EY has taken down a report on cyber risks in loyalty schemes after researchers said it contained fabricated data and false references apparently produced by AI, the Financial Times reported.
The study, Points of Attack: Uncovering Cyber Threats and Fraud in Loyalty Systems, had been used by EY consultants in Canada to promote cybersecurity services.
Go deeper with GlobalData
Access deeper industry intelligence
Experience unmatched clarity with a single platform that combines unique data, AI, and human expertise.
Research group GPTZero said the document cited a McKinsey report that does not exist, mixed up key figures and relied on sources that were either missing or irrelevant.
The report, in multiple instances, put the loyalty market at $200bn and then gave the same figure for unredeemed points, with no clarification.
GPTZero also found that more than six footnotes led to web pages that were unavailable or did not support the claims made, according to the publication.
In a blog post, GPTZero researchers Om Ogale, Paul Esau and Alex Cui wrote: “Publishing a report online is essentially a form of data injection into the pool of knowledge that is the internet.
“When the report includes fake information (either vibed citations or false claims) it can ‘poison the well’ by misleading future researchers, especially if the report is published by a well-known consulting firm and hosted on a high-traffic website.”
EY said it had removed the report and was examining how it was approved, adding that it was not tied to any client assignment.
“EY Canada takes the accuracy of all the content we publish seriously and we have an organisation-wide commitment to the responsible use of AI,” FT quoted the company as saying.
AI “hallucinations” have already led to revisions or apologies elsewhere in professional services. Deloitte amended a report for a Canadian provincial government last year after fake academic citations were identified.
