Toronto/New York — EY Canada has withdrawn a cybersecurity report after independent researchers identified what appeared to be extensive artificial intelligence-generated inaccuracies, including fabricated statistics, fake references, and non-existent citations.
The report, titled “Points of Attack,” focused on fraud risks and cybersecurity vulnerabilities within customer loyalty and rewards systems. However, concerns emerged after analysts and AI-detection researchers reportedly discovered major credibility issues in the document’s sourcing and factual references.
According to reports, AI detection company GPTZero analyzed the report and found that approximately 60% of its citations appeared to be fabricated, hallucinated, or unverifiable. Researchers claimed several referenced studies, footnotes, and supporting sources either did not exist or could not be traced to legitimate publications.
The controversy has intensified concerns about the growing use of generative AI tools in corporate research, consulting, and content production — especially in industries where accuracy and credibility are critical.
Following the backlash, EY removed the report from circulation and confirmed that it is reviewing its internal publication and quality-control procedures.
In a statement, the company acknowledged the issue and said it takes the integrity of its research publications seriously. EY added that it is conducting an internal review to better understand how the inaccuracies made it into the final published version.
The incident has quickly become one of the most high-profile examples of the risks associated with so-called “AI hallucinations” in professional and corporate environments.
AI hallucinations occur when generative artificial intelligence systems produce false, misleading, or entirely fabricated information while presenting it confidently as factual. Such errors can include invented quotations, non-existent studies, inaccurate statistics, and fake citations that appear legitimate at first glance.
As businesses increasingly integrate AI tools into research, analysis, report writing, and consulting workflows, experts have repeatedly warned that human verification remains essential — particularly for factual claims, academic references, legal materials, financial analysis, and cybersecurity reporting.
The withdrawn report reportedly examined how cybercriminals exploit weaknesses in airline miles, retail rewards, hotel loyalty accounts, and digital customer points systems. These systems have become increasingly attractive targets for fraudsters due to the high value of stored rewards and the large amount of customer data attached to such programs.
However, the report’s broader findings are now under scrutiny because of the questionable sourcing identified by reviewers.
The episode has sparked debate within the consulting and technology sectors about how companies should disclose AI involvement in published research. Critics argue that firms relying on AI-generated drafting tools must implement stricter editorial oversight, fact-checking systems, and citation verification before releasing public-facing documents.
Industry observers say the incident could damage trust in corporate white papers and consulting research if organizations fail to establish transparent safeguards around AI-assisted content creation.
The controversy also highlights the growing challenge facing professional services firms as generative AI becomes deeply integrated into workplace operations. While AI tools can significantly speed up research and drafting processes, experts caution that the technology still struggles with factual reliability and source verification.
Cybersecurity specialists noted that trust and credibility are especially important in reports dealing with fraud prevention, digital security, and risk management, where inaccurate information can potentially influence corporate decisions and public policy discussions.
The incident involving EY Canada may now serve as a warning case study for corporations worldwide on the importance of rigorous human oversight in the age of AI-generated content.
