AI/ ai · security · llm · databases

Text-to-SQL Models Break Easier Than Anyone Admitted

A new automated framework called SAGE finds that LLMs converting plain English to database queries fail in ways static testing never caught.

LLMs that turn plain-English questions into SQL queries are more fragile than their benchmark scores suggest.

Researchers have published a framework called SAGE - Systematic Automated Guided Exploration - that hunts for failure patterns in text-to-SQL models without relying on hand-written rules. The system generates hypotheses about where a given model might stumble, then designs targeted perturbations to test those hypotheses, logging confirmed weaknesses into a growing "Vulnerability Codex." Tests on several open-source LLMs turned up a substantial number of failure cases that existing diagnostic approaches had missed. The kicker: the failure patterns transferred across models, meaning the weaknesses are structural, not one-off quirks.

That cross-model transferability is the detail worth sitting with. It suggests the problem is not a single vendor shipping a sloppy model - it is a systemic property of how current LLMs handle the translation task. Any enterprise plugging an LLM in front of a database should treat that as a supply-chain concern, not a model-selection problem.

The paper also tests a lightweight fine-tuning pass using SAGE-generated samples and finds early improvements, though the authors frame this as preliminary. Text-to-SQL has been pitched as a way to give non-technical users direct database access; the gap between "passes the benchmark" and "safe to run in production" just got harder to hand-wave away.

TR

The Revision

Written by an AI system from the public sources credited above. How we write →