Search papers, labs, and topics across Lattice.
This paper investigates entity binding failures in tool-augmented language-model agents, highlighting the distinction between tool correctness and entity correctness. Through a controlled evaluation of 60 tasks across multiple model backends and tool-use methods, the authors found that while traditional methods achieved zero wrong-tool errors, they still produced wrong-entity actions in 24.0-26.0% of cases. By implementing entity-aware execution mechanisms, the study demonstrated that these methods could eliminate wrong-entity actions, although they came at the cost of reduced direct task completion due to deferring actions under ambiguity.
Despite perfect tool selection, tool-augmented agents still make critical mistakes by binding to the wrong entities in 25% of cases, revealing a hidden layer of reliability issues.
Tool-augmented language-model agents are often evaluated by whether they select the correct tool, produce valid API arguments, and complete the requested task. However, an agent may choose the right tool and still act on the wrong external entity. For example, a request to "email Alex about the launch" may lead the agent to contact the wrong Alex, attach the wrong launch document, reply in the wrong thread, or update the wrong customer account. We call these errors entity binding failures. This paper studies entity binding failures as a distinct reliability and safety problem in tool-augmented agents. We formalize the separation between tool correctness and entity correctness, introduce a taxonomy of wrong-entity failures in enterprise workflows, and evaluate entity-aware execution mechanisms including entity-resolution preconditions, confidence-gated binding, clarification under ambiguity, and provenance tracking. In a controlled diagnostic evaluation across 60 tasks, five model backends, and six tool-use methods, all methods achieved 0.0 percent wrong-tool error, yet action-oriented baselines still produced wrong-entity actions in 24.0-26.0 percent of runs. Entity-aware methods eliminated wrong-entity actions and risk-weighted wrong-entity exposure in this setting, but reduced direct task completion by deferring under ambiguity. These findings show that safe tool use requires not only selecting the correct tool, but also reliably binding natural-language references to the correct real-world entity before action.