EY Canada published a cybersecurity report and most citations were hallucinated
GPTZero investigation found that over 60% of citations in EY Canada's 2025 loyalty fraud cybersecurity report were hallucinated.
Ernst & Young Canada's 44-page report "Points of Attack: Uncovering Cyber Threats and Fraud in Loyalty Systems" contains fabricated citations, misattributed statistics, and AI-generated text. GPTZero manually verified that most of the report's sources in its resources table have broken or fake URLs, and more than half the titles do not correspond to real sources. Key examples include a nonexistent Forbes citation supporting a $200 billion global loyalty market claim, a fake McKinsey report on unredeemed points, and a 72% fraud statistic attributed to multiple conflicting sources. The report was recently cited in a Canberra Times article syndicated to over 60 Australian newspapers. GPTZero warns that such "vibe citations" in publications by major consulting firms can poison the broader knowledge pool and mislead AI research tools that rely on web sources.
What HN community is saying
The dominant complaint is severe scroll hijacking that made the article nearly impossible to read on mobile and difficult on desktop. Users reported forced pauses, non-linear scrolling, and being thrown back to the top. Beyond navigation issues, commenters identified a systemic problem: AI output across professions is not being vetted by subject matter experts because knowledgeable staff are already overworked or have been laid off. One attorney noted that fact-checking AI output takes longer than writing from scratch. Several argued that starting with AI-generated content is fundamentally flawed for high-stakes work like legal documents or research reports, even when experts revise it.