EY Canada published a cybersecurity report and most citations were hallucinated

Investigations PE AC Om Ogale , Paul Esau , Alex Cui MAY 14, 2026 Copy link Earlier this year, an engineer at GPTZero coined the term “vibe citing” to describe the accidental creation of fake references via LLM hallucinations. It turns out that the friction of creating and checking citations is leading many researchers, consultants, lawyers, and public officials to embrace the vibe (if you know what we mean). Among the converts are the authors of a 2025 Ernst & Young report titled Points of Attack: Uncovering Cyber Threats and Fraud in Loyalty Systems. This report, stuffed with fake citations and inaccurate claims, is surfacing in newspapers, blog posts, and AI search overviews, poisoning the data that both human researchers and AI agents rely on. GPTZero began targeting vibe citations with our Hallucination Check tool in 2025, which we used to further investigations into a government publication, two different Deloitte reports , and prestigious machine learning / artificial intelligence conferences like NeurIPS and ICLR . Over the past few months we've set up an automated pipeline to search for vibe citations by finding and scanning public reports from major consulting firms. What we've found suggests that the vibe citing epidemic is already endemic, even among the major players. Instead of releasing our results all at once, we're going to focus on one report at a time. This approach both prevents individual examples being overlooked and allows us to illustrate the negative impacts of vibe citing on research quality and public trust. EY Tower, Toronto — as seen from GPTZero’s office On the menu: Ernst & Young (EY) Ernst & Young is one of the “big four” global consulting firms, providing accounting and consulting services to governments and private entities from 150 offices around the world. The Canadian member firm (EY Canada) provides millions of dollars of services to the Canadian government annually. In late 2025, EY Canada published a