A flagship cybersecurity report from one of the world’s largest accounting firms appears to be largely AI-generated, complete with invented sources and fabricated numbers. According to Hacker News, researchers analyzing EY Canada’s “Points of Attack” report found it riddled with the classic fingerprints of large language model output: fake statistics, misattributed quotes, and claims that contradict each other within the same document.
This isn’t a small consultancy cutting corners. EY is one of the Big Four. When a firm that sells trust and rigor ships a report where the citations don’t hold up, that’s a problem worth paying attention to.
What the analysis found
The researchers behind the review have been studying AI-generated text for a while. In earlier work on academic conference submissions, they noticed a specific pattern: authors using AI mainly to generate and format their references. The result was papers with what they call “vibed citations” sources that look plausible but were never real while the surrounding prose still read as mostly human.
EY’s report is worse on that scale. As detailed in Hacker News, the team said it was harder to find a human fingerprint in “Points of Attack” than in a human-written LinkedIn post. The text doesn’t just scan as machine-made. It carries the errors that come with unedited LLM output:
- Fake statistics numbers presented as research findings with no real source behind them.
- Misattributions quotes and claims pinned to people or studies that didn’t say them.
- Internal contradictions statements in one section that clash with statements in another.
Why this matters
Hallucinated citations are the single most documented failure mode of large language models. The model produces a confident, well-formatted reference to a study, a statistic, or an expert, and the reference simply doesn’t exist. We’ve seen this blow up in court filings, where lawyers cited cases that were never decided. Now it’s showing up in a paid cybersecurity report from a major firm.
What stands out here is the setting. A security report is supposed to be the careful kind of document. People read it to make decisions about risk, spending, and defense. If the underlying citations are fabricated, the recommendations sitting on top of them lose their footing. Readers can’t tell which claims are grounded and which the model invented.
There’s also a trust gap. Clients pay Big Four firms specifically for diligence. Publishing a report that reads as raw AI output, with no human fact-check between the model and the page, suggests the review step got skipped entirely.
The bigger pattern
This fits a trend that’s been building across professional services. AI is fast and cheap for first drafts, and the temptation to ship those drafts with light editing is strong. The earlier academic-paper finding is the tell: people are leaning on AI hardest for the parts that look tedious, like formatting references and that’s exactly where hallucinations hide best. A fake citation is formatted identically to a real one. You only catch it if you check.
Detection is getting better, too. The same techniques that flag AI text in student essays and journal submissions now work on corporate reports. Firms that assume nobody will notice are betting against tools that are improving every month.
What to watch
A few things to expect from here:
- More scrutiny of published reports. Expect researchers and journalists to start spot-checking citations in vendor and consultancy output the way they already check legal filings.
- Verification becomes the differentiator. Firms that can prove a human checked every source will have an edge over those shipping unverified AI drafts.
- Internal policy tightening. Look for organizations to add citation-verification steps before anything goes out under their name.
The lesson isn’t that AI has no place in research writing. It’s that the cheap part, formatting and references, is the dangerous part to automate without a check. If a global firm can ship a report this flawed, smaller shops doing the same thing are almost certainly out there too.
For the full breakdown of the analysis, the original discussion is worth a read at the source.