LLMs may be quietly rewriting your documents. That’s a bigger problem than hallucination.

A new research paper making rounds on Hacker News argues something uncomfortable: when people delegate document tasks to LLMs, models often don’t just “analyze” the document. They subtly change it.

Not dramatic nonsense. Not obvious hallucinations. Small edits, omissions, normal-sounding substitutions, and formatting shifts that look harmless but can break meaning. That’s why this is dangerous: the output feels plausible, so teams trust it and move on.

The HN traction (452 points, 176 comments) makes sense. This hits a real enterprise pain point where AI adoption is already happening faster than governance.

What happened, in plain English

The research focuses on a delegation trap: users ask models to “process,” “clean,” “summarize,” or “reformat” important documents, expecting faithful handling. But the model often performs implicit rewriting instead of strict preservation.

In a contract, that might mean softening a clause while paraphrasing. In a policy document, it might drop a qualifier that changes compliance scope. In a financial process, it might normalize terms in a way that breaks downstream mapping rules.

The key claim is that this corruption is systematic, not random. It appears as a pattern in delegated workflows, where the model is rewarded for sounding coherent and helpful, not for cryptographic-grade fidelity to source text.

So the risk is not “AI made up a dragon.” The risk is “AI made a tiny legal or operational mutation no one noticed.”

Why this matters more than normal hallucinations

Hallucinations are easier to catch because they look weird. Silent corruption is harder because it looks professional. The model output reads cleaner than the original, so humans assume quality improved.

That creates false confidence. Once corrupted text is accepted, it gets copied into CRMs, ticketing systems, internal knowledge bases, reports, and contracts. Each step compounds risk.

By the time someone notices an inconsistency, the organization may not even know which version is authoritative anymore. At that point, fixing one sentence can require auditing entire process chains.

This is why “looks fine to me” is not a control framework.

The delegation trap inside enterprises

Enterprises are scaling AI by delegation: intake docs, summarize them, classify them, route them, generate follow-up content, and feed outputs into workflow systems. This works great for speed, until silent corruption enters the pipeline.

Most teams still treat document AI as a productivity layer, not a data-integrity layer. They optimize for faster turnaround and lower manual effort. Verification is often sampled, superficial, or skipped under deadline pressure.

That is exactly the trap. Delegation without verification turns LLM output into an untrusted intermediate that gets treated as trusted ground truth.

In regulated domains, that’s not just a quality issue. It’s a liability issue.

Where the risk is highest

Legal, compliance, finance, healthcare ops, insurance, procurement, and HR are especially exposed because tiny text changes can carry large consequences.

A modified indemnity phrase, a shifted date qualifier, a changed coverage definition, or a lost exception can alter obligations and decisions. In finance, field-level corruption can propagate into reporting logic and controls. In compliance, altered policy language can invalidate audits or trigger enforcement risk.

Even outside regulated sectors, customer support and sales ops can be harmed if AI-mutated notes lead to wrong commitments, wrong escalations, or bad account decisions.

The issue is not whether your team uses smart prompts. The issue is whether your pipeline assumes transformed text is equivalent to source text when it isn’t.

What to do about it right now

First, stop treating LLM output as a canonical record for critical documents. Keep original sources immutable and authoritative.

Second, separate tasks into two classes: transformation-allowed and fidelity-required. If fidelity is required, use workflows that enforce extraction and citation, not paraphrasing.

Third, require provenance at the field level. Every extracted claim should point back to source spans, page numbers, or coordinates. If a value cannot be grounded, it should be flagged as uncertain, not silently filled.

Fourth, introduce deterministic checks before writing to downstream systems: schema validation, constraint rules, numeric consistency checks, and diff gates against source text.

Fifth, add human review where errors are expensive. Humans should verify deltas, not reread everything from scratch. That means UI that highlights model edits and uncertain regions.

Sixth, log model version, prompt template, and transformation settings for every run. If something breaks, you need traceability for forensic analysis and audit response.

Practical guardrail pattern (that actually works)

Use a two-track pipeline: extraction track and generation track.

Extraction track is strict: retrieve only what is in the source, with citations, no stylistic rewriting. Generation track is flexible: summaries, email drafts, and prose can be creative because they are explicitly non-authoritative.

Never mix the two without labels. If a generated summary is fed back into systems as if it were source truth, you have recreated the delegation trap.

This pattern sounds obvious, but many teams still blur these tracks in production.

The business angle: a new category is being created

This research points to a growing market for LLM verification and document integrity tooling. Enterprises now need products that prove output fidelity, not just products that generate text faster.

Expect demand for evidence-linked extraction, policy-aware rewrite detection, semantic diffing, confidence scoring, workflow gating, and immutable audit trails. Vendors that can quantify “corruption risk per document flow” will have a strong wedge.

Boards and risk teams will increasingly ask not “Are we using AI?” but “Can we prove AI didn’t alter critical meaning?” That’s a different procurement question, and it favors integrity infrastructure.

What regular teams should change this quarter

If you run LLM document workflows today, do a quick integrity audit. Identify where model output enters contracts, finance records, compliance docs, customer commitments, or legal communications.

For each path, ask three questions: what is the source of truth, what verification happens before system write, and who signs off when the model is uncertain? If you can’t answer quickly, you have hidden risk.

Then implement minimum controls: immutable source storage, citation-required extraction, automated diff checks, and risk-tiered human review. You don’t need perfect governance tomorrow. You need to stop blind delegation now.

Bottom line

The “LLM document corruption” story matters because it reframes a common enterprise assumption. Delegating document work to AI is not inherently unsafe, but delegating without integrity controls is.

The danger is subtle mutation that looks helpful and passes casual review. That’s how small errors become systemic failures.

The fix is not abandoning LLMs. It’s engineering for trust: preserve originals, enforce provenance, verify transformations, and separate authoritative extraction from narrative generation. Teams that do this will keep AI speed while avoiding the liability bomb now becoming visible.

Now you know more than 99% of people. — Sara Plaintext