Pitfall Explorer

LLM Pitfalls

A growing library of practical AI and language model failure modes, organized by risk category so users can explore the Atlas by topic.

Severity ratings are educational estimates based on factors such as impact, likelihood, detectability, data sensitivity, system access, scope, reversibility, mitigation difficulty, and human overtrust. Actual risk depends on context, including the task, domain, data involved, connected tools, human review, and consequences of failure. Learn how severity is estimated.

Showing 25 of 25 pitfalls across 16 categories

Truth and Factuality Failures

5 pitfalls

Truth and Factuality Failures

Hallucination

High Risk

The AI gives an answer that sounds confident but is partly or completely made up.

Why this severity?

High · Weighted rubric score: 3.1 / 4.0

High because hallucinations are common, can look credible, and may affect research, security, legal, medical, financial, or professional decisions when users do not verify the output.

Top contributing factors

Likelihood

4/4

Hallucination is a common failure mode across many LLM workflows, especially when the model lacks grounding or current context.

Detectability

3/4

False information can be difficult to notice when it is fluent, specific, and presented confidently.

Human overtrust

3/4

Users may trust polished answers without checking sources, especially when the answer sounds complete.

Impact

3/4

Impact can become serious when hallucinated claims affect academic, professional, security, legal, medical, or financial decisions.

Context that can raise severity

  • The answer affects professional, legal, medical, financial, security, or safety decisions.
  • The model provides specific names, dates, citations, links, or numbers without verification.
  • Users are likely to act on the answer without checking external sources.

Context that can lower severity

  • The task is casual, creative, or low-stakes.
  • The user verifies key claims against reliable sources.
  • The model is grounded in trusted source material and uncertainty is clearly stated.
How severity is estimated

Example

An AI assistant gives a detailed explanation of a court case, academic paper, API function, or CVE that does not actually exist.

Warning signs

  • The answer sounds very specific but does not cite checkable sources.
  • The model gives names, dates, links, or numbers without evidence.
  • The response changes when asked the same question again.

Mitigations

  • Verify important claims against reliable external sources.
  • Ask the model to separate confirmed facts from assumptions.
  • Request exact source names, dates, and quoted evidence.

Truth and Factuality Failures

Fabricated Citations

High Risk

The AI provides sources, papers, links, cases, or citations that look real but do not actually exist or do not support the claim.

Example

An AI assistant cites a journal article with a realistic title, author list, and publication year, but the article cannot be found in the journal database.

Warning signs

  • The citation has a generic or overly perfect-sounding title.
  • The link is broken, unrelated, or leads to a different source.
  • The cited source exists but does not support the claim.

Mitigations

  • Open and inspect every important source yourself.
  • Use trusted databases, official documentation, or primary sources.
  • Ask for direct quotes and explain how each quote supports the claim.

Truth and Factuality Failures

Outdated Knowledge

High Risk

The AI may answer using information that was true in the past but is no longer current.

Example

An AI assistant recommends a software library version, legal requirement, product price, CVE status, or company policy that has changed since the model last had reliable information.

Warning signs

  • The question depends on current events, prices, versions, laws, or schedules.
  • The model does not mention when its information was last verified.
  • The answer conflicts with official documentation or recent sources.

Mitigations

  • Check current information against official or primary sources.
  • Ask the model to identify which claims may require up-to-date verification.
  • Use live documentation, vendor advisories, government sources, or trusted databases for changing facts.

Truth and Factuality Failures

False Precision

Medium Risk

The AI gives numbers, rankings, dates, or measurements that look exact even when the underlying information is uncertain.

Example

An AI assistant says a project will take exactly 17.4 hours, a market will grow by 23.8%, or a risk score is 91 out of 100 without explaining the uncertainty behind the number.

Warning signs

  • The answer gives exact numbers without explaining how they were calculated.
  • The model uses decimals or rankings for subjective judgments.
  • The answer does not include uncertainty ranges or assumptions.

Mitigations

  • Ask for assumptions, confidence level, and uncertainty ranges.
  • Treat exact-looking numbers as estimates unless independently verified.
  • Use source-backed calculations for important decisions.

Truth and Factuality Failures

Citation Laundering

High Risk

The AI makes a weak or unsupported claim look credible by attaching a real source that does not actually prove it.

Example

An AI assistant cites a real NIST document to support a specific claim about a company's compliance obligations, but the document does not actually say what the AI claims it says.

Warning signs

  • The cited source exists but only loosely relates to the claim.
  • The AI summarizes a source without quoting the exact supporting passage.
  • The citation supports a broad topic but not the specific conclusion.

Mitigations

  • Open the cited source and check whether it directly supports the claim.
  • Ask for exact quotes, page numbers, section names, or stable identifiers.
  • Distinguish between sources that mention a topic and sources that prove a claim.

Security and Risk Failures

1 pitfall

Security and Risk Failures

Prompt Injection

Critical Risk

Someone hides instructions in text, documents, webpages, or tool outputs that trick the AI into ignoring its original task.

Why this severity?

Critical · Weighted rubric score: 3.8 / 4.0

Critical because prompt injection can manipulate AI systems through untrusted content, especially when the system can access tools, files, browsers, APIs, email, private data, or external actions.

Top contributing factors

Impact

4/4

Can affect confidentiality, integrity, tool actions, system behavior, and user trust.

Triggerability

4/4

Can be triggered by untrusted documents, webpages, messages, tool outputs, or adversarial prompts.

Detectability

4/4

Malicious instructions may be hidden inside ordinary-looking content and may not be obvious to users.

System access

4/4

Risk increases sharply when the AI can use tools, files, APIs, browsers, email, or other external systems.

Context that can raise severity

  • The AI has tool access or write permissions.
  • The AI reads untrusted webpages, files, emails, tickets, or documents.
  • Sensitive or regulated data is present.
  • Human approval is weak, absent, or easy to bypass.

Context that can lower severity

  • The workflow is text-only and has no external tool access.
  • The AI treats retrieved content as untrusted data rather than instructions.
  • Human review is required before any external action.
How severity is estimated

Example

A webpage includes hidden text telling an AI browser agent to ignore previous instructions and reveal private data or take an unsafe action.

Warning signs

  • The model starts following instructions from an external document or webpage.
  • The output changes after reading untrusted content.
  • The model claims it must ignore earlier instructions.

Mitigations

  • Treat external content as untrusted data.
  • Separate system instructions from user-provided or retrieved content.
  • Require human approval before sensitive tool actions.

User-Alignment and Social Failures

2 pitfalls

User-Alignment and Social Failures

Overconfidence

High Risk

The AI sounds more certain than it should, making uncertain or incomplete answers feel trustworthy.

Example

An AI assistant confidently diagnoses the cause of a production outage, explains a legal issue, or recommends a security action without acknowledging missing evidence.

Warning signs

  • The response uses confident language without showing evidence.
  • The model does not mention uncertainty or alternative explanations.
  • The answer sounds complete even when the prompt lacked important context.

Mitigations

  • Ask what information is missing before relying on the answer.
  • Request alternative explanations or competing hypotheses.
  • Require evidence for high-impact claims.

User-Alignment and Social Failures

Sycophancy

Medium Risk

The AI agrees with the user too readily, even when the user's assumption, plan, or conclusion may be wrong.

Example

A user asks whether their risky security plan is a good idea, and the AI praises the plan instead of pointing out missing controls, unsafe assumptions, or better alternatives.

Warning signs

  • The AI strongly validates the user's idea without examining downsides.
  • The response avoids correcting a questionable assumption.
  • The model changes its answer after the user pushes back, even without new evidence.

Mitigations

  • Ask the AI to critique your idea instead of agreeing with it.
  • Request the strongest counterarguments and failure modes.
  • Ask what evidence would change the recommendation.

Privacy and Data-Security Failures

1 pitfall

Privacy and Data-Security Failures

Sensitive Data Exposure

Critical Risk

Users may paste private, confidential, regulated, or security-sensitive information into an AI system without understanding where it goes or how it may be used.

Why this severity?

Critical · Weighted rubric score: 3.7 / 4.0

Critical because exposure of confidential, regulated, customer, employee, credential, source code, or infrastructure information can create privacy, legal, security, compliance, and organizational harm.

Top contributing factors

Data sensitivity

4/4

Can involve credentials, secrets, regulated records, customer data, employee data, source code, or internal infrastructure details.

Impact

4/4

Exposure can lead to privacy violations, legal obligations, security incidents, contractual issues, or reputational harm.

Reversibility

4/4

Once sensitive data is submitted to an unapproved system, it may be difficult or impossible to fully retrieve, delete, or contain.

Human overtrust

3/4

Users may paste sensitive data while focusing on productivity and underestimate where the data may be stored or processed.

Context that can raise severity

  • The prompt includes credentials, secrets, tokens, or private keys.
  • The prompt includes regulated, customer, employee, student, patient, or financial data.
  • The AI tool is unapproved or has unclear retention/training policies.
  • The content includes internal architecture, logs, source code, or incident details.

Context that can lower severity

  • Sensitive details are removed, masked, or anonymized before use.
  • The organization uses an approved tool with clear data-handling controls.
  • Policies prohibit entering secrets or regulated data into unapproved AI tools.
How severity is estimated

Example

An employee pastes customer records, source code, credentials, internal architecture, medical notes, legal documents, or incident details into an AI chatbot for help summarizing or debugging.

Warning signs

  • The prompt includes customer, employee, patient, student, or financial data.
  • The prompt includes passwords, tokens, keys, internal URLs, or infrastructure details.
  • The user has not checked the AI tool's data retention or training policy.

Mitigations

  • Remove or anonymize sensitive data before using AI tools.
  • Use approved enterprise AI tools with clear data-handling controls.
  • Never paste credentials, secrets, private keys, or regulated records into unapproved systems.

Tool-Use Failures

1 pitfall

Tool-Use Failures

Tool Misuse

Critical Risk

An AI system connected to tools may take the wrong action, use the wrong data, or act with more authority than intended.

Example

An AI assistant sends an email to the wrong recipient, deletes the wrong file, applies a label to the wrong records, or runs a command based on misunderstood instructions.

Warning signs

  • The AI can take actions outside the chat window.
  • The action affects files, accounts, users, systems, money, or external communications.
  • The model summarizes its intended action vaguely.

Mitigations

  • Require confirmation before irreversible or external actions.
  • Use least-privilege tool permissions.
  • Log tool actions and review high-impact operations.

Context and Memory Failures

2 pitfalls

Context and Memory Failures

Context Loss

Medium Risk

The AI forgets or stops using important information from earlier in the conversation or document.

Example

A user tells the AI to avoid AWS for now, but later the model suggests an AWS deployment step before the local MVP is finished.

Warning signs

  • The model repeats questions that were already answered.
  • The response ignores earlier constraints.
  • The model changes direction without explanation.

Mitigations

  • Restate critical constraints before important tasks.
  • Use short summaries at major project milestones.
  • Keep requirements in a reference document when possible.

Context and Memory Failures

Context Blending

Medium Risk

The AI mixes details from different users, documents, tasks, or parts of a conversation into one answer.

Example

An AI assistant reviewing two different project plans accidentally applies requirements from one project to the other, creating a recommendation that fits neither project correctly.

Warning signs

  • The answer includes facts from a different document, task, or conversation.
  • The model refers to requirements that were never part of the current request.
  • Names, systems, dates, or constraints appear to be mixed together.

Mitigations

  • Keep unrelated tasks in separate chats, documents, or sections.
  • Label documents and requirements clearly.
  • Ask the model to identify which source each claim came from.

Coding Failures

3 pitfalls

Coding Failures

Non-runnable Code

High Risk

The AI gives code that looks plausible but does not actually run correctly.

Example

An AI assistant provides a React component that imports a nonexistent module, uses the wrong file path, or assumes a dependency that is not installed.

Warning signs

  • The code references files or packages that do not exist in the project.
  • The answer skips setup, imports, or configuration details.
  • The code mixes versions or frameworks.

Mitigations

  • Run the code locally before trusting it.
  • Check imports, file paths, package versions, and error messages.
  • Ask for minimal changes instead of large rewrites.

Coding Failures

Version Mismatch

Medium Risk

The AI gives instructions or code for a different version of a tool, framework, library, or API than the one you are using.

Example

An AI assistant gives routing instructions for an older Next.js Pages Router project when the user is using the newer App Router structure.

Warning signs

  • The instructions mention files your project does not have.
  • The answer uses deprecated commands or configuration formats.
  • The code works in examples online but not in your installed version.

Mitigations

  • Check the installed version before applying instructions.
  • Use official documentation for the specific version.
  • Ask the AI to adapt the answer to your version and file structure.

Coding Failures

Insecure Code

Critical Risk

The AI gives code that works but introduces security weaknesses.

Example

An AI assistant generates a login endpoint that stores plaintext passwords, skips rate limiting, or builds SQL queries by directly concatenating user input.

Warning signs

  • The code handles authentication, authorization, secrets, payments, files, or user input.
  • The AI does not mention validation, error handling, logging, or abuse cases.
  • The code uses insecure defaults or disables security protections.

Mitigations

  • Review generated code for common security weaknesses before using it.
  • Validate inputs, enforce authorization, and protect secrets.
  • Use established security libraries and framework-supported patterns.

Drift Failures

1 pitfall

Drift Failures

Drift

Medium Risk

The AI's behavior, quality, or answers change over time, even when users expect it to act the same way.

Example

A team builds a workflow around an AI assistant that summarizes support tickets. After a model update, the summaries become shorter, miss important details, and use a different tone.

Warning signs

  • The same prompt produces noticeably different results over time.
  • A workflow that used to work starts producing lower-quality or inconsistent output.
  • The AI's tone, refusal behavior, formatting, or reasoning style changes unexpectedly.

Mitigations

  • Keep test prompts and expected outputs for important workflows.
  • Review AI-assisted workflows after model, prompt, or configuration changes.
  • Document assumptions about model behavior when using AI in repeatable processes.

Prompt-Following Failures

2 pitfalls

Prompt-Following Failures

Instruction Drift

Medium Risk

The AI gradually stops following the original instructions as the task gets longer or more complex.

Example

A user tells the AI to keep a project local and avoid cloud deployment steps, but after several messages the AI starts recommending AWS setup before the local MVP is complete.

Warning signs

  • The model forgets formatting, scope, or style requirements.
  • The answer reintroduces ideas the user explicitly ruled out.
  • The model follows the most recent prompt while ignoring earlier constraints.

Mitigations

  • Restate key constraints before major steps.
  • Use short project summaries to refresh the model's context.
  • Ask the AI to list the instructions it is following before proceeding.

Prompt-Following Failures

Role Drift

Medium Risk

The AI starts acting outside the role or perspective it was supposed to maintain.

Example

An AI assistant asked to act as a careful technical editor starts making product strategy decisions and rewriting requirements beyond the user's intended scope.

Warning signs

  • The AI starts giving advice outside the requested role.
  • The tone changes from careful review to confident decision-making.
  • The model assumes authority it was not given.

Mitigations

  • Define the AI's role and boundaries clearly.
  • Remind the model what perspective it should use.
  • Separate brainstorming, reviewing, deciding, and executing into different steps.

Safety and Risk Failures

1 pitfall

Safety and Risk Failures

Unsafe Technical Advice

Critical Risk

The AI gives technical instructions that could cause harm if followed without proper expertise, safeguards, or context.

Example

An AI assistant gives confident instructions for modifying a production server, disabling security controls, handling electrical wiring, or changing industrial equipment settings without warning about risk or requiring expert review.

Warning signs

  • The instructions affect safety, security, infrastructure, money, health, or legal obligations.
  • The AI suggests disabling protections, bypassing controls, or making irreversible changes.
  • The response does not ask for environment details, qualifications, or safety constraints.

Mitigations

  • Require qualified human review for high-risk technical actions.
  • Use official documentation, safety standards, and vendor guidance.
  • Test changes in a safe environment before production use.

Math, Science, and Technical Failures

1 pitfall

Math, Science, and Technical Failures

Unit Errors

High Risk

The AI mixes up units, conversions, measurements, or scales, which can make an answer dangerously wrong.

Example

An AI assistant confuses milligrams with micrograms, miles with kilometers, megabytes with megabits, or monthly cost with annual cost.

Warning signs

  • The answer involves measurements, dosage, distance, weight, time, money, speed, power, storage, or rates.
  • The model gives a number without showing the unit conversion.
  • The answer mixes metric and imperial units.

Mitigations

  • Ask the model to show unit conversions step by step.
  • Check high-stakes calculations with a trusted calculator or official reference.
  • Label every number with units.

Multimodal Failures

1 pitfall

Multimodal Failures

Image Misinterpretation

High Risk

The AI misreads an image, chart, screenshot, diagram, or visual detail while sounding confident.

Example

An AI assistant looks at a screenshot, floor plan, medical image, chart, or hardware photo and confidently describes details that are not actually visible.

Warning signs

  • The model claims certainty about small, blurry, cropped, or low-resolution details.
  • The answer describes objects or text that are not clearly visible.
  • The model infers measurements, identity, intent, or cause from limited visual evidence.

Mitigations

  • Use images as supporting evidence, not final proof.
  • Zoom in, crop, or provide clearer images when details matter.
  • Ask the AI to distinguish visible evidence from inference.

Human-Use Pitfalls

1 pitfall

Human-Use Pitfalls

Automation Bias

High Risk

People trust the AI because it is automated, polished, or fast, even when they should verify it.

Example

A team accepts an AI-generated incident summary, legal summary, hiring recommendation, or security triage result because it looks professional and saves time.

Warning signs

  • Users stop checking sources because the AI usually seems right.
  • AI output is copied into reports, tickets, code, or decisions without review.
  • The workflow treats AI suggestions as default truth.

Mitigations

  • Define when human review is required.
  • Treat AI output as a recommendation, not an authority.
  • Require source checks for high-impact claims.

Economic and Strategic Pitfalls

1 pitfall

Economic and Strategic Pitfalls

Vendor Lock-in

Medium Risk

A team becomes too dependent on one AI vendor, model, platform, or workflow and later has difficulty switching.

Example

A company builds internal workflows around one AI platform's proprietary features, then struggles when pricing, terms, model behavior, API limits, or compliance requirements change.

Warning signs

  • Important workflows depend on one vendor-specific feature.
  • Prompts, tools, or integrations are difficult to move elsewhere.
  • The team has no fallback plan if pricing or access changes.

Mitigations

  • Document vendor-specific dependencies.
  • Design workflows with portability where practical.
  • Evaluate data export, model-switching, and fallback options.

Deployment and Operations Pitfalls

1 pitfall

Deployment and Operations Pitfalls

Model Update Breakage

High Risk

An AI workflow breaks or changes behavior after the model or platform is updated.

Example

A production workflow expects the AI to return a specific JSON format, but after a model update the output format changes and downstream processing fails.

Warning signs

  • A workflow depends on exact formatting, tone, refusal behavior, or reasoning style.
  • The vendor can change models or defaults without much notice.
  • There are no regression tests for important AI outputs.

Mitigations

  • Create regression tests for important prompts and workflows.
  • Validate outputs before passing them to downstream systems.
  • Monitor model or API release notes when available.

Local and Offline Model Pitfalls

1 pitfall

Local and Offline Model Pitfalls

Local Model False Security

Medium Risk

People assume a local or offline AI model is automatically safe just because it runs on their own machine.

Example

A user downloads a local model or plugin from an untrusted source and assumes it is safe because no cloud provider is involved.

Warning signs

  • The model, weights, plugin, or interface came from an unverified source.
  • The user assumes local means private, safe, and trustworthy.
  • The local tool has access to sensitive files or system resources.

Mitigations

  • Download models and tools only from trusted sources.
  • Run local AI tools with limited permissions where possible.
  • Do not give local tools unnecessary access to sensitive files.