By ByteBot
On May 14, 2026, a three-person team at GPTZero published the results of a forensic review of EY Canada’s cybersecurity report, “Points of Attack: Uncovering Cyber Threats and Fraud in Loyalty Systems.” Their count: 16 of the report’s 27 cited sources were fabricated, misattributed, or pointed to dead URLs. EY pulled the report the same day. The part that keeps getting worse — Claude, ChatGPT, and Perplexity already surface hallucinations from this report in their responses, and retraction doesn’t fix that.
What the AI Hallucinations Investigation Found
GPTZero researchers Om Ogale, Paul Esau, and Alex Cui manually verified every citation in EY Canada’s 44-page report. Their findings were damning. A cited McKinsey “Loyalty Economics Report (2022)” doesn’t exist in any McKinsey archive or database. Two referenced WIRED articles return broken URLs with no matching pieces in WIRED’s records. A Forbes article was attributed to a real contributor — the article itself was fabricated. A Gartner document cited in the report doesn’t exist in Gartner’s database.
The internal contradictions are equally striking. On page 4, the report values the global loyalty market at $200 billion. On page 10, unredeemed loyalty points alone are also valued at $200 billion — a figure that’s mathematically incompatible with the report’s own claim that 30-50% of points go unredeemed. The same statistic (“72% of loyalty programs reported theft or fraud”) was attributed to two different sources, neither of which appears in the reference table. That’s not a proofreading error; it’s a hallucination generating its own citations.
EY’s response: pull the report and state commitment to “the responsible use of AI.” The report was not client-related work, the firm added. EY’s brand, meanwhile, had already done its job as a trust proxy — organizations, media, and downstream AI systems had consumed the report as credible expert analysis before the retraction landed.
The Contamination Is Already Spreading
This is the part that elevates the story beyond a PR crisis for EY. The report was syndicated across 60-plus Australian newspapers, indexed on high-traffic websites, and absorbed into AI training and retrieval systems before GPTZero published its findings. When the investigation team tested Claude, ChatGPT, and Perplexity after the retraction, all three surfaced hallucinations from EY’s document in their responses.
GPTZero’s team framed the mechanism clearly: “Publishing a report online is essentially a form of data injection into the pool of knowledge that is the internet. When the report includes fake information it can poison the well by misleading future researchers.” The source laundering element makes it worse. A fake McKinsey statistic first appeared in an obscure financial IT blog. EY cited that blog, elevating the fabrication to Big Four authority. The stat now circulates with EY’s name attached. Retraction can’t undo what’s already in training corpora and retrieval indexes.
Related: Illinois SB315: America’s First AI Safety Audit Law for Developers
Consulting Reports and AI Hallucinations: A Growing Pattern
EY Canada is the most prominent case in this trend, but not the first. Deloitte Australia submitted a $440,000 government report in July 2025 with fabricated academic references and an invented Federal Court quote. Azure OpenAI GPT-4o was used in drafting the document. The Australian government received a $291,000 partial refund. Deloitte’s defense: “the overall thrust of its guidance hadn’t changed.” Sullivan & Cromwell acknowledged hallucinations in federal bankruptcy court filings. GPTZero’s team identified six consultancy reports with systemic hallucinations before the EY case alone.
The pattern suggests something structural. Consulting review processes were built around human-generated research. Reviewers historically checked argument quality — not whether the underlying citations exist. AI-generated content passes that review because it reads well and cites plausible-sounding sources. The three controls that would have caught EY’s failures — URL verification, source existence checks, AI output validation — aren’t part of standard consulting workflows. GPTZero’s team found every fabrication in three days using available tools. EY’s own review process, with far more resources, missed all of them.
What Organizations Should Do Now
Three controls, any one of which would have stopped the EY report from shipping: verify that every cited URL resolves, check that every referenced publication exists in its supposed source’s archive, and apply a hallucination detection pass — tools like GPTZero’s are widely available — before distributing AI-assisted content externally. These aren’t high-cost interventions. The check that would have caught a fake McKinsey citation takes seconds: search McKinsey’s website for the report title.
For developers integrating enterprise AI content into downstream systems — RAG pipelines, knowledge bases, security tooling — the implication is direct: treat external reports as untrusted inputs until source integrity is verified. High-authority brands are not a verification substitute. EY’s brand was the verification. Three researchers in three days proved it wasn’t.
Key Takeaways
- EY Canada’s cybersecurity report had 16 of 27 citations fabricated or broken — more than half its sourced evidence didn’t exist.
- The contamination can’t be undone: Claude, ChatGPT, and Perplexity surface hallucinated EY data even after the retraction.
- This is a pattern: Deloitte Australia, Sullivan & Cromwell, and six-plus other consulting reports had the same problem in the past year.
- Consulting review processes weren’t designed to catch AI hallucinations — they check argument quality, not source existence.
- Any of three basic controls — URL checks, source existence review, AI validation — would have caught these failures before publication. None were applied.
