Evaluate AI governance and compliance platforms building the verification and audit infrastructure that prevents AI output failures before they ship.
Submit an Inquiry
In late 2025, EY Canada published a 44-page cybersecurity report titled Points of Attack: Uncovering Cyber Threats and Fraud in Loyalty Systems. It was credited to two partners and a senior manager. It was circulating in client briefings and being used by EY consultants in Canada to promote their cybersecurity services. It had a professional cover, a resources table on pages 41 through 43, and the EY brand behind every claim it made.
Then three researchers at GPTZero — Om Ogale, Paul Esau, and Alex Cui — chased down every citation in it. They published their findings on May 14, 2026. EY pulled the report offline the same day and launched an internal review. What the GPTZero team found was systematic, specific, and documented in detail that is worth reading slowly.
Almost all of the URLs in the report's resource table were broken or pointed to pages that don't exist. More than half the source titles don't correspond to real publications. A McKinsey report cited as evidence of a $200 billion loyalty market has never existed in any McKinsey archive, database, or official publication. A Gartner document cited in the report does not exist. Two separate Wired articles cited in the report return 404 errors — the pages were never there. The report was used to sell enterprise cybersecurity services. The evidence supporting it was fabricated.
44 Pages in EY Canada's Points of Attack report — used to sell cybersecurity services
72% AI-generated content detected by GPTZero across the full document
8+ Footnotes linking to pages that do not exist or never contained the cited information
A Big Four Firm Published Research on Fraud
The irony here is direct and worth stating plainly. EY Canada published a report about fraud in loyalty programs. The report itself contained fabricated evidence. The firm that audits the internal controls of some of the largest organizations on earth shipped a document whose internal controls — citation verification, factual review, source confirmation — had apparently not been applied before publication.
The report argued that loyalty programs are significant targets for cyberattacks and fraud. That premise is probably true. The problem is that almost every piece of evidence the report offered to support it was invented. The resource table on pages 41 through 43 — the section of any research report where you go to verify the claims — was a list of sources that largely do not exist at the URLs provided, under the titles given, from the publishers named.
"This report, stuffed with fake citations and inaccurate claims, is surfacing in newspapers, blog posts, and AI search overviews, poisoning the data that both human researchers and AI agents rely on."
Om Ogale, Paul Esau, and Alex Cui
GPTZero Investigation, May 14, 2026
GPTZero runs an automated pipeline scanning public reports from major consulting firms for what their team calls "vibe citations" — a term coined by one of their engineers to describe the accidental creation of fake references through AI hallucination. The EY report was one of their targets. What they found was worse than a few broken links.
Every Citation Was Chased Down. Here Is What Was Actually There
The GPTZero team used their Hallucination Check tool and then manually verified every result. One member of the team confirmed each finding by hand before it was published. The results were specific enough to be reproduced independently — which is what makes this investigation credible rather than just damaging.
Cited Source | What EY Claimed | What GPTZero Found |
|---|---|---|
McKinsey & Company — Loyalty Economics Report (2022) | Estimates $200 billion in unredeemed loyalty rewards globally | Hallucinated Report does not exist in any McKinsey archive or database |
Gartner Market Trends — Loyalty Fraud | Strategic guidance on fraud evolution in digital loyalty programs | Hallucinated Document does not exist. URL resolves to the Gartner homepage |
Forbes — The $200 Billion Loyalty Economy | Business case for loyalty programs as financially significant digital assets | Hallucinated URL broken. No matching Forbes article by the named author exists |
Wired — AI Voice Deepfakes Targeting Call Centers | Explains how attackers use AI-generated voices to exploit customer service | Hallucinated URL returns 404 error. No Wired article exists at this path |
Wired — API Security Gaps | Exploration of overlooked API vulnerabilities in consumer-facing services | Hallucinated URL returns 404 error. No Wired article exists at this path |
Cisco Talos — API Attacks on Retail | Insights into insecure API exploitation in commerce and loyalty systems | Hallucinated URL returns 404 error. Cisco Talos has no blog post at this path |
BleepingComputer — Airline Loyalty Breach | Report on credential stuffing attacks compromising airline loyalty accounts | Hallucinated URL returns 404. Article removed or never existed at this path |
The statistics in the report had their own problems beyond the citations. On page four, the report states the global loyalty points market is worth $200 billion, with 30 to 50 percent of those points going unused. On page ten, the $200 billion figure reappears — but this time as the estimate of unredeemed loyalty points specifically, not the total market value. Two completely different things, same number, in the same document. The arithmetic required to make both claims true simultaneously would put the total loyalty market at over $400 billion. No citation supports either version.
The McKinsey Citation Trail
GPTZero traced the fabricated McKinsey citation back to its likely origin: a blog post on an obscure UK fintech publication called Financial IT, published six months before the EY report. That blog post cited "McKinsey & Company: Loyalty Economics Report (2022)" — a report that does not exist. The language in the EY report is nearly identical to the Financial IT blog. The fabricated McKinsey citation appears to have been laundered from a low-quality blog post into a Big Four publication without anyone checking whether the original source was real.
Three Controls Failed Simultaneously
Every other publication covering this story is framing it as an AI hallucination problem or a Big Four embarrassment. The governance reading is different — and more useful for organizations trying to avoid the same outcome.
Three specific controls had to be absent simultaneously for this report to ship under EY's name. The content creation process had no verification step for citations before the draft was considered complete. The review process — if one existed — did not include checking whether the sources cited actually existed at the URLs provided. The publication process had no AI output validation gate before the report went live on EY Canada's website. Any single one of those three controls, applied at any point before publication, catches this before it ships.
GPTZero's team found the problems in a document that was already public, already circulating in client briefings, and already being referenced in at least one article syndicated to more than 60 newspapers across Australia. The verification that should have happened internally before publication happened externally after it — by three researchers with a tool that's available to anyone.
"Now, more than ever, it's crazy to accept citations on faith — even those from a reputable source like Ernst & Young."
GPTZero Investigation Conclusion — May 14, 2026
The governance parallel to the Workday lawsuit is direct. Workday had a governance program in place. The documentation was complete. The monitoring dashboards showed green. The system was still producing discriminatory outcomes because the accountability layer — the human review process that was supposed to catch what the system was doing — was never built. EY had a review process in place. The report had named authors. The publication had EY's brand on it. The citations were still fabricated because the verification layer — someone actually checking whether the sources existed — was never applied. Same failure mode. Different context. Same outcome: a documented gap between what the governance documentation claimed and what the operational reality was.
The Report Is Gone Yet The Hallucinations Are Still Out There
EY pulled the report offline as soon as GPTZero's findings went public. That's the right response and it happened quickly. But pulling the report doesn't undo the damage the report already caused — and GPTZero documented that damage specifically.
"Publishing a report online is essentially a form of data injection into the pool of knowledge that is the internet. When the report includes fake information it can 'poison the well' by misleading future researchers, especially if the report is published by a well-known consulting firm and hosted on a high-traffic website."
GPTZero Investigation, May 14, 2026
GPTZero tested three major AI research tools — ChatGPT, Claude, and Perplexity — by asking what the average time to detect loyalty fraud is. All three surfaced hallucinations from EY's report in their responses. The fabricated data had already been indexed. It was already being treated as authoritative by AI systems that were trained or prompted on content from EY's website. Those AI responses are now being read by people who don't know the source has been retracted. The hallucination propagated before the retraction landed.
This is the compliance exposure that makes the story relevant beyond the embarrassment. An organization that used EY's report in a board presentation, a regulatory filing, or a client briefing before the retraction now has fabricated evidence in a document they've already distributed. That's not a theoretical risk — the report was syndicated to more than 60 newspapers in Australia alone. It was being used by EY consultants in client conversations. The organizations that received those briefings may not know the underlying research was retracted.
Just as Delve Fabricated Compliance Documentation, EY Fabricated Research Citations
Delve was a $300 million compliance startup that produced SOC 2 reports with pre-written auditor conclusions — conclusions generated before clients submitted a single piece of evidence. 493 out of 494 reports used identical boilerplate. Y Combinator removed them. Their lead investor deleted the announcement.
The Delve failure and the EY failure are structurally identical. AI was used to produce documents faster than the human verification layer could catch what the AI got wrong. The documents were then distributed as authoritative — Delve's as compliance certifications, EY's as cybersecurity research. Both were used to sell services. Both collapsed when someone ran a verification process that should have happened before publication.
The scale is different. The brand is different. The specific documents are different. The governance failure is the same: AI output was treated as publication-ready without a verification step between the AI's output and the reader's inbox.
What Having It Right Looks Like
A professional services firm using AI to assist with research production applies three controls before any document that cites external sources goes to publication. First, every URL in the document is checked against the actual page content — not just confirmed to resolve, but confirmed to contain the information the citation claims it contains. This is what GPTZero's Hallucination Check does, and it caught every fabricated citation in EY's report. It took three researchers a manageable amount of time. It could have been done by one person before the document shipped.
Second, every statistical claim is traced to a primary source — not a secondary blog post that cited a McKinsey report, but the McKinsey report itself. If the primary source cannot be located, the statistic does not appear in the published document without a disclosure that the source could not be independently verified.
Third, AI-assisted content is reviewed specifically for factual accuracy, not just readability and structure. A document that reads well and contains fabricated evidence is worse than a document that reads poorly and contains accurate evidence — because the readable version gets distributed, trusted, and cited before anyone discovers the problem.
GPTZero's Hallucination Check is not an enterprise compliance platform. It's a publicly available tool that three researchers used to systematically verify every citation in a 44-page document. The verification that would have prevented this entire situation was accessible before the report was published. The governance failure wasn't a lack of available tools. It was the absence of a process that required those tools to be applied before publication.
Our Take
AI Governance Take
EY's business is telling enterprises that their systems need to be auditable, verifiable, and accurate. That's the value proposition behind every audit, every advisory engagement, every cybersecurity assessment they sell. The specific irony of a firm that sells verification services publishing unverified AI output is significant — and the governance lesson goes further than the irony.
If EY Canada can publish a 44-page report with fabricated citations under two partners' names without a verification process catching it before publication, then the organizations reading EY's work, citing EY's work, and making decisions based on EY's work have to confront a straightforward question: what verification did they apply before trusting the source? The answer, for most organizations, is none. Because EY's brand was the verification. That's how reputational authority works — until it doesn't.
The AI output governance requirement isn't a problem only organizations with weaker brands need to solve. It's a requirement for every organization producing content that gets treated as authoritative — research, compliance documentation, audit reports, client briefings, board presentations. The verification infrastructure that catches hallucinations before publication exists. GPTZero built one version of it. The governance gap the EY story exposes is the absence of a requirement to use it. That requirement has to be built into the content production workflow, applied before the document ships, and confirmed by someone whose job it is to verify rather than produce. When it isn't, three researchers with a publicly available tool will find what internal review missed — after the document has already been distributed to clients, syndicated to newspapers, and indexed by AI systems that will cite it as authoritative for years.
