Ernst & Young cybersecurity report contains AI hallucinations
An investigation by GPTZero found that Ernst & Young’s recent cybersecurity report includes AI‑generated falsehoods, raising doubts about the reliability of machine‑crafted security documentation.
Ernst & Young has released a cybersecurity report that contains AI‑generated hallucinations, according to an investigation by GPTZero [GPTZero]. The analysis shows that sections of the document were produced by large language models and include statements that cannot be verified, such as fabricated vulnerability descriptions and misquoted industry standards.
What shipped
The report’s AI‑written portions appear alongside traditional analysis, but the investigation identified multiple passages that are factually incorrect. Because the report is marketed as an authoritative guide for risk management, the presence of unverified claims threatens the credibility of the entire publication.
Why it matters
Inaccurate security guidance can lead organizations to allocate resources to non‑existent threats, ignore real vulnerabilities, or implement ineffective controls. When engineers trust AI‑generated content without independent verification, the risk of mis‑informed decisions rises sharply. The incident also underscores the need for firms to establish rigorous fact‑checking pipelines for any AI‑assisted output, and it puts pressure on regulators to define standards for AI use in security documentation [GPTZero].
The findings highlight a clear gap between the promise of AI‑assisted writing and the practical demands of cybersecurity, where precision is non‑negotiable.
Subscribe to the broadcast.
Daily digest of the day's most important tech news. No fluff. Engineering signal only.
// delivered via substack · double-opt-in confirmation