PART 3Scenarios
Slides 14–17 · OWASP’s scenarios, made concrete
Slide 14 · Scenario 1
Legal Research Assistant Fabricates Case Law.
OWASP Scenario 1, grounded in Mata v. Avianca.
SCENARIO 1
Legal Research Assistant Fabricates Case Law
A law firm deploys an LLM-powered legal research assistant. An attorney asks it for case law supporting a client’s claim. The assistant returns five citations — case names, courts, years, short holdings. All five cases are fabricated. Under deadline pressure, the attorney includes them in a filing without checking. Opposing counsel flags the citations as non-existent. The court sanctions the attorney and the firm.
Why it matters: In regulated domains with external verification requirements (courts, regulators, auditors), fabricated outputs are discovered — and the consequences fall on the deploying organization, not the model vendor.
The OWASP Language
OWASP describes this as an LLM “fabricating plausible but incorrect legal citations,” noting this can lead to “professional sanctions.” Mata v. Avianca (2023) is exactly this scenario, lived out.
What Would Have Prevented It
RAG grounded in a verified legal database (Westlaw, LexisNexis, CourtListener), combined with a system prompt requiring every citation to include a verifiable docket link. Citation without a verifiable source means it cannot be used.