LLMs that turn plain-English questions into SQL queries are more fragile than their benchmark scores suggest.
Researchers have published a framework called SAGE - Systematic Automated Guided Exploration - that hunts for failure patterns in text-to-SQL models without relying on hand-written rules. The system generates hypotheses about where a given model might stumble, then designs targeted perturbations to test those hypotheses, logging confirmed weaknesses into a growing "Vulnerability Codex." Tests on several open-source LLMs turned up a substantial number of failure cases that existing diagnostic approaches had missed. The kicker: the failure patterns transferred across models, meaning the weaknesses are structural, not one-off quirks.
That cross-model transferability is the detail worth sitting with. It suggests the problem is not a single vendor shipping a sloppy model - it is a systemic property of how current LLMs handle the translation task. Any enterprise plugging an LLM in front of a database should treat that as a supply-chain concern, not a model-selection problem.
The paper also tests a lightweight fine-tuning pass using SAGE-generated samples and finds early improvements, though the authors frame this as preliminary. Text-to-SQL has been pitched as a way to give non-technical users direct database access; the gap between "passes the benchmark" and "safe to run in production" just got harder to hand-wave away.