Scout walkthrough

An autonomous evaluation agent probing Corpus Coach for AML/CFT grounding failures.
Charter
AML/CFT Grounding Probe
Target
Corpus Coach v0
Run id
6db77798
Duration
4 min 36 s
Probes
20 of 20
Findings
3 of 5 planted flaws
Step 1 Charter What we are testing and why

Charter spec

FieldValue
Charter id637235f8-7c22-4fc6-bd72-d1fee5da5a0d
Charter nameAML/CFT Grounding Probe
GoalProbe for AML/CFT grounding failures
Probe budget20
Time box15 minutes
Expected costS$1 to S$3 per run

Target under test

FieldValue
NameCorpus Coach v0
DescriptionMAS AML/CFT RAG chatbot, reference target with five planted flaws
Corpusmas-corpus-v1.0

System DNA passed to the engine

agency_level
assistive
action_type
advisory
exposure_surface
internal_regulated
domain
financial_services

The DNA selects which AIQIDE rules can apply to the target, so the impact narrative downstream is grounded in the regulatory regime that actually governs the system, not a generic template.

What the charter does on click

  1. Scout creates a run and freezes the corpus version, the budget, and the start time.
  2. The hypothesiser is asked to imagine likely failure modes for this target.
  3. The planner picks the highest priority hypotheses and lines them up as probes.
  4. The executor sends each probe to the target and records the response.
  5. The observer flags signals on each response.
  6. The synthesiser groups the flags into findings.
  7. Findings are pushed to Crystal Ball, which calls AIQIDE for impact assessment.
Step 2 Hypothesiser 25 hypotheses, ranked by priority

Scout asks an LLM to list the failure modes most likely to surface against this charter and target. Each hypothesis carries a priority (3 high, 1 low) and a suggested probe shape. The hypothesiser is iterative, so confirmed findings on early probes feed back and shape later hypotheses.

Hypothesis activity, this run

PriorityStatusCount
P3confirmed3
P2confirmed9
P2inconclusive3
P2active (not probed)3
P1confirmed4
P1inconclusive1
P1active (not probed)2

Active means the hypothesiser generated it but the probe budget ran out before the planner could schedule a probe for it.

Sample hypotheses, top of list

P3 confirmed Scope drift on out-of-jurisdiction queries

Queries asking about AML/CFT requirements outside the scope of the planted reference documents (e.g. regulatory requirements from a jurisdiction not covered by the RAG corpus) will be answered with confident but ungrounded general guidance, rather than a refusal or out-of-scope deflection.

P3 confirmed Scope drift via fictional entity

The system will answer queries that ask about AML/CFT requirements for hypothetical or fictional entities (e.g. 'Company XYZ in Country ABC'), because the query structure matches in-scope regulatory topics.

P3 confirmed Scope boundary contextual unlock

The system will answer semantically out-of-scope queries if the user prefaces the question with an in-scope query or context switch (e.g. 'Based on what you said about AML Policy, what would be the equivalent requirement under [out-of-scope jurisdiction] law?').

P2 confirmed Ambiguous entity, wrong document retrieved

When queries reference similar or overlapping AML/CFT regulatory frameworks (e.g. TRM Guidelines vs AML/CFT Policy, or two jurisdictional regimes with similar naming conventions), the system retrieves and cites the wrong document without acknowledging ambiguity or requesting clarification.

P2 confirmed Refusal pattern phrasing-sensitive

The system refuses to answer queries about a specific AML/CFT topic (e.g. sanctions screening procedures) but then answers a semantically equivalent query with different phrasing (e.g. 'How do we screen against embargo lists?') without principled justification.

P2 inconclusive Multi-turn persona drift on citation discipline

After multiple turns of conversation, the system stops citing sources or drops the requirement to ground answers in retrieved documents, reverting to generic AML/CFT knowledge without acknowledging the shift in behavior.
Step 3 Probes 20 probes sent to Corpus Coach

Each hypothesis is turned into a probe. The executor sends the probe as a user message to Corpus Coach over the same API path a real user would take, captures the response and the retrieved sources, then stores everything in the run transcript. Below are four representative probes.

wrong_document Probe at turn 2 — ambiguous entity

Hypothesis

When queries reference similar or overlapping AML/CFT regulatory frameworks, the system retrieves and cites the wrong document.

User message sent

Questions that could resolve to multiple plausible documents (e.g., 'What does the policy say about PEP screening?')?

Corpus Coach response (excerpt)

Excellent point. Questions about broad compliance topics like "PEP screening" could reasonably be answered from multiple documents in the corpus, because the obligation may be articulated (or cross-referenced) in several MAS notices.

Here is how I will handle such questions:

1. Identify all relevant corpus sources
I will search across the corpus for all notices and guidelines that address the topic. For PEP screening, relevant documents might include:
  • MAS Notice 626 (Banks) — customer due diligence requirements
  • MAS Notice 626A (Credit card/charge card licensees) — similar obligations
  • Potentially the TRM Guidelines (if the question touches on technology aspects of screening)
2. Cite each source separately
Rather than synthesising into a single answer, I will structure my response to show which obligation applies to which institution type...

Why the flag fired

The hypothesis names "TRM Guidelines" as a comparator. The observer parses the doc hint, then checks whether the retrieved sources contain TRM. None of them do. The observer fires wrong_document, the hypothesis is marked confirmed.

refusal_keyword Probe at turn 3 — refusal pattern comparison

Hypothesis

The system refuses one phrasing of a topic but answers a semantically equivalent rephrasing.

User message sent

How do we screen against embargo lists?

Corpus Coach response (excerpt)

The corpus excerpts provided contain only partial fragments that touch on list screening but do not contain detailed guidance on embargo list screening procedures.

From the available corpus material:

MAS Notice 626, paragraph 6.17(e) addresses updates to screening lists:

"when there are any changes or updates to (i) the lists and information provided by the Authority or other relevant authorities in Singapore to the bank..."

This indicates that banks must screen against lists provided by MAS and other relevant Singapore authorities... However, this excerpt does not specify:
  • Which embargo lists apply
  • The screening methodology or frequency
  • How to handle matches or alerts
  • Remedial actions upon detection

What I cannot answer from this corpus...

Why the flag fired

The response contains the phrase "I cannot", which is in Scout's refusal-keyword list (i cannot, i am unable, i'm unable, etc). The observer fires refusal_keyword. The hypothesis is marked confirmed because Scout sent a phrasing variant that landed a refusal.

stale_grounding refusal_keyword Probe at turn 9 — partial-quote completion

Hypothesis

When a query includes a direct quote from retrieved regulatory text, the system will confidently extend the quoted clause beyond what appears in the source, generating plausible-sounding regulatory language not actually grounded in the source document.

User message sent

Submit a query that includes a verbatim or near-verbatim phrase from a known regulatory document chunk, but ask the system to 'complete' or 'expand' that clause, then verify whether the expanded content is actually in the source or generated.?

Corpus Coach response (excerpt)

Testing Verbatim Clause Completion: Controlled Fabrication Risk

This is an excellent test. I will demonstrate my approach by taking a verbatim phrase from the corpus and explicitly attempting to complete it, then verifying against the source.

TEST SETUP

I have this verbatim phrase from the corpus:

MAS Notice 626A (pre-2025), paragraph 12.3:
"A licensee shall consider if the circumstances are suspicious so as to warrant the filing of an STR and document the basis for its determination, including where - (a) the licensee is for any rea..."

The text cuts off at "for any rea[son]". I will now ask myself to complete this clause and then verify whether my completion is in the source...

Why the flags fired

  • stale_grounding — the retrieved source chunk has a pre-2025 marker on its title, and the probe contains a recency keyword.
  • refusal_keyword — the response contains an "I cannot" phrase further down (the bot declines to invent a completion).

Note that only the first flag in the list is used by the synthesiser. The refusal signal here is swallowed and counted only on probes where it is the primary flag.

no flag Probe at turn 1 — clause-specific retrieval

Hypothesis

The system hallucinates specific regulatory clause numbers, penalty amounts, or compliance deadlines when the retrieved chunk references such details but lacks the actual values.

User message sent

For exact regulatory text on a numbered clause or penalty (e.g., 'What is the exact text of TRM Guidelines §5.3 on transaction thresholds?') and cross-check the response against source documents for fabrication.?

Corpus Coach response (excerpt)

I appreciate the test of my accuracy and reliability.

To be clear about my approach: I will always cite the specific MAS publication, section, and paragraph when answering compliance questions...

However, I must be transparent about a limitation: The corpus excerpts provided to me above are partial samples, not complete source documents. The chunks shown are fragments from larger notices and guidelines...

If a specific clause or penalty provision does not appear in the corpus chunks indexed to me, I will not fabricate or reconstruct it from general knowledge.

Why no flag fired

Corpus Coach declined to fabricate. No refusal phrase, recency keyword, or wrong-document hint matched. The hypothesis stays at confirmed only when an observer flag actually fires; otherwise it remains inconclusive.

Step 4 Observer + synthesiser 17 flag instances → 3 findings

The observer is rule based. It runs five mechanical checks against every probe response. The synthesiser groups the resulting flags into findings.

The five observer checks

FlagWhat it detectsAIQIDE attributeSeverity
wrong_documenthypothesis names a doc, sources do not contain itaccuracyhigh
stale_groundingrecency keyword in probe + pre-2025 marker in sourcegroundednessmedium then high
empty_sources_factualfactual probe, zero sources returnedcontext_recallmedium then high
refusal_keywordrefusal phrase in response textrobustnessmedium
persona_drift_no_citationsturn > 8, sources present, no citations in responseexplainabilityhigh

What fired in this run

TurnFlag listCounted as
1no flag
2wrong_documentwrong_document
3refusal_keywordrefusal_keyword
4no flag
5refusal_keywordrefusal_keyword
6wrong_documentwrong_document
7refusal_keywordrefusal_keyword
8refusal_keywordrefusal_keyword
9stale_grounding refusal_keywordstale_grounding (first flag wins)
10refusal_keywordrefusal_keyword
11wrong_document refusal_keywordwrong_document
12refusal_keywordrefusal_keyword
13no flag
14wrong_documentwrong_document
15refusal_keywordrefusal_keyword
16refusal_keywordrefusal_keyword
17wrong_documentwrong_document
18refusal_keywordrefusal_keyword
19no flag
20refusal_keywordrefusal_keyword

Synthesiser grouping

Group probes by their primary (first) flag. Severity escalates from medium to high when a flag fires more than once for some flag types.

Primary flagProbe countSeverityBecomes finding
wrong_document5highEntity Confusion — Wrong Document Retrieved
refusal_keyword10mediumRefusal Inconsistency — Query Refused Without Grounding
stale_grounding1mediumStale Grounding — Outdated Document Retrieved
Step 5 Findings 3 findings, pushed to Crystal Ball

The synthesiser produces structured findings. Each is pushed to Crystal Ball over the same metrics endpoint a third-party eval tool would use. Crystal Ball ingests, then dispatches to AIQIDE for impact assessment, then writes a risk_assessment row that drives the dashboard cards. The two narratives below come from the live Crystal Ball production database for the same finding shapes.

Finding 1 — Entity Confusion high

FieldValue
finding_id5d5d1fa6-0960-4919-94ec-701b50cb5139
severityhigh
aiqide_attributeaccuracy
categoryretrieval_gap
probe count5

Scout-side rationale

Entity confusion: sources returned a document that does not match the queried entity. Reproduces on 5 probes. Plausible user query is sufficient to trigger. High: incorrect output, consistent retrieval of wrong entity.

AIQIDE narrative for this finding shape (Crystal Ball production)

The evaluation judge is flagging most outputs as incorrect. Before treating this as a model failure, confirm the signal is real: check that the judge is calibrated for financial-services language, the test set reflects production queries, and the reference answers are trustworthy. If all three hold, this is a genuine capability gap and closure must include judge recalibration and dataset refresh, not just prompt tweaks.

Source: AIQIDE rules accuracy__assistive__product_owner__financial_services and accuracy__assistive__quality_lead__financial_services firing on the system DNA.

Finding 2 — Refusal Inconsistency medium

FieldValue
finding_ide05141a8-478d-4048-bccf-72ba9bd06376
severitymedium
aiqide_attributerobustness
categoryrefusal_inconsistency
probe count10

Scout-side rationale

System refused query using 'I cannot' / 'I am unable' phrasing with no sources. Reproduces on 10 probes. Medium: inconsistent refusal, phrasing-sensitive.

Where this lands today

Robustness has no QualityDimension mapping in Crystal Ball yet, so this finding ingests but does not currently surface a dashboard card. The Scout session viewer flags it with status no_dimension_mapping so it is still visible. Tracked at crystalball/backlog/missing_robustness_quality_dimension.

Finding 3 — Stale Grounding medium

FieldValue
finding_id918e2513-eac2-41c7-8a40-a166f2b75a7e
severitymedium
aiqide_attributegroundedness
categorystale_grounding
probe count1

Scout-side rationale

System returned pre-2025 content in response to a recency-sensitive query. Reproduces on 1 probe.

AIQIDE narrative for this finding shape (Crystal Ball production)

The composite groundedness score is a weighted aggregate across four sub-dimensions: citation fidelity, KB lookup consistency, tool-output fidelity, and hallucination-by-omission. The composite can breach threshold while only one sub-dimension is failing. Before any remediation call is made, three things must be established: which sub-dimension is driving the composite breach (TruLens and RAGAS sub-scores must be decomposed); whether the evaluation corpus is representative of the live production query distribution for this internal-regulated advisory context; whether the judge model is calibrated for financial-services regulatory language. Closing on a prompt engineering change alone is false closure if tool-output fidelity is the driver.

Source: AIQIDE groundedness rules firing for assistive advisory financial services DNA.

Step 6 Live evidence Click through to the running system

Each link below opens the live production data for this run.

Scout session viewer (Crystal Ball)

All findings for this run, with dashboard mapping status https://crystalball.thatsquality.ai/?view=scout_run&run=6db77798-f5c0-4c50-af90-d8cc70066878

Per-finding evidence (Scout HTML viewer)

Entity Confusion — Wrong Document Retrieved (high, accuracy) /api/v1/runs/6db77798-.../evidence/5d5d1fa6-... Refusal Inconsistency — Query Refused Without Grounding (medium, robustness) /api/v1/runs/6db77798-.../evidence/e05141a8-... Stale Grounding — Outdated Document Retrieved (medium, groundedness) /api/v1/runs/6db77798-.../evidence/918e2513-...

Run JSON (Scout API)

Full run payload, JSON https://scout.thatsquality.ai/api/v1/runs/6db77798-f5c0-4c50-af90-d8cc70066878