EY CANADA'S CYBERSECURITY REPORT RIDDLED WITH AI HALLUCINATIONS

EY Canada published a cybersecurity report that relied heavily on hallucinated citations, according to an investigation by GPTZero. The report contained numerous references to sources that either don't exist or were misquoted, suggesting the content was generated or heavily assisted by AI language models without proper verification. The investigation found that the majority of citations in the report could not be verified as legitimate sources. This includes references to studies, statistics, and expert quotes that appear fabricated or significantly distorted from their original context. The discovery highlights a growing concern in enterprise consulting and publishing: the use of generative AI tools without adequate fact-checking mechanisms. While AI can accelerate research and writing, the technology is known to confidently produce false information—a problem known as hallucination. EY Canada has not yet issued a public response to the findings. The incident reflects broader industry challenges as large organizations incorporate AI into their workflows without establishing rigorous verification standards. The investigation gained attention on Hacker News, where it accumulated 224 points and 97 comments, with users discussing the implications for enterprise consulting credibility and the risks of deploying AI-generated content without human oversight. This incident follows similar cases where organizations have published AI-generated content containing errors and fabrications. As generative AI becomes more prevalent in professional settings, the need for robust quality assurance processes becomes increasingly critical, particularly in reports intended to inform business decisions and security practices.