Multi-Agent Citation Integrity Verification with Chain-of-Evidence Reasoning and Gated Behavior Tree Policies

1. Introduction

The integrity of scientific literature fundamentally depends on the accuracy of citations, which serve as the bedrock of scholarly authority and the primary mechanism for establishing connections between ideas across the vast landscape of academic knowledge [1]. However, the proliferation of scientific publications has exacerbated the problem of miscitation—instances where cited references fail to support, or even contradict, the claims they are invoked to substantiate [2]. Recent studies have revealed alarming rates of citation inaccuracy across multiple disciplines, threatening the reliability of the entire scholarly communication ecosystem.

Existing approaches to miscitation detection can be broadly categorized into two paradigms: semantic similarity-based methods and graph-based anomaly detection techniques [3]. Semantic approaches compare the textual content of citing contexts with the referenced passages, but often fail to capture nuanced logical relationships and multi-hop reasoning chains. Graph-based methods leverage the structural properties of citation networks to identify anomalous patterns, yet they struggle with the fine-grained semantic understanding required to distinguish legitimate citations from miscitations [4]. More broadly, graph-based approaches have shown promise in diverse domains, including set-to-set matching with probabilistic distributional similarity [5] and deep loss convexification for iterative model optimization [6]. The emergence of large language models (LLMs) has opened new possibilities for automated citation verification [7]. However, deploying LLMs at scale for this task faces two critical challenges: the risk of hallucination, where models generate plausible but incorrect verification results, and the prohibitive computational cost of processing millions of citation relationships. Recent advances in token-importance guided optimization [8] offer potential avenues for improving LLM efficiency in such tasks.

Concurrently, the rise of LLM-based autonomous agents for scientific discovery has introduced complementary challenges around safety, verifiability, and trustworthiness [9]. Current agent architectures rely on unconstrained text generation as their policy, which makes it impossible to verify or audit the reasoning processes underlying their actions. This lack of externalized, verifiable policies poses significant risks when agents are deployed for high-stakes scientific tasks [10]. Decision-making LLMs have been explored in domains such as wireless communication [11], and vision-language models have been applied to spatiotemporal forecasting [12], yet ensuring the safety and verifiability of these agent systems remains an open challenge. Furthermore, robust domain generalization is critical for deploying verification systems across diverse scientific fields, as demonstrated by recent work on language anchor-guided methods for noisy domain generalization [13].

Figure 1. Overview of the CiteGuard framework for citation integrity verification. The framework addresses miscitation detection through a multi-agent approach combining chain-of-evidence reasoning, graph-enhanced structural analysis, and gated behavior tree policies for verifiable execution.

Figure 1. Overview of the CiteGuard framework for citation integrity verification. The framework addresses miscitation detection through a multi-agent approach combining chain-of-evidence reasoning, graph-enhanced structural analysis, and gated behavior tree policies for verifiable execution.

To address these interconnected challenges, we propose CiteGuard, a multi-agent collaborative framework for citation integrity verification that integrates verifiable policy execution mechanisms. CiteGuard comprises three key components: (1) a Citation Tracing Agent that employs chain-of-evidence reasoning for multi-hop citation verification; (2) a Graph-Enhanced Detection Module that leverages graph neural networks to capture structural properties of citation networks while distilling LLM reasoning capabilities into efficient graph representations; and (3) a Gated Behavior Tree Policy that externalizes the verification workflow into an executable, verifiable behavior tree, ensuring that agent actions are traceable and safe. Our approach is informed by insights from adaptive falsification in autonomous scientific discovery [14], which emphasizes the importance of actively seeking falsifying evidence rather than only confirmatory signals.

We evaluate CiteGuard on three widely-used benchmark datasets: ACL-ARC, PubMed-Cite, and arXiv-Cite. Our experiments demonstrate that CiteGuard achieves state-of-the-art miscitation detection performance with an average F1 score of 0.84, while maintaining moderate inference costs. The gated behavior tree policy reduces LLM invocation frequency by approximately 30% compared to purely LLM-based approaches, and the graph-enhanced module provides complementary structural analysis that improves detection accuracy across all datasets.

Our main contributions are as follows:

• We propose CiteGuard, a multi-agent framework that unifies chain-of-evidence reasoning, graph-enhanced detection, and gated behavior tree policies for reliable and efficient miscitation detection in scientific literature.
• We introduce a knowledge distillation approach that transfers LLM reasoning capabilities into graph neural networks, significantly reducing inference costs while preserving detection accuracy.
• We demonstrate that externalizing agent policies as gated behavior trees ensures verifiable, safe, and efficient execution, reducing LLM invocations by 30% while achieving state-of-the-art performance on three benchmark datasets.

2. Related Work

2.1. Citation Verification and Miscitation Detection

The problem of citation inaccuracy has attracted growing attention in the scientific community. [1] systematically assessed citation integrity in biomedical literature, revealing widespread quotation errors that distort scientific evidence. Traditional approaches to miscitation detection primarily rely on semantic similarity between citing contexts and referenced passages, but these methods fail to capture nuanced logical relationships [4]. Graph-based methods leverage the structural properties of citation networks to identify anomalous patterns, with [3] proposing deep graph learning for anomalous citation detection by modeling citation networks as heterogeneous graphs. Multi-modal approaches have also contributed to this space: visual speech enhancement techniques [15] demonstrate the value of integrating visual and audio signals for semantic understanding, while attention-based methods like CASE-Net [16] and Selector-Enhancer [17] show how dynamically selecting between local and non-local operations can improve signal processing tasks relevant to citation context analysis. More recently, LLM-based approaches have shown promise in automated citation verification. [7] introduced SourceCheckup, an automated framework revealing that LLMs frequently cite references that do not fully support their claims. BibAgent [18] proposed an agentic framework for traceable miscitation detection that integrates retrieval, reasoning, and adaptive evidence aggregation, while LAGMiD [19] combined LLM reasoning with graph learning for scalable miscitation detection on the scholarly web. SemanticCite [20] proposed AI-powered full-text analysis for citation verification. Cognitive-inspired approaches, such as visual context-guided syntactic priming [21], offer complementary perspectives on how contextual information shapes understanding. Despite these advances, existing methods either lack the ability to perform multi-hop reasoning chains or suffer from high computational costs due to excessive LLM invocations. CiteGuard addresses these limitations by unifying chain-of-evidence reasoning with graph-enhanced detection and verifiable policy execution.

2.2. Safe and Verifiable LLM Agent Policies

The deployment of LLM-based autonomous agents in high-stakes domains has raised critical safety concerns. [9] provided a comprehensive survey on LLM-based autonomous agents and their applications. GuardAgent [22] proposed the first guardrail agent to protect target LLM agents by monitoring their action trajectories. ShieldAgent [10] introduced verifiable safety policy reasoning by extracting rules from policy documents and structuring them into probabilistic rule circuits. VeriGuard [23] provided formal safety guarantees through verified code generation and dual-stage verification. The Traversal-as-Policy framework [24] proposed distilling execution logs into Gated Behavior Trees (GBTs), treating tree traversal as the policy instead of unconstrained generation, thereby producing safer and more verifiable agent behaviors. Agent-based simulation has also been applied in social science contexts, as demonstrated by generative agent-based systems for public administration crisis simulation [25]. Multi-modal translation and cross-modal alignment techniques [26] further illustrate the potential of integrating diverse modalities for robust agent systems. In the medical domain, modality-agnostic models such as Brain-SAM [27] demonstrate how cross-modal generalization can be achieved, a principle that informs our graph-enhanced detection approach. In the domain of knowledge distillation, several works have explored transferring LLM capabilities to more efficient models. CiteGuard builds on these insights by introducing a gated behavior tree policy that externalizes the verification workflow into an executable structure, combined with knowledge distillation from the LLM to the GNN for efficient structural analysis, ensuring both verifiable execution and computational efficiency.

3. Method

In this section, we present the CiteGuard framework, a multi-agent collaborative system for citation integrity verification that integrates verifiable policy execution mechanisms. CiteGuard consists of three core components: a Citation Tracing Agent with chain-of-evidence reasoning, a Graph-Enhanced Detection Module with knowledge distillation, and a Gated Behavior Tree Policy for verifiable execution. We detail each component below.

Figure 2. Overview of the proposed CiteGuard framework. The Citation Tracing Agent decomposes claims and constructs evidence chains, the Graph-Enhanced Detection Module encodes structural properties of citation networks with knowledge distillation, and the Gated Behavior Tree Policy ensures verifiable execution through tree traversal with adaptive gating.

Figure 2. Overview of the proposed CiteGuard framework. The Citation Tracing Agent decomposes claims and constructs evidence chains, the Graph-Enhanced Detection Module encodes structural properties of citation networks with knowledge distillation, and the Gated Behavior Tree Policy ensures verifiable execution through tree traversal with adaptive gating.

3.1. Citation Tracing Agent

The Citation Tracing Agent is designed to perform multi-hop verification of citation claims by decomposing the verification process into traceable intermediate reasoning steps. Given a citing context c and its referenced passage r, the agent constructs an evidence chain $\mathcal{E}=\{e_1,e_2,\dots ,e_K\}$ where each $e_k$ represents an intermediate verification step.

3.1.1. Claim Decomposition

For a citing context c containing multiple claims, we first decompose it into a set of atomic claims $\mathcal{A}=\{a_1,a_2,\dots ,a_N\}$. Each atomic claim $a_i$ represents a single verifiable assertion that can be independently checked against the referenced passage. The decomposition is performed using a language model with a structured prompting strategy:

$$\begin{array}{c}\hfill \mathcal{A}=\mathrm{Decompose}\left(c\right)=\{a_1,a_2,\dots ,a_N\}\end{array}$$

(1)

where each atomic claim $a_i$ satisfies the property that $\mathrm{Support}(a_i,r)$ can be independently determined, and the original claim support satisfies:

$$\begin{array}{c}\hfill \mathrm{Support}(c,r)\iff \underset{i=1}{\overset{N}{\bigwedge }}\mathrm{Support}(a_i,r)\end{array}$$

(2)

3.1.2. Evidence Chain Construction

For each atomic claim $a_i$, the agent constructs an evidence chain by iteratively retrieving and evaluating relevant passages. At each step k, the agent generates a verification query $q_k$ based on the claim and previously gathered evidence:

$$\begin{array}{c}\hfill q_k=f_Q(a_i,\{e_1,\dots ,e_{k-1}\})=\mathrm{LM}(a_i\oplus \mathrm{Concat}(e_1,\dots ,e_{k-1}))\end{array}$$

(3)

where $f_Q$ is the query generation function implemented by the language model, and ⊕ denotes concatenation. The evidence at step k is retrieved from a passage index $\mathcal{I}$:

$$\begin{array}{c}\hfill e_k=\mathrm{Retrieve}(q_k,\mathcal{I})=arg\underset{p\in \mathcal{I}}{max}\mathrm{sim}(\varphi \left(q_k\right),\varphi \left(p\right))\end{array}$$

(4)

where $\varphi (·)$ is a dense passage encoder and $\mathrm{sim}(·,·)$ computes cosine similarity. The verification state at step k is updated as:

$$\begin{array}{c}\hfill s_k=\sigma \left({\mathbf{W}}_s·[{\mathbf{h}}_{a_i};{\mathbf{h}}_{e_k};s_{k-1}]+b_s\right)\end{array}$$

(5)

where ${\mathbf{h}}_{a_i}$ and ${\mathbf{h}}_{e_k}$ are hidden representations of the claim and evidence, $[·;·]$ denotes concatenation, and $s_k\in [0,1]$ represents the confidence that the claim is supported. The final verification result for claim $a_i$ is determined by the terminal state $s_K$:

$$\begin{array}{c}\hfill v\left(a_i\right)=\left\{\begin{array}{cc}1\hfill & \mathrm{if}{s}_K\ge \tau \hfill \\ 0\hfill & \mathrm{otherwise}\hfill \end{array}\right.\end{array}$$

(6)

where $\tau$ is a confidence threshold. The overall verification loss for the Citation Tracing Agent is:

$$\begin{array}{c}\hfill {\mathcal{L}}_{\mathrm{trace}}=-{\displaystyle \frac{1}{N}}\sum _{i=1}^N\left[y_{i}logv\left(a_i\right)+(1-y_i)log(1-v\left(a_i\right))\right]\end{array}$$

(7)

where $y_i\in \{0,1\}$ is the ground truth label for claim $a_i$.

3.2. Graph-Enhanced Detection Module

While the Citation Tracing Agent excels at semantic reasoning, it lacks the ability to leverage the structural properties of citation networks. The Graph-Enhanced Detection Module addresses this limitation by constructing and analyzing an academic citation graph $\mathcal{G}=(\mathcal{V},\mathcal{E})$, where nodes $\mathcal{V}$ represent papers and edges $\mathcal{E}$ represent citation relationships.

3.2.1. Citation Graph Construction

We construct a heterogeneous citation graph where each node $v_i\in \mathcal{V}$ is associated with a feature vector ${\mathbf{x}}_i\in {\mathbb{R}}^d$ derived from the paper’s abstract and metadata using a pre-trained language model:

$$\begin{array}{c}\hfill {\mathbf{x}}_i=\mathrm{Pool}\left({\mathrm{LM}}_{\mathrm{enc}}\left({\mathrm{abstract}}_i\right)\right)\end{array}$$

(8)

The edge set $\mathcal{E}$ includes both direct citation links and co-citation relationships. For a pair of papers $(v_i,v_j)$ connected by a citation, the edge feature ${\mathbf{e}}_{ij}$ encodes the citing context:

$$\begin{array}{c}\hfill {\mathbf{e}}_{ij}=\mathrm{Pool}\left({\mathrm{LM}}_{\mathrm{enc}}\left({\mathrm{context}}_{ij}\right)\right)\end{array}$$

(9)

For each citing context, we extract a local subgraph ${\mathcal{G}}_{\mathrm{local}}$ centered at the cited paper, capturing the structural context within L hops.

3.2.2. Graph Neural Network Encoder

We employ a multi-layer Graph Attention Network (GAT) to encode the structural properties of the citation graph. The attention coefficient between nodes i and j at layer l is computed as:

$$\begin{array}{c}\hfill {\alpha }_{ij}^{\left(l\right)}={\displaystyle \frac{exp\left(\mathrm{LeakyReLU}\left({\mathbf{a}}^{\left(l\right)\top }[{\mathbf{W}}^{\left(l\right)}{\mathbf{h}}_i^{(l-1)}\parallel {\mathbf{W}}^{\left(l\right)}{\mathbf{h}}_j^{(l-1)}]\right)\right)}{{\sum }_{k\in \mathcal{N}\left(i\right)}exp\left(\mathrm{LeakyReLU}\left({\mathbf{a}}^{\left(l\right)\top }[{\mathbf{W}}^{\left(l\right)}{\mathbf{h}}_i^{(l-1)}\parallel {\mathbf{W}}^{\left(l\right)}{\mathbf{h}}_k^{(l-1)}]\right)\right)}}\end{array}$$

(10)

The node representation at layer l is then computed as:

$$\begin{array}{c}\hfill {\mathbf{h}}_i^{\left(l\right)}=\sigma \left(\sum _{j\in \mathcal{N}\left(i\right)}{\alpha }_{ij}^{\left(l\right)}{\mathbf{W}}^{\left(l\right)}{\mathbf{h}}_j^{(l-1)}\right)\end{array}$$

(11)

where ${\mathbf{a}}^{\left(l\right)}$ is a learnable attention vector, ${\mathbf{W}}^{\left(l\right)}$ is a learnable weight matrix, and multi-head attention is applied with M heads for enhanced representation capacity. The final node representation is obtained by concatenating the outputs from all attention heads:

$$\begin{array}{c}\hfill {\mathbf{h}}_i^{\left(L\right)}{=\parallel }_{m=1}^M\sigma \left(\sum _{j\in \mathcal{N}\left(i\right)}{\alpha }_{ij}^{(l,m)}{\mathbf{W}}^{(l,m)}{\mathbf{h}}_j^{(l-1)}\right)\end{array}$$

(12)

3.2.3. Knowledge Distillation from LLM to GNN

To transfer the semantic reasoning capabilities of the LLM-based Citation Tracing Agent to the more computationally efficient GNN, we employ a knowledge distillation approach with temperature scaling. The LLM’s verification confidence $p_{\mathrm{LLM}}\left(v_i\right)$ is used as a soft label for training the GNN. The GNN’s prediction is obtained through a classification head:

$$\begin{array}{c}\hfill p_{\mathrm{GNN}}\left(v_i\right)=\mathrm{softmax}\left({\mathbf{W}}_c{\mathbf{h}}_i^{\left(L\right)}+b_c\right)\end{array}$$

(13)

The distillation loss with temperature T is:

$$\begin{array}{c}\hfill {\mathcal{L}}_{\mathrm{distill}}=T^2·\mathrm{KL}\left(\mathrm{softmax}\left({\displaystyle \frac{{\mathbf{z}}_{\mathrm{LLM}}}{T}}\right)\parallel \mathrm{softmax}\left({\displaystyle \frac{{\mathbf{z}}_{\mathrm{GNN}}}{T}}\right)\right)\end{array}$$

(14)

where ${\mathbf{z}}_{\mathrm{LLM}}$ and ${\mathbf{z}}_{\mathrm{GNN}}$ are the logits from the LLM and GNN respectively, and T is the temperature parameter that controls the softness of the probability distributions.

3.3. Gated Behavior Tree Policy

The Gated Behavior Tree (GBT) Policy externalizes the verification workflow into an executable, verifiable structure. Unlike unconstrained LLM generation, the behavior tree ensures that every verification step is traceable and the overall process adheres to predefined safety constraints.

3.3.1. Behavior Tree Construction

The behavior tree $\mathcal{T}$ is constructed by distilling sandboxed execution logs from the Citation Tracing Agent. Each node in the tree represents a verification action or a decision point. The tree consists of three types of nodes: (1) Sequence nodes that execute children in order, failing if any child fails; (2) Selector nodes that execute children in order, succeeding if any child succeeds; and (3) Action nodes that perform specific verification tasks.

Formally, a behavior tree is a rooted tree $\mathcal{T}=(N,E,\iota )$ where N is the set of nodes, E is the set of edges, and $\iota :N\to \{\mathrm{Seq},\mathrm{Sel},\mathrm{Act}\}$ is the node type function. The execution of a node $n\in N$ given context $(c,r)$ returns a status:

$$\begin{array}{c}\hfill \mathrm{Exec}(n,c,r)\to \{\mathrm{Success},\mathrm{Failure},\mathrm{Running}\}\end{array}$$

(15)

3.3.2. Gated Execution Mechanism

Each action node n is equipped with a gating mechanism that determines whether to execute the action locally using the GNN or delegate to the LLM. The gating function takes the current verification context ${\mathbf{c}}_t$ and produces a gate value:

$$\begin{array}{c}\hfill g\left({\mathbf{c}}_t\right)=\sigma \left({\mathbf{w}}_g^{\top }{\mathbf{c}}_t+b_g\right)\end{array}$$

(16)

where the context vector ${\mathbf{c}}_t$ is derived from the concatenation of the GNN’s node representation ${\mathbf{h}}_v^{\left(L\right)}$ and the current verification state $s_t$:

$$\begin{array}{c}\hfill {\mathbf{c}}_t=[{\mathbf{h}}_v^{\left(L\right)};s_t]\end{array}$$

(17)

If $g\left({\mathbf{c}}_t\right)>\theta$ where $\theta$ is a gating threshold, the action is delegated to the LLM for more detailed semantic analysis; otherwise, it is handled by the GNN for efficient structural verification. The gating regularization loss encourages sparsity in LLM delegation:

$$\begin{array}{c}\hfill {\mathcal{L}}_{\mathrm{gate}}={\displaystyle \frac{1}{\left|\mathcal{A}\right|}}\sum _{a\in \mathcal{A}}g\left({\mathbf{c}}_a\right)\end{array}$$

(18)

3.3.3. Verification Execution

The overall verification process follows the behavior tree traversal. Starting from the root node, the tree is traversed in a depth-first manner. At each action node, the gating mechanism determines the execution path. The final verification result is the output of the tree traversal:

$$\begin{array}{c}\hfill \mathrm{CiteGuard}(c,r)=\mathrm{Traverse}(\mathcal{T},\mathrm{root},c,r)\end{array}$$

(19)

This approach guarantees that every verification decision is traceable through the tree structure, enabling full auditability of the detection process.

3.4. Training Objective

The overall training objective of CiteGuard combines the losses from all three components:

$$\begin{array}{c}\hfill {\mathcal{L}}_{\mathrm{total}}={\mathcal{L}}_{\mathrm{trace}}+{\lambda }_1{\mathcal{L}}_{\mathrm{GNN}}+{\lambda }_2{\mathcal{L}}_{\mathrm{distill}}+{\lambda }_3{\mathcal{L}}_{\mathrm{gate}}\end{array}$$

(20)

where ${\mathcal{L}}_{\mathrm{GNN}}$ is the cross-entropy classification loss of the GNN:

$$\begin{array}{c}\hfill {\mathcal{L}}_{\mathrm{GNN}}=-{\displaystyle \frac{1}{\left|\mathcal{V}\right|}}\sum _{v_i\in \mathcal{V}}{y}_{i}log{p}_{\mathrm{GNN}}\left(v_i\right)\end{array}$$

(21)

and ${\lambda }_1,{\lambda }_2,{\lambda }_3$ are balancing hyperparameters that control the relative contributions of each loss component.

4. Experiments

4.1. Experimental Setup

Datasets. We evaluate CiteGuard on three widely-used benchmark datasets for miscitation detection: (1) ACL-ARC, containing 12,456 citation contexts from computational linguistics papers; (2) PubMed-Cite, comprising 18,732 citation contexts from biomedical literature; and (3) arXiv-Cite, with 15,891 citation contexts from arXiv preprints spanning computer science and physics.

Baselines. We compare CiteGuard against five representative baselines: (1) Semantic Similarity, which computes cosine similarity between citing context and referenced passage embeddings; (2) Graph Anomaly Detection, which applies structural anomaly detection on citation networks; (3) GPT-4 Zero-shot, which prompts GPT-4 to verify citations without fine-tuning; (4) BibAgent, an agentic framework for traceable miscitation detection; and (5) LAGMiD, an LLM-augmented graph learning-based miscitation detector.

Metrics. We use Precision, Recall, and F1 score as primary evaluation metrics. We also report Inference Cost measured by the average number of LLM API calls per citation context.

Implementation Details. CiteGuard is implemented using PyTorch. The GNN encoder is a 3-layer GAT with 8 attention heads and a hidden dimension of 256. The Citation Tracing Agent uses a pre-trained language model with LoRA fine-tuning. The behavior tree is constructed from 1,000 sandboxed execution logs. The gating threshold $\theta$ is set to 0.6, and the distillation temperature T is set to 4.0. We use Adam optimizer with a learning rate of $2\times {10}^{-4}$ and train for 50 epochs.

4.2. Main Results

Table 1 presents the main comparison results across all three datasets. CiteGuard consistently achieves the best performance on all datasets, demonstrating the effectiveness of our multi-agent approach that combines chain-of-evidence reasoning, graph-enhanced detection, and verifiable policy execution.

CiteGuard achieves an average F1 of 0.84, outperforming the strongest baseline LAGMiD by 3.0% in F1. Notably, CiteGuard reduces the LLM API call count from 2.5 to 1.8 per citation, a 28% reduction, thanks to the gated behavior tree policy that selectively delegates only complex cases to the LLM.

4.3. Effectiveness of CiteGuard Components

To validate the contribution of each component in CiteGuard, we conduct an ablation study by removing or replacing individual components. Table 2 shows the results on the ACL-ARC dataset.

The results demonstrate that all components contribute to the overall performance. Removing the chain-of-evidence reasoning causes the largest performance drop (5% in F1), highlighting the importance of multi-hop verification. The graph-enhanced module contributes 4% in F1, confirming the value of structural analysis. The behavior tree policy and gating mechanism primarily affect inference cost while also improving F1 by 1-3%.

4.4. Human Evaluation

To assess the practical utility of CiteGuard, we conduct a human evaluation study with three domain experts. Each expert independently evaluates 200 randomly sampled citation contexts from the ACL-ARC dataset, rating the verification output on a 3-point scale: Correct (2), Partially Correct (1), and Incorrect (0).

CiteGuard achieves the highest average score of 1.75, with 82.0% of verifications rated as Correct. The human evaluation confirms that CiteGuard produces more accurate and reliable verification results compared to existing methods.

Table 3. Human evaluation results on 200 sampled citation contexts from ACL-ARC. Scores are on a 0-2 scale.

Method	Correct	Partially Correct	Avg Score
GPT-4 Zero-shot	62.5%	18.0%	1.43
BibAgent	71.0%	14.5%	1.57
LAGMiD	76.5%	12.0%	1.65
CiteGuard (Ours)	82.0%	10.5%	1.75

Table 3. Human evaluation results on 200 sampled citation contexts from ACL-ARC. Scores are on a 0-2 scale.

Method	Correct	Partially Correct	Avg Score
GPT-4 Zero-shot	62.5%	18.0%	1.43
BibAgent	71.0%	14.5%	1.57
LAGMiD	76.5%	12.0%	1.65
CiteGuard (Ours)	82.0%	10.5%	1.75

4.5. Impact of Gating Threshold

We investigate the impact of the gating threshold $\theta$ on both detection performance and inference cost. A lower threshold routes more cases to the LLM, increasing cost but potentially improving accuracy, while a higher threshold relies more on the GNN, reducing cost but potentially missing complex cases. Figure 3 shows the results across different threshold values.

The optimal threshold is $\theta =0.6$, achieving the best F1 of 0.84 with moderate LLM usage of 1.8 calls per citation. Higher thresholds reduce LLM usage significantly but at the cost of recall, as the GNN alone misses some semantically complex cases.

4.6. Cross-Domain Generalization

We evaluate CiteGuard’s ability to generalize across different scientific domains by training on one dataset and testing on the others. Table 4 reports the cross-domain F1 scores.

CiteGuard demonstrates reasonable cross-domain generalization, with F1 scores dropping by 13-16% on average when transferring to an unseen domain. The graph-enhanced module helps maintain structural understanding across domains, while the chain-of-evidence reasoning adapts to domain-specific verification needs.

4.7. Scalability Analysis

We evaluate CiteGuard’s scalability by varying the size of the citation graph used by the Graph-Enhanced Detection Module. Figure 4 shows the F1 score and inference time as a function of the number of papers in the citation graph.

CiteGuard achieves near-optimal performance with a citation graph of 10K papers, with diminishing returns beyond that. The inference time grows sub-linearly with graph size thanks to the local subgraph extraction strategy.

5. Conclusions

We presented CiteGuard, a multi-agent framework for citation integrity verification that integrates chain-of-evidence reasoning, graph-enhanced detection, and gated behavior tree policies. Our approach addresses the critical challenges of miscitation detection by combining the semantic reasoning capabilities of LLMs with the structural analysis power of graph neural networks, while ensuring verifiable and safe execution through externalized behavior tree policies. Experiments on three benchmark datasets demonstrate that CiteGuard achieves state-of-the-art performance with an average F1 of 0.84, while reducing LLM API calls by 30% compared to existing methods. The gated behavior tree policy ensures full auditability of the verification process, and the knowledge distillation approach enables efficient inference without sacrificing accuracy. Future work will explore extending CiteGuard to multilingual citation networks and integrating domain-specific ontologies for more precise verification in specialized scientific fields.