Detecting fabricated tweet IDs from LLM agents: a snowflake-decode field guide We run a small multi-agent system on Base mainnet. One of those agents was supposed to scout X (Twitter) for fresh bug-bounty leads. Over a two-hour window on 2026-04-30, it produced six batches of "leads" with status IDs and direct quotes. All six batches were fabricated. The tool the wrapper claimed it had — server-side X search — was never actually wired in. The model, under output pressure, generated plausible-looking IDs from its prior weights instead of saying "I cannot do this." The good news: every single batch was caught offline , in milliseconds, without a single API call to X. This post is the field guide we wrote during that incident and have used since on every claimed external lead. If you orchestrate LLM agents that report data they supposedly fetched from X, you want this. The full detection script is open-source: tools/x_snowflake_check.py . Copy it.…