%20top%20art%20052026%20SOURCE%20Best%20Buy.jpg "The Best Dyson Vacuums")
EY has withdrawn a cybersecurity report used by its Canadian consultants after researchers discovered fabricated citations, inaccurate statistics and apparent AI-generated content, raising fresh concerns about the use of generative AI across professional services firms.
The report, titled “Points of Attack: Uncovering Cyber Threats and Fraud in Loyalty Systems”, was removed from EY Canada’s website after research group GPTZero published an analysis last week identifying what it described as “misattributions, inaccurate statistics and AI-written text”. According to the researchers, more than 70 per cent of the report’s 27 citations were either fabricated, broken or incorrectly referenced.
GPTZero researchers Om Ogale, Paul Esau and Alex Cui wrote in a blog post that the document contained “common LLM errors like fake statistics, misattributions and internal contradictions”. They said citations attributed to publications and companies including Forbes, McKinsey, Gartner, TechCrunch and Wired either linked to non-existent webpages or did not support the claims being made.
The researchers found that the report repeatedly used a $200 billion estimate for both the global loyalty points market and the value of unredeemed loyalty points without explanation. GPTZero said one of the figures was attributed to a McKinsey report that did not exist and instead appeared to originate from a little-known fintech blog.
Ogale, Esau and Cui warned that inaccurate reports published by major firms could distort future research. “When the report includes fake information,” they wrote, “it can ‘poison the well’ by misleading future researchers, especially if the report is published by a well-known consulting firm and hosted on a high-traffic website.”
EY said it had removed the report and was examining how it had been approved. “EY Canada takes the accuracy of all the content we publish seriously and we have an organisation-wide commitment to the responsible use of AI,” the company said, adding that the study was not connected to any client work.
The incident adds to a growing list of AI-related errors across the professional services sector. The Financial Times reported that Deloitte revised a report prepared for a Canadian provincial government last year after fabricated academic references were discovered, while law firm Sullivan & Cromwell apologised to a New York court last month over incorrect legal citations in a filing.
Despite such incidents, major consulting firms continue to expand their use of AI tools. EY said in October that AI-related revenue had risen 30 per cent over the previous year and that 15,000 employees had worked on AI-focused client projects.
