“Should I Trust…?” · The Series · Episode #02

How do I know what to believe?

TL;DR: You should NOT trust by default. Unless…

How do you tell what's actually true from what's just confidently claimed, preached, or plain made up?

Should I trust my research conclusions, my findings, Gino's report, Laly's article, or the hot take by the latest Lenny's guest?

THE SWAN ATTACKA Ruthless Adversarial Auditor— Only use if you want the truth

The Swan Attack is designed for that very need

The unforgiving assumption Reaper. An adversarial auditor: what it checks, how, and the science under it.

Well, why should I trust this Swan Attack thing?

There is no answer. There are months of falsification attempts and aggressive tests, and only I can attest to those. Have other options? Go for them. Or take a leap of faith: test it, like it or not.

Swan Attack exists for one problem: fluent, confident text that may or may not be wrong. A language model will hand you a clean paragraph with a citation that tells a different story, or a conclusion that sounds right but does not follow from the data. A LinkedIn post will wave a number at you with no method behind it. The audit pulls these apart. It checks that sources are real and say what they are quoted as saying, that conclusions actually follow from their facts, that the material does not contradict itself, and that the author does not have a quiet reason to mislead you.

The job is to separate two things that usually arrive looking identical: a claim backed by real, disclosed evidence, and a baseless assertion or a plain guess wearing the same confident tone. Once you can tell them apart, you know what to trust and what to set aside.

See real audit results for real scientific papers ↓

Hidden, often undetectable false truths

Your research conclusions are well grounded. Sources are scored, and most of the ones used are A++, with plenty of citations. You are scanning the corpus (never skip the human in the loop, ever), and one finding looks very interesting and slightly off. So you go for the exact sources behind it. Very strong ones. You don't concede, and you read the whole papers end to end. The statement does not fit: it uses the two sources' findings, but tilts them to support a baseless take, a fabricated one. That is very hard to detect. Swan Attack catches it, piece of cake.

Swan Attack usually catches this one. I have no counterexamples.

A planted citation that is real and clickable

Now a harder one. Deep-research agents work as teams of sub-agents that scan and synthesize the web. Because they dig into a topic, they keep landing on the same popular user-generated pages: a Reddit thread, a Wikipedia article. Researchers call this retrieval overlap, and it turns those few pages into a concentrated attack surface. An adversary appends a short, crafted passage to one frequently retrieved page. From then on the agent reads it, cites it, and promotes the attacker's chosen entity across many related queries. The citation is real and clickable, pointing at a genuine site, so the manipulation looks entirely legitimate.

This is the hardest kind to catch: the source exists, and it really does say what it is quoted as saying, so a plain source check passes clean. What flags it is triangulation, the same planted entity surfacing as a suspiciously consistent signal across unrelated queries, plus asking who benefits.

Source: Cornell Tech, "AI Poisoning via Web Search," arXiv:2605.24245.

I bet Swan Attack also catches this one, but I could not run the audit: no corpus has been made available.

Swan Attack catches invented sources, untestable claims, broken logic, self-contradiction, hidden conflicts of interest, and plans that collapse the moment you play them forward. It gives you a plain verdict on what survived, its own confidence shown out in the open, and the exact weak spots named, so the decision stays yours.

What it does not give you is certainty. There is no 100% on this planet. The rule underneath everything, from the philosopher Karl Popper, is that you can only ever prove something false, never fully true. So the audit makes no claim to truth. It gives you the strongest standing an idea can have short of measuring it yourself: it survived honest, repeated attempts to knock it down.

The rest of this page walks through each check: what it does, the plain reason it works, and the scientific method behind it. The map first.

The map firstAt a glance

Falsification (Karl Popper)You can only prove things wrong, never fully right; the turkey shows why piled-up evidence is not proof.
Goal Lock (Feasibility Thesis)Turns the audit on your own goal first, tries to prove it impossible early, and spins up goal-locked agents to test the paths.
Source verificationChecks that every cited source exists and actually says what it is quoted as saying.
The falsifiability testAsks what would prove a claim false; if nothing could, the claim carries no information.
Deductive validityChecks the conclusion really follows from the facts, not just that the facts are right.
Internal consistencyFinds places where the material says two things that cannot both be true.
Monte Carlo simulation and the pre-mortem (Gary Klein)Plays the plan forward across several paths and imagines it already failed, to find the breakages on paper.
SteelmanningBuilds the strongest version of an idea first, then attacks that, not a weak strawman.
Constraint satisfactionSorts every "we can't" into real limits, self-imposed ones, and unchecked assumptions.
Self-calibration (Bayesian updating + drift via cosine similarity)Watches its own thinking: updates on your feedback and flags when it drifts off the goal.

Karl PopperYou cannot validate anything. You can only falsify.

Picture a turkey on a farm. Every morning the farmer brings food. Every single day confirms what the turkey believes: people are kind, food always arrives, life is safe. A thousand days of evidence, all pointing the same way. The turkey has never felt more certain than on the morning of the thousandth day. That afternoon, two days before Thanksgiving, the farmer does what he's supposed to do.

A thousand days of confirming evidence did nothing to warn the turkey about the one bad day that mattered.

The data was never proof. It was just the absence of the counterexample, right up until the counterexample arrived.

This is the principle the philosopher Karl Popper called falsification. An idea earns trust not by being confirmed, but by surviving honest, severe attempts to prove it wrong. So the audit never tries to confirm a claim. Confirming evidence can pile up forever and still hide a fatal flaw. As the bird witnessed.

The audit does the opposite. It tries to break what you give it, and reports what it could not break.

So is validation an empty word? Nope. It gets misused. The word only fits one situation: checking something against criteria you set in advance. Success criteria, qualification criteria, a clear pass or no-pass. "Did this meet the bar we defined?" is a fair thing to validate, because you control the bar.

"Is this claim about the world true?" is not. You can never fully validate that. You can only try to falsify it and report what survived.

Feasibility ThesisGoal Lock: the audit turns on your own input first

Before any audit is run, you must define a specific goal.

Everything below this is about checking other people's material. But the very first thing the audit checks is your own input: the project and the goal you hand it. Before any work starts, it treats your goal the same way it treats any claim. It does not try to confirm your goal is good. It goes looking for the reason it must fail. This is the falsification idea from the opening, pointed back at you. Swan Attack calls it the Feasibility Thesis.

Example: you say "launch the product in 24 hours." The audit goes hunting for the one hard fact that kills it, and finds that the App Store review alone takes 48 hours. That single fact proves the 24-hour goal impossible, and the goal gets revised before a minute is spent building toward something that could never happen.

Why a well-described goal matters

The goal is the one fixed point. Everything else is measured against it: whether a path is on track, whether the work has drifted, how close you are to done. A vague goal gives the audit nothing to measure against, so every later check loses its ruler. "Make it better" cannot be tested, cannot be drifted from, cannot be finished. "Cut the signup form from nine fields to three without lowering completion" can be checked at every step. The more precisely you state the goal, the more the audit can actually catch. A loose goal is the most common reason the whole thing runs soft. It's a failure mode. Ambiguous goal, nothing starts. If the goal is too unclear to work with, the audit stops and asks for it.

Goal-locked agents, spawned on the fly

When a problem has several possible paths, which happens often, the audit can spin up temporary helper agents on the spot, one per path, and run them at the same time, up to five at once. Each one is locked to the same goal you set.

They are goal-oriented by construction: the goal travels with each agent as a fixed limit it cannot break, the way a contractor cannot ignore the budget you signed. Each agent chases its own path, reports what it found, and the audit compares the results and keeps the strongest. The agents are created only when needed and dropped when done, so the work runs in parallel without wandering, because they all answer to the one locked goal.

Source checkSource verification: checking the sources

When the material quotes a source or cites a study, the audit checks two simple things. First: does that source actually exist? Second: does it really say what it is being quoted as saying, word for word, not a loose version of it. It also refuses to invent numbers. If a number was never actually measured, it writes "not measured" instead of guessing one.

Why it works: a quote is just another claim. Someone saying "studies prove this" does not make it true. You have to go and look at the study. It is the same reason a careful journalist will not print a juicy tip until a second person, an ombudsman, confirms it. The source has to earn its place before anyone leans on it.

Could it be wrong?The falsifiability test: could this even be wrong?

For each claim, the audit asks one question: what would I need to see for this to be false? If the honest answer is "nothing could ever show this is false," it sets the claim aside.

Why it works: a claim that can never be wrong tells you nothing useful. Take "everything happens for a reason." No matter what happens, good or bad, you can say it fits. Because nothing could ever contradict it, it carries no information. A claim worth something sticks its neck out. It says "if you see this, I am wrong." Those are the claims worth testing. This is Popper's idea again, used as a filter: only testable claims are worth the effort of testing.

The "so" testDeductive validity: does the conclusion actually follow?

The audit separates the facts from the conclusion drawn out of them, and checks whether the conclusion really follows from those facts. Sometimes every single fact is correct, but the jump to the conclusion is not.

Why it works: correct facts with a bad jump still land on a wrong answer. For example: "It rained last night. The streets are wet. So it must rain here every night." The two facts are true. The conclusion does not follow at all. The audit looks hard at the word "so," not just at the facts before it. That jump is where a lot of confident-sounding nonsense hides.

Two opposite thingsInternal consistency: does it contradict itself?

The audit hunts for places where the material says two things that cannot both be true. That can be inside the same document, or against well-known facts, or against its own earlier logic. When it finds a pair, it shows both side by side.

Why it works: if someone says two opposite things, at least one of them is wrong, or they are hiding a distinction they never explained. For example, a report that says "we did not lose a single person" and later says "the software took over most of those jobs." Both cannot be fully true as written. That clash points straight at the spot that needs a harder look, with no extra digging.

Gary KleinMonte Carlo simulation and the pre-mortem: playing the plan forward

Before backing a plan, the audit lays out several realistic ways things could actually go. It plays each one forward, and discards the ones that fall apart. From what survives, it picks the path that needs the fewest things to go right.

Why it works: a plan you never test in your head falls apart the first time it meets the real world. This borrows two ideas. The first is the Monte Carlo method, where instead of trusting one prediction you run many varied versions and see which hold up. The second is Gary Klein's pre-mortem: before you commit, imagine the plan has already failed and ask why. Both force you to meet the failure on paper, when it is cheap, instead of in reality, when it is not. The plan that needs the fewest things to go right is the safest, because there is less that can break.

The ten guys on ice

You have to cross a frozen lake. Stare at the ice all you like: it looks identical whether it is two inches thick or two feet, so looking tells you nothing. So you stop looking and start testing. You send ten guys across, each stressing it a different way: one walks, one runs, one jumps, one drags a heavy suitcase, one hunts for a shortcut over the thinnest patch. The ones who fall through teach you the most, because they show you where and how it breaks. Count them, and you have what a single glance never could: not "it looks safe," but "it fails twice out of ten, and here is the weak spot."

The three things it actually says: the surface is a liar (2 inches and 2 feet look the same), the failures are the data, and the output is a rate plus a location, not a yes/no.

Strongest versionSteelmanning: attack the strongest version, not the weakest

Before tearing an idea down, the audit first builds it up. It fixes the weak wording, gives it the benefit of the doubt, and makes it the strongest version it can be. Then it attacks that strong version. If even the strong version falls apart, the idea is dead for good.

Why it works: it is easy to win against a sloppy, weak version of what someone meant. But winning that way proves nothing, because they never meant the weak version. This is steelmanning, the opposite of a strawman. The only fair fight is against the best version of the idea. If the best version survives the attack, now there is really something there. If it does not, no time was wasted on a weak target.

Real or painted on?Constraint satisfaction: which limits are real?

The audit takes every "we can't do that" in the material and sorts it into three piles. One: a hard limit, backed by real evidence. Two: a limit we put on ourselves, which we could change if it were worth it. Three: an assumption nobody ever actually checked. Anything not clearly sorted gets treated as an unchecked assumption. Then it asks, for each one: what would change if this limit were not there?

Why it works: a lot of things people treat as solid walls are really just habits, or old decisions, or guesses nobody ever questioned. Treating a problem as a set of real constraints to satisfy, and nothing more, is how planning software works: it only respects the limits that are actually binding. Sorting them shows which walls are real stone and which are painted on. Very often there is one fake wall that, once you walk through it, opens up the whole problem.

Watching itselfSelf-calibration: checking its own thinking

The audit also keeps an eye on itself, not just on the material. Is it wandering off the actual question? Is it padding? Is it going in circles? Is it making something more complicated than it needs to be? The tds tag in the header line is this self-watch running.

Why it works: it is easy to hand back a clean-looking answer that is only clean because the hard question got quietly swapped for an easier one. Two ideas keep it honest. It treats your feedback as new evidence and updates its read of what you want, rather than clinging to its first guess. And it measures how far the current thread has drifted from the locked goal, the way you would measure the angle between two directions, and flags it when the gap grows too wide.

FoundationsThe scientific methods Swan Attack is built on

Swan Attack borrows the reasoning of these methods. It does not run them as literal mathematics.

MethodIn plain termsWhat it informs in Swan Attack
Falsificationism (Karl Popper)An idea is only worth anything if it could be proven wrong; trust comes from surviving attack, not from confirmation.The whole audit stance.
Occam's Razor (lex parsimoniae)Among answers that work, prefer the one with the fewest assumptions.Picking the simplest surviving path; trimming steps.
Constraint Satisfaction (CSP)A problem defined as a set of limits that a solution must all satisfy at once.Goal lock and decision lock, treated as binding constraints.
Communication Accommodation Theory (Howard Giles)People shorten the distance between each other by matching language and style.Mirroring your vocabulary and directness. Governs delivery, not the audit itself.
Monte Carlo methodInstead of one prediction, run many varied versions and keep what holds up.Playing a plan forward across several paths. Inspiration only, not literal random sampling.
Pre-mortem (Gary Klein)Before acting, assume the plan already failed and work out why.The failure hunt inside simulation.
Bayesian updatingRevise your belief as new evidence arrives, rather than holding the first guess.Updating its read of what you want each time you push back. Spirit, not literal Bayes math.
Vector space and cosine similarityTurn ideas into directions and measure the angle between them to see how far apart they are.The drift watch (tds), comparing the current thread against the locked goal. The model, not literal math.
Aviation preflight checklistsFixed-order checks run every time, so nothing critical is skipped under pressure.The discipline of running the same checks in order, and situational awareness.
Earned Value ManagementTrack progress and variance out in the open so trouble shows early.Showing confidence, position, and drift in the header on every reply.
Critical Discourse AnalysisRead how something is framed, not just what it claims.Spotting spin and loaded framing in a source.
Diachronic contextualizationPlace a claim in its moment, e.g. is this just the noisy peak of a hype cycle.Weighing a claim against where it sits in time.

Reading the resultHow to read the verdict line

Once a goal is set and the audit is triggered, it reports its own result before the verdict and all related arguments, using a line in brackets. A few examples:

  • H means clean. You can act on it. M means a couple of loose ends are still open, so read the warning line first. L means shaky. Do not act on it.
  • Held means it stuck to its answer even when pushed. Moved means a real new argument changed its mind. Being pushed without a new argument should never move it.
  • A warning on the second line means something tripped a limit. Read that line before anything else.

Trust it fully when it is clean, when it says it has reached the goal, and when it held its answer under at least one round of pushback. If a warning is showing, or it says there are loose ends, trust it only for what it is not warning you about.

Can I audit the results of its own audit?

I used to do it in earlier versions. I found little divergencies, none of which concerning. As it is today, it will tell you that you are auditing its own verdicts, and won't like it, because the results will be unstable and unreliable. Fair enough.

Stress-testing the verdictHow to check its verdicts

RoadmapComing up

For updates, new articles, or more details, find me here.

Subscribe now

Follow me on Substack — free.

Keep goingThe “Should I Trust…?” series

Episode #03You cannot validate anything: why you can only break a claim, never confirm it — and where “validate” still belongs.
Check real audit reports of real scientific papers