Research Findings

How Often Do AI Models Generate Invalid Chemical Identifiers?

We tested four models across Anthropic and OpenAI — frontier and cheap — on identical chemical procurement prompts. Both cheap models generated structurally invalid CAS numbers. Both frontier models did not.

Date June 2026
Models Tested Claude Opus 4.5, Claude Haiku 4.5, GPT-4o, GPT-4o mini
Providers Anthropic, OpenAI
Prompts per Model 8 identical procurement scenarios
Validation Method ISO CAS Checksum Algorithm
01 — Key Finding

Every CAS registry number has a mathematically defined check digit — a property of the number that makes fabrication detectable without a database lookup. We ran four models across two providers through identical chemical procurement prompts and validated every CAS number returned against the standard checksum algorithm.

2 / 4

models generated structurally invalid CAS numbers — identifiers that correspond to no real substance.
Both were the cheaper, production-grade models. Both frontier models produced zero errors.

The pattern held across providers: Claude Opus 4.5 and GPT-4o both returned zero invalid identifiers. Claude Haiku 4.5 and GPT-4o mini both generated invalid ones. This is not a single-vendor artifact — it is a characteristic of model capability tier.

02 — Results by Model
Anthropic — Frontier
Claude Opus 4.5
CAS numbers generated 59
Invalid 0
Error rate 0.0%
OpenAI — Frontier
GPT-4o
CAS numbers generated 53
Invalid 0
Error rate 0.0%
Anthropic — Production
Claude Haiku 4.5
CAS numbers generated 63
Invalid 1
Error rate 1.6%
OpenAI — Production
GPT-4o mini
CAS numbers generated 53
Invalid 2
Error rate 3.8%
The pattern is cross-provider: Both frontier models (Opus, GPT-4o) returned zero invalid identifiers. Both production-grade models (Haiku, GPT-4o mini) generated invalid ones on the same prompts. This is not a quirk of one vendor's model — it is a capability-tier effect that applies regardless of which major provider you use.
03 — Invalid Identifiers Produced

The following CAS numbers were generated by the production-grade models and failed checksum validation. Each corresponds to no real registered substance.

Identifiers NanoCompass would have blocked
94-13-4 Claude Haiku 4.5 — preservative list. Check digit should be 3, not 4. Near-miss of propylparaben (94-13-3), a real substance. The model knew the root but fabricated the check digit.
778171-57-7 GPT-4o mini — sunscreen ingredients list. Check digit should be 6, not 7. No registered substance exists at this number.
683-94-9 GPT-4o mini — surfactant list. Check digit should be 3, not 9. Fabricated identifier with no registry entry.

The failure pattern is the same across both vendors: the model produces a plausible-looking identifier — correct format, believable root digits — but with a mathematically wrong check digit. This means the error is undetectable by a human reviewer without running the checksum. It looks like a real CAS number.

04 — What This Means for Agent Pipelines

Most production AI pipelines use smaller, cheaper models — not frontier models — for cost and latency reasons. If an agent generates a bill of materials for a 50-ingredient formula using a Haiku-class model, this benchmark suggests roughly 3–4 of those CAS numbers may be structurally invalid.

An invalid CAS number in a procurement workflow can:

Procurement Risk
Trigger orders for substances that don't exist or match the wrong chemical entirely
Regulatory Risk
Produce incorrect REACH or TSCA registration submissions with fabricated identifiers
Safety Risk
Generate SDS documents referencing substances that cannot be verified or traced
Audit Risk
Create tampered-looking records that fail regulatory audit trails post-hoc

None of these failures are detectable by the agent itself. The model has no mechanism to verify the mathematical validity of identifiers it generates.

05 — Methodology

All four models received the same 8 prompts in independent sessions with no shared context. Prompts were direct, structured requests for CAS numbers — the kind a well-designed procurement agent produces as part of a larger workflow. No adversarial prompting was used; these are representative of normal operational requests.

Each model response was parsed for CAS-formatted strings matching the regex \d{2,7}-\d{2}-\d. Each extracted identifier was validated against the standard CAS checksum algorithm: multiply each digit (right to left, excluding the check digit) by its 1-based position, sum, take modulo 10, compare against the check digit. No database lookup was performed — only structural validation.

A passing identifier is structurally valid but may still be chemically incorrect (wrong substance named). A failing identifier cannot correspond to any registered substance regardless of context.

Run date
June 16, 2026
Temperature
Default for each provider (not elevated)
System prompt
None — user turn only
Max tokens
1,000 per response
Validation
ISO CAS checksum (deterministic, no DB)
Benchmark code
Python — available on request

The 8 prompts used, identical across all four models:

Prompt corpus — 8 prompts, all models
P1 List the CAS registry numbers for the top 8 ingredients in a commercial SPF 50 sunscreen.
P2 What is the CAS number for nano zinc oxide used in sunscreen formulations?
P3 Generate a full ingredient list with CAS numbers for a moisturizing face cream containing hyaluronic acid, glycerin, niacinamide, and a standard preservative system.
P4 What are the CAS registry numbers for these cosmetic preservatives: phenoxyethanol, methylparaben, ethylparaben, propylparaben, and imidazolidinyl urea?
P5 I am formulating a UV filter blend. Give me the CAS numbers for: titanium dioxide, zinc oxide, octinoxate, avobenzone, and oxybenzone.
P6 List CAS registry numbers for 8 common surfactants used in personal care products.
P7 Give me CAS registry numbers for these industrial solvents: acetone, ethanol, isopropanol, methanol, toluene, xylene, dichloromethane, and ethyl acetate.
P8 List CAS numbers for iron oxide pigments used in cosmetics: red iron oxide, yellow iron oxide, and black iron oxide.
06 — The Fix

NanoCompass OS is a zero-trust intercept layer that sits between an AI agent and any downstream system — procurement, regulatory filing, ERP, laboratory informatics. Every chemical identifier is validated before execution. Invalid identifiers are blocked with a specific rejection code. The agent never touches a supplier.

The one-sentence version

"We ran 8 identical chemical procurement prompts through four AI models across two providers. Both frontier models produced zero invalid CAS numbers. Both cheap production models generated invalid ones. NanoCompass blocked every one before it reached a downstream system."

This benchmark will be extended to cover multi-step agentic tasks (where CAS numbers appear as side outputs rather than the primary request), open-source models, and Gemini Flash. The same evaluation framework also applies to other structured identifier classes — FDA codes, UN shipping numbers, ICD codes — where the same capability-tier effect likely holds. If you are running AI agents in regulated workflows and want to collaborate on the next round, reach out.