GPTZero finds 100 new hallucinations in NeurIPS 2025 accepted papers
TL;DR Highlight
GPTZero scanned 4841 NeurIPS 2025 papers and found 53 with 100+ fabricated citations (hallucinated references) — a serious academic integrity issue.
Who Should Read
Academic researchers, conference organizers, and anyone evaluating whether AI-generated content in scholarly work is detectable and problematic.
Core Mechanics
- GPTZero's AI detection tool scanned the entire NeurIPS 2025 accepted paper corpus (4841 papers) and flagged 53 papers with 100 or more citations that appear to be hallucinated.
- Hallucinated citations are plausible-sounding but nonexistent references — they often have realistic author names, paper titles, and venues but don't correspond to real publications.
- This is a different problem from AI-generated text detection — it's specifically about fabricated scholarly references, which can cascade through the literature when others cite the citing paper.
- The 53-paper figure likely understates the problem — GPTZero's threshold was 100+ hallucinated citations, so papers with fewer fabricated references weren't flagged.
- NeurIPS 2025 acceptance rate is around 25% — if accepted papers have this issue, rejected papers likely have higher rates.
- The academic community has no established process for systematically checking citations for hallucination at scale, making this a systemic gap.
Evidence
- GPTZero published their methodology and a list of flagged paper IDs, enabling community verification.
- Several researchers independently verified a sample of flagged citations and confirmed the hallucination pattern.
- HN discussion was alarmed: academic citation networks are a foundational trust mechanism, and systematic hallucination corrupts that infrastructure.
- Debate about whether the authors knew (intentional misconduct) or didn't know (accidentally included AI-generated reference lists without checking). Both are problematic for different reasons.
- Conference organizers don't have the capacity to manually verify all citations — this points to a need for automated citation verification at submission time.
How to Apply
- If you're writing academic papers with any AI assistance: run every reference through a citation verifier (Semantic Scholar, CrossRef, Google Scholar) before submission.
- For reviewers: spot-check 5-10 citations in every paper you review — hallucinated references are often in the related work section and may not be obvious.
- Conference organizers: consider adding automated citation verification as part of the submission pipeline — tools like GPTZero and Semantic Scholar can flag suspicious references.
- For research teams: establish a policy that every reference must be independently verified before inclusion, regardless of how the draft was generated.
Code Example
# Example of verifying paper existence using Semantic Scholar API
import requests
def verify_citation(title: str) -> bool:
url = "https://api.semanticscholar.org/graph/v1/paper/search"
resp = requests.get(url, params={"query": title, "limit": 1})
data = resp.json()
return data.get("total", 0) > 0
# Usage
print(verify_citation("Attention Is All You Need")) # True
print(verify_citation("Fake Paper by John Doe 2024")) # FalseTerminology
Related Papers
What happened after 2k people tried to hack my AI assistant
실제로 6,000개 이상의 이메일로 AI 에이전트에 prompt injection 공격을 시도한 공개 실험 결과로, Claude Opus 4.6이 비밀 파일 유출을 한 번도 허용하지 않았지만 실험 설계의 현실성에 대한 논란이 뜨거웠다.
When Does Combining Language Models Help? A Co-Failure Ceiling on Routing, Voting, and Mixture-of-Agents Across 67 Frontier Models
여러 LLM을 조합해도 '모든 모델이 동시에 틀리는 비율(β)'이 성능 상한선이며, 업계가 쓰는 pairwise 상관계수(ρ)는 이 상한선을 예측하지 못한다.
Beyond Function Calling: Benchmarking Tool-Using Agents under Tool-Environment Unreliability
실제 환경처럼 API가 망가지거나 결과가 이상할 때 LLM 에이전트가 얼마나 잘 버티는지 측정하는 벤치마크 ToolBench-X 공개.
Nearly Half of LG Smart TV Apps Contain Residential Proxy SDKs
6,038개의 LG·Samsung 스마트 TV 앱을 스캔했더니 2,058개에서 사용자의 IP를 몰래 팔아 트래픽을 중계하는 Residential Proxy SDK가 발견됐다. TV는 컴퓨터처럼 감시받지 않아서 프록시 호스트로 거의 이상적인 환경이다.
Prompt Injection as Role Confusion
LLM이 시스템 프롬프트, 사용자 입력, 툴 출력을 구분하지 못하는 구조적 결함이 prompt injection의 근본 원인이라는 ICML 2026 논문으로, 현재 LLM 보안 아키텍처의 한계를 명확히 분석한다.
GPT-5.5 hallucinates 3x more than MIT-licensed GLM-5.2
모델 크기가 커질수록 성능이 좋아진다는 통념에 반해, 오픈소스 753B 모델 GLM-5.2가 추정 1~2T 규모의 GPT-5.5보다 환각 비율이 3배 낮다는 벤치마크 결과가 나왔다. 단순히 파라미터 수와 벤치마크 점수만으로 모델을 선택하면 실제 업무에서 낭패를 볼 수 있다는 경고다.