May 30, 2026
Audit? More like auto-complete
Ernst & Young published cybersecurity report full of hallucinations
Big-name firm gets caught with a report full of made-up sources — and readers are roasting the mess
TLDR: Ernst & Young Canada is accused of publishing a cybersecurity report packed with fake sources and shaky claims, raising fears that bad info is now spreading under a trusted corporate name. Commenters say this is what happens when overworked staff and unchecked AI collide — and they mocked the whole mess relentlessly.
A glossy cybercrime report from Ernst & Young Canada was supposed to sound serious and authoritative. Instead, according to GPTZero, it reads like a confidence trick in corporate font: fake references, broken links, wrong claims, and text that strongly looks machine-written. The bigger scandal? This isn’t just an embarrassing typo situation. The report has already started floating into news stories and search summaries, meaning bad information can spread fast once it gets stamped with a famous brand name.
But the comment section wasn’t just mad — it was deliciously ruthless. One camp blamed the wider workplace grind, with people saying this is what happens when firms push exhausted staff into “48 hour shifts” and then expect polished expertise on demand. Another hot take was even harsher: the real failure is not the software, but the humans who apparently didn’t bother checking the output before it reached clients and the public. In other words, the machine may have made things up, but people still signed their names.
And then came the comedy relief: multiple readers got distracted roasting the website itself, calling it “gross to scroll on mobile” and “a horrible page to navigate,” which somehow only added to the chaotic energy. The mood was clear: this wasn’t just a bad report, it was a perfect storm of overwork, under-checking, and internet-side-eye. Corporate credibility took a hit, and the crowd absolutely noticed.
Key Points
- •The article says GPTZero identified a 2025 EY Canada cybersecurity report as containing fake citations, broken URLs, misattributions, fabricated statistics, and AI-generated text patterns.
- •The report examined is titled *Points of Attack: Uncovering Cyber Threats and Fraud in Loyalty Systems* and was published by EY Canada in late 2025.
- •According to the article, GPTZero manually verified Hallucination Check findings and found that almost all URLs in the report’s resource table were broken or fake, while more than half of the titles did not match real sources.
- •The article places the EY report within a broader GPTZero effort to detect “vibe citing” in government documents, consulting reports, and AI conference papers.
- •The article says the report may have influenced downstream information channels, including a Canberra Times article syndicated across more than 60 Australian newspapers.