Lesson 1: LLMs & Reasoning Models

AI-Native Compliance Committee · AI Foundations: Demystifying AI
LESSON 1
AI Foundations — Demystifying AI · Lesson 1 of 10

Demystifying AI

Lesson 1: LLMs & Reasoning Models

A plain-language guide for the AI-Native Compliance Committee.

Spring Labs
AI-Native Compliance Committee · May 2026

The information contained in this material is provided for general informational and educational purposes only and does not constitute legal, regulatory, compliance, accounting, or other professional advice. Readers should consult their own advisors regarding their specific facts, circumstances, and applicable legal or regulatory requirements. Our solutions are designed to support and enhance internal compliance, oversight, and operational workflows. They do not constitute legal advice or replace independent compliance responsibilities. Each organization remains responsible for determining and meeting its own regulatory obligations.

10-Lesson Series
Lesson 1 of 10
← Series Index
  • LLMs & Reasoning Models
  • RAG and Tools
  • MCPs and Plugins
  • Common Tools
  • Prompting & Context Engineering
  • AI Agents & Automated Workflows
  • Evaluating & Validating AI Output
  • Model Risk Management for AI
  • AI Risk: Domain-Specific Exposures
  • Building AI Governance
This lesson covers
  • What LLMs are actually doing
  • The forward pass & next-token prediction
  • Context management for compliance
  • Reasoning models and how they differ
AI-Native Compliance Committee · AI Foundations: Demystifying AI
LESSON 1

First Principles

What is an LLM? Common mental models are wrong

Tools like ChatGPT and Claude do have search and retrieval features — but those come from the platform, not the underlying model. Here's what the model itself is actually doing.

✕ Not the model

"It's searching the internet"

The LLM itself has no internet access — its knowledge is frozen at training cutoff. When ChatGPT searches the web, that's a tool the platform added. The model still only generates text from what it's given in context.

✕ Not the model

"It's looking things up in a database"

Some platforms inject retrieved documents into the context before the model runs. That retrieval step is external. The model itself doesn't query anything — it generates tokens from whatever was placed in its context window.

✕ Not the model

"It reads from a knowledge library"

The model doesn't read during inference. Training compressed text patterns into numerical weights. At runtime, there is no library — only a statistical model predicting the next token from context.

AI-Native Compliance Committee · AI Foundations: Demystifying AI
LESSON 1

The Right Mental Model

PRE-
DIC-
TION

Given everything written so far, predict what word is most likely to come next. That's it. That's the whole operation.

AI-Native Compliance Committee · AI Foundations: Demystifying AI
LESSON 1

The Forward Pass

You are not asking a question — you are giving the model a context to complete

Context Window

calculating next token...

|

The compliance officer reviewed the

Next-Token Probability Distribution

The model scores every possible next word simultaneously. The winner joins the context — changing what every future prediction will be.

AI-Native Compliance Committee · AI Foundations: Demystifying AI
LESSON 1

Context Quality

This means the context you give it to start drastically changes outcomes

✕ Prompt A — Dangerous

“Does this loan disclosure satisfy the APR calculation requirement?”

No document. No rule citation. No institution context provided.

✓ Prompt B — Grounded

“TILA disclosure [attached]. Calculated APR: 6.999%. Does the disclosed APR comply with 12 CFR 1026.22(a)? Flag any discrepancy exceeding 1/8 of 1%.”

Document, rule, and explicit criteria all in context.

↓ watch what the model generates from each context

Does this disclosure comply with the APR requirement?

calculating next token…

Next-Token Probability Distribution

[TILA disclosure attached] Disclosed APR: 6.750% · Amortization APR: 6.999% · 12 CFR 1026.22(a) tolerance: 0.125%

calculating next token…

Next-Token Probability Distribution

The rule: Completeness over conciseness. The most dangerous prompts leave out constraints. The model fills gaps with probability — not fact.

AI-Native Compliance Committee · AI Foundations: Demystifying AI
LESSON 1

Context Management

And "context" is more than your question — it's everything in that session window

Everything the model can "know" lives in the context window. It has no memory beyond it.

  • Your instructions and question
  • Any documents you pasted in
  • Prior turns in the conversation
  • System instructions set by the tool you're using
  • Output the model has already generated in this session

Start a new chat → it forgets everything. Conversation gets very long → older content gets pushed out.

AI-Native Compliance Committee · AI Foundations: Demystifying AI
LESSON 1

Compliance Risk

When context is incomplete, the model doesn't stop — it fills the gap and doesn't signal the guess

What people think it is

  • A bug or malfunction in the system
  • The model "lying" intentionally
  • A rare failure mode careful prompting eliminates
  • Something that will be fixed in the next version

What's actually happening

The model is doing exactly what it was designed to do: predicting the most plausible next token.

When context is incomplete, it fills the gap with whatever is statistically most likely — based on patterns from training data.

It has no mechanism to detect that a fact is missing. Absence of information is invisible to it.

The compliance implication

Fluency ≠ accuracy. The model learned that "good answers" sound definitive. A hallucinated CFR citation reads exactly like a real one.

Treatment: provide the source document in context. Verify any factual claim against the primary source before relying on it.

Treat AI-generated fluency as a flag to verify, not a signal of accuracy.

AI-Native Compliance Committee · AI Foundations: Demystifying AI
LESSON 1

Part One Recap


That's the foundation — now what changes when the model is asked to reason step by step?

  • LLMs are prediction machines — not search engines or databases
  • Each word is generated by one forward pass over the full context
  • Context is the model's entire working memory — what you give it is all it has
  • Gaps in context become confident extrapolations, not disclosures of uncertainty
AI-Native Compliance Committee · AI Foundations: Demystifying AI
LESSON 1
Section 2 of 3
02
Reasoning
Models
Standard LLMs answer in a single step. Reasoning models do something different — and understanding what changes everything about how you use and review them.
In this section

How reasoning models generate a chain of thought before answering

Why the training data is fundamentally different

Why context dependency doesn't go away — it compounds

What this means for your review process

AI-Native Compliance Committee · AI Foundations: Demystifying AI
LESSON 1

Reasoning Models

Reasoning models generate a chain of thought before answering — not a single prediction

Standard LLM

Does this exception warrant escalation under our BSA policy given these three transaction patterns?

⚡ Immediate generation begins

Yes, this exception warrants escalation based on the pattern of structuring behavior evident in the transactions...

No intermediate reasoning. If the early pattern match is off, the answer builds on that without recourse.

Reasoning Model

Does this exception warrant escalation under our BSA policy given these three transaction patterns?

💭 Step 1: What does our BSA policy say about structuring thresholds?

💭 Step 2: Do any transactions individually cross $10,000?

💭 Step 3: Together, do they show a pattern consistent with §1010.314?

Based on the policy analysis and the transaction pattern: yes, escalation is warranted because...

AI-Native Compliance Committee · AI Foundations: Demystifying AI
LESSON 1

Training Data Difference

That's because they were trained on how humans think through problems, not just what the answers are

Standard Training (SQuAD-style Q&A)

Q
What is the civil penalty for a willful BSA violation under 31 U.S.C. § 5321?
A
The greater of $100,000 or the amount involved in the violation.
  • Associates question patterns with answer patterns
  • Strong on known, well-represented factual questions
  • Struggles with novel multi-step problems
  • No intermediate reasoning — direct Q → A matching

Reasoning Training (Process-based)

Q
Does this deposit sequence constitute structuring under 31 CFR 1010.314?
Step 1
§ 1010.314 requires a pattern designed to evade the reporting requirement...
Step 2
Three transactions: $9,800 / $9,700 / $9,600 on consecutive days...
Step 3
The amounts and pattern suggest deliberate structuring intent...
A
Yes, this pattern is consistent with structuring.

Learns to think like an auditor. Handles novel fact patterns by applying process, not just recalling training examples.

AI-Native Compliance Committee · AI Foundations: Demystifying AI
LESSON 1

Reasoning Chain in Action

But each step in that chain is still context for the next — so early errors compound quietly

Single Pass Model

Does this TILA disclosure comply with the APR calculation requirement under 12 CFR 1026.22?

Based on the information provided, the disclosure appears to satisfy the APR disclosure requirements under Regulation Z...

Generates step-by-step. Each step becomes context for the next step — so early errors compound.

Reasoning Model

Does this TILA disclosure comply with the APR calculation requirement under 12 CFR 1026.22?

Thinking...

Step 1: § 1026.22 requires disclosed APR to be within 1/8 of 1% for regular transactions. Let me apply that standard.

Thinking...

Step 2: Disclosed APR: 6.875%. Calculated APR from finance charge / amount financed: 6.999%.

Thinking...

Step 3: Difference is 0.124% — just under the 0.125% tolerance. Technically within threshold but marginal.

⚠ Within technical tolerance, but only by 0.001%. Verify the finance charge calculation before concluding — a rounding error could push this into violation.

AI-Native Compliance Committee · AI Foundations: Demystifying AI
LESSON 1
Section 3 of 3
03
Practical
Implications
The mechanics you now understand have direct consequences for how you use AI in compliance work — which tasks are genuinely safe to hand off, and which carry hidden risk.
In this section

Where AI genuinely helps in compliance work

Where those same mechanics create real risk

Four rules that follow directly from the mechanics

A pre-submission checklist you can use now

AI-Native Compliance Committee · AI Foundations: Demystifying AI
LESSON 1

Practical Application

Those mechanics tell you exactly where AI genuinely helps in compliance work

Summarizing long documents

  • Exam manuals, policy documents, lengthy regulatory releases
  • Checking whether a document covers a required topic list
  • Translating dense regulatory language into plain English (verify citations)

Why it works: These are pattern-matching tasks. The model excels at finding and restating information that is in the context you provide.

Drafting from facts you supply

  • First-draft SAR narratives given the transaction data
  • Policy language updates when given the new regulatory text
  • Customer disclosures from structured input data

Why it works: Source facts are in context. The model fills a known structural pattern — low extrapolation required.

Mapping and gap analysis

  • Checking a policy against a regulatory requirement list
  • Finding where a procedure doesn't address a control
  • Cross-referencing obligations across multiple source docs

Why it works: When both the policy and the regulation are in context, comparison is a strong use of the prediction mechanism.

AI-Native Compliance Committee · AI Foundations: Demystifying AI
LESSON 1

Compliance Risk

And exactly where those same mechanics create risk

Factual lookups without the source in context

  • "What is the penalty threshold under § 5321?" — without the statute
  • Specific thresholds, dates, or numerical limits from regulation
  • Whether a specific institution type or product is in scope

Risk: The model generates a plausible figure. It doesn't signal whether that comes from training patterns or actual statutory text.

Novel regulatory interpretations

  • Emerging guidance with little coverage in training data
  • Jurisdiction-specific rules under-represented in training
  • Interplay between two regulatory frameworks

Risk: The model interpolates from adjacent patterns. The answer sounds authoritative but may be legally unsupported.

Multi-step chains without review at each step

  • Step 2 output used as Step 3 input without verification
  • Early factual error compounded through later reasoning steps
  • A reasoning model that reasoned carefully to a wrong conclusion

Risk: Final output looks thorough. The error is buried in step 2. Review each step — not just the conclusion.

AI-Native Compliance Committee · AI Foundations: Demystifying AI
LESSON 1

Takeaways

Four rules that follow directly from the mechanics — not best practices, but consequences

01

Completeness over conciseness

Provide the rule text, the facts, and the decision criteria — don't assume the model knows them. Dangerous prompts are the ones that leave out constraints.

02

Predicting, not retrieving

For any factual claim — a citation, a threshold, a date — verify against the primary source. The model's answer is its best prediction of what a correct answer looks like.

03

Context hygiene is a workflow discipline

In multi-step workflows, earlier outputs become context for later steps. Review each step before it becomes the foundation for the next one.

04

Confident ≠ correct

LLMs are trained on confident-sounding prose. Fluency is a flag to verify — not a signal of accuracy. Treat it like any unverified assertion before you act on it.

AI-Native Compliance Committee · AI Foundations: Demystifying AI
LESSON 1
Leave-Behind

Before you submit any compliance AI prompt

Click each item to check it off. The model can only work with what you give it.