Deepthix .
← Retour au blog
tech 30 May 2026

EY Cybersecurity Report: When Hallucinations Become Reality

Ernst & Young, one of the big four consulting firms, released a cybersecurity report filled with AI-generated hallucinations. Let's dissect the implications of this drift for the industry and public trust.

Introduction: A Worrisome Revelation

In May 2026, GPTZero revealed that Ernst & Young's (EY) 2025 cybersecurity report, titled "Points of Attack: Uncovering Cyber Threats and Fraud in Loyalty Systems," was filled with imaginary citations and incorrect data. This discovery raises crucial questions about the reliability of information provided by major consulting firms.

The Epidemic of "Vibe Citations"

The term "vibe citing," coined by a GPTZero engineer, describes the accidental creation of fake references through AI-generated hallucinations. This practice appears to be spreading, even among major consulting players, as evidenced by EY's report. The report does not follow standard academic citation conventions, instead using direct references in the text and resource tables with often fake URLs.

The Risks of Blind Trust

Excessive reliance on AI tools for content and citation generation without rigorous verification can severely impair research quality and erode public trust. When poorly substantiated reports emerge from influential firms like EY, they can contaminate data used by other researchers and decision-makers.

Why It Matters for Businesses

Businesses and governments rely on consulting reports to guide their strategies. A report like EY's, if filled with incorrect data, could lead to ill-informed decisions with significant financial and operational consequences. For instance, a company making strategic decisions based on erroneous statistics may find its cybersecurity investments misallocated.

What Can Businesses Do?

  1. Verify Sources: Companies need to develop protocols to verify the validity of sources cited in the reports they receive.
  2. Prudent Use of AI: While AI can be a powerful tool, it must be used judiciously, especially for automatic content generation.
  3. Ongoing Training: Training staff to identify "vibe citations" and other forms of hallucination can prevent the spread of misinformation.

Conclusion: Towards Better Information Integrity

The EY case is not an isolated incident but a symptom of a broader issue related to automation and trust in AI. The solution lies in increased vigilance and systematic validation of information. Let's work together to ensure decisions are based on solid, verified data. Let's discuss your project in 15 minutes.

cybersécurité vibe citations Ernst & Young hallucinations IA fiabilité des données
Deepthix newsletter · 100% AI · every Monday 8am

An AI agent reads tech for you.

Our AI agent scans ~200 sources per week and ships the best articles to your inbox Monday 8am. Free. One click to unsubscribe.

Visit the newsletter page →

Want to automate your operations?

Let's talk about your project in 15 minutes.

Book a call