift: Minor shifts in cited metadata due to a work moving from preprint to proceedings. "a weaker discrepancy remains, such as year or venue variation that may reflect publication-version drift."
  • RefChecker: The paperโ€™s open-source pipeline that verifies references against multiple bibliographic sources and web evidence. "we build RefChecker, a reference-verification pipeline that resolves bibliography entries against multiple bibliographic sources and escalates unresolved cases to web-search re-verification."
  • Semantic Scholar: A large scholarly literature search engine and metadata source used for citation verification. "Each normalized reference is checked against multiple bibliographic sources, including Semantic Scholar, OpenAlex, CrossRef, DBLP, and the ACL Anthology."
  • TruthfulQA: A benchmark designed to evaluate truthfulness and resistance to common misconceptions in model outputs. "quantified by benchmarks such as TruthfulQA, HaluEval, and FActScore"

Open Problems

We haven't generated a list of open problems mentioned in this paper yet.

Collections

Sign up for free to add this paper to one or more collections.

Tweets

Sign up for free to view the 1 tweet with 0 likes about this paper.