An investigation by GPTZero found that a cybersecurity report from Ernst & Young Canada contains numerous fake citations and fabricated statistics. The 44-page document, Points of Attack: Uncovering Cyber Threats and Fraud in Loyalty Systems, appears to be largely AI-generated and includes references to non-existent sources like a fabricated Forbes article and a phantom McKinsey report.

The report makes bold claims about a $200 billion global loyalty market, but contradicts itself by later stating this figure represents unredeemed points rather than total market value. GPTZero's Hallucination Check tool identified that most URLs in the reference table are broken or fake, with over half the titles not corresponding to real sources. Similar citation problems have appeared in government publications and other major consulting firm reports.

These 'vibe citations' pose a serious risk to information integrity, especially as AI research tools increasingly rely on published reports for training data. The EY report gained wider circulation when referenced in a Canberra Times article syndicated to over 60 Australian newspapers, demonstrating how AI-generated misinformation can spread through reputable channels.

GPTZero's analysis reveals that vibe citing has become endemic even among major consulting firms. The investigation highlights how AI slop contaminates the digital knowledge pool, potentially misleading both human researchers and AI systems that depend on accurate source material for their outputs.