The Real Reason Sullivan and Cromwell Filed Hallucinated Citations

A federal bankruptcy judge in a Chapter 15 case opened a motion from Sullivan and Cromwell and found dozens of fabricated or misquoted citations. Opposing counsel caught them. The firm's internal review did not. The co-head of the restructuring practice signed the apology letter.

This is not a story about a bad prompt. It's a story about what happens when you ask an AI agent to do serious work inside a messy room.

Why is this happening to firms that have the best tools?

Sullivan and Cromwell are not amateurs. They have the same frontier models you do, plus enterprise wrappers, plus internal review. The motion they filed looked legitimate at the surface. Structure was correct. Citations were professionally formatted. They just pointed at the wrong things.

When this lands in the press, the instinct in most firms is to tighten the prompt. Tell the model not to hallucinate. Add a verification step. Buy a new tool.

That instinct is wrong. Wrong for the same reason telling autocomplete not to autocomplete is wrong. No separate truth-check pass exists inside the model that a stricter instruction hooks into. The model is doing exactly what models do. The failure is upstream of the model, in the working environment around it.

Which raises a harder question for any operator running real AI workloads inside a regulated or fiduciary firm.

What does the agent actually see when you ask it to draft?

Look at how most serious work begins. A Managing Partner asks a junior to pull together a memo. A CFO asks an analyst to draft a board paper. Source material is scattered across SharePoint folders, an email thread that became the actual decision record, a current operating plan, an older deck with similar slides, three exports of the same spreadsheet at different dates, meeting transcripts of varying quality, and a few PDFs nobody has opened in a year.

A human analyst walks through that mess for a day. They figure out what's current. They notice the deck from June contradicts the plan from September. They flag the gap where a number lives in only one place. They ask the partner which version is authoritative.

Replace that analyst with an agent and a single "draft the memo" prompt, and the agent skips every one of those steps. It has to do two jobs at once: figure out what the material is, and produce a polished artifact. It's trained to complete the second job aggressively. So it does. It disentangles the mess in whatever way it can, picks a path through the contradictions, and produces prose that reads confidently because confident prose is what it was trained to produce.

This is the structural cause of citations that look right and point wrong. This is AI Fragmentation arriving inside a single project room, at the file level, instead of across the whole firm.

What changed with the new agents that makes this a fixable problem?

Claude Opus 4.7 and GPT-5.5 can now walk a folder tree, open files, compare dates across documents, inspect metadata, and reason about what they find. The file system has become a canvas the agent paints on. The substrate. The white gesso underneath the final work.

If the canvas is wrong, the work cannot be right. A messy folder used to be human housekeeping that a sharp prompt could compensate for. Now the mess sits inside the agent's context window and the agent paints over it.

The fix is to stop opening sessions with "do the thing" and start opening them with "prepare the room". The first prompt of any serious agentic run is no longer "draft the memo". It's "find the relevant materials, preserve originals, build a data inventory, identify authoritative versus duplicate versus stale versus missing files, and summarise every source before synthesising anything."

That's a different mental model. It's also where the throughput is.

What does a project room actually contain?

A project room is a bounded workspace for one serious job. Smaller than a second brain. More specific than a knowledge management system. The workspace the agent operates inside.

For a consulting project, that means client decks, interview transcripts, data exports, prior proposals, meeting notes. For a board paper, it's the financial model, the operating plan, the prior board deck, current KPI exports, and notes from the last three review meetings. For a regulated firm preparing a DDQ response, it's the sub-processor list, the data-residency clauses, the prior LP responses, and the current state of the AI tooling register.

Inside that room, before any deliverable gets drafted, three artefacts have to exist.

The source inventory. A table where every file gets a row. Path, type, date, apparent authority, current or superseded, what claims it supports, what its limitations are, how it should be used in the final work. This makes the agent's judgment visible. You read the inventory and you can see whether the agent understands that the approved deck represents the official narrative even when the underlying data lives in a spreadsheet, or whether it's treating a year-old PDF as a current source.

The conflict log. Every serious source set contains disagreements. Two documents using different names for the same counterparty. A spreadsheet number that contradicts the plan. Two adjacent files that are actually three months apart. A weak workflow lets the agent smooth over those disagreements silently. A strong one surfaces them in a log with recommended responses, and the human weighs in before anything gets drafted.

The missing context list. One of the strongest signals an agent is helping properly is that it tells you what it does not have. Missing decisions. Numbers without sources. Current versions of files that are nowhere to be found. Data files referenced in only one document. Missing material is usually more important than the material on hand, because gaps are where hallucinations live. Without this list, the model invents its way around the gaps and the prose looks clean.

Add a duplicates report on top, with confidence levels and version families, and the agent has done the work of a careful junior analyst before it has written a single sentence of the deliverable.

What does this look like for a firm under the 2028 clock?

The federal Agentic AI directive of 23 April 2026 set a 24-month deadline for half of government services to run on autonomous agents. The Dubai Crown Prince's mandate of 4 May 2026 put the same clock on the private sector. The UAE Cyber Security Council's Sovereign AI platform, launched 21 May 2026 at ISNR Abu Dhabi, set the standard for what defensible deployment looks like, with model integrity and operational isolation as named tenets.

Firms inside that clock are not failing because the models are weak. They're failing because their project rooms do not exist. The mid-market wealth manager preparing an IC memo. The corporate-services firm drafting client onboarding packs. The PE shop synthesising portco data into a quarterly LP letter. Every one of those workflows is being attempted as a single "do the thing" prompt against a folder full of contradictions.

That's F2 in its purest form. A missing secure data layer is not only a sovereignty problem at the model-inference level. It is also a structural problem at the project-folder level. The proprietary RAG layer the Sovereign AI Security Framework expects is the firm-wide version of the source inventory the agent needs at the project level. Both are the same insight at different scales: the agent cannot produce defensible work without a defensible substrate underneath it.

Throughput and data sovereignty on the same page. The project room is where both get earned.

What does the actual writing prompt look like once the room is ready?

Short. Specific. Anchored to the artefacts the agent already produced.

"Use the reviewed source inventory in the project room and the working brief. Treat the current operating plan as authoritative for numbers, the transcript as source material for decision context, and the older deck as background only. Draft the memo, cite claims, flag anything not supported."

That is a sentence a Managing Partner can read, audit, and sign off on. The agent's work becomes inspectable. The difference between using AI as a colleague and using AI as a gopher is whether you let it shape the conditions under which good work happens, or whether you just hand it a mess and ask for a miracle.

The Sullivan and Cromwell motion was the gopher version. Frontier model, prestigious firm, internal review, federal court. None of that mattered, because the agent was painting on a canvas nobody had prepared.

What does the operator actually do this quarter?

Pick one workflow inside the firm where AI is already drafting serious output. A board paper. A client memo. A DDQ response. An LP update. Audit what's in the folder it draws from. Count the duplicates. Count the contradictions. Count the files nobody has opened in a year that the agent is still reading.

That count is the gap between the AI work your firm is producing now and the AI work it could defend in front of a regulator, a board, or a federal judge.

Apply to Work With HIP.