The recent withdrawal of a major report by EY Canada after researchers uncovered a string of blatant AI hallucinations is more than just another tech embarrassment story. It is a stark warning sign for every enterprise currently rushing to scale generative AI across business operations.1

The report, titled Points of Attack: Uncovering Cyber Threats and Fraud in Loyalty Systems, was found to contain fabricated statistics, broken references, fake URLs, and even a completely made-up McKinsey study. Researchers from GPTZero accurately labeled the phenomenon as “vibe citing,” warning that publishing hallucinated information online risks poisoning the digital well for future data models and decision-makers alike.2

Unfortunately, EY is far from an isolated case. Deloitte previously had to revise a Canadian government report due to fake academic citations.3 Similarly, elite law firm Sullivan & Cromwell was forced to apologize to a New York court after AI-generated legal inaccuracies made their way into official filings.4

Across every industry, organizations are hitting the same uncomfortable roadblock: AI adoption is accelerating far faster than operational control.

The Core Failure of Modern AI Governance

The underlying crisis here isn’t simply that large language models can generate incorrect information. The deeper issue lies in how enterprises approach risk. Most organizations still treat AI governance as an exercise in high-level ethics, static compliance frameworks, and theoretical policy documents.

But policies don’t validate citations. Principles don’t detect hallucinations. And a high-level framework cannot produce the audit-ready evidence required when a model goes off the rails.

AI risk does not exist in theory; it exists inside real, daily deployments. A hallucinated fact in a rough internal draft is a minor inconvenience. That same hallucinated fact published under the brand of a global consulting firm or embedded in a financial model becomes a catastrophic governance failure, a massive reputational liability, and a compliance nightmare.5

The Operational Reality Gap

To bridge this gap, organizations must move away from philosophical alignment and focus on operational control. This requires moving past abstract ideas and answering highly specific, transactional questions across every department:

  • Which AI systems are interacting with which workflows?
  • What are the deployment-specific risks regarding data privacy, accuracy, and compliance?
  • Where are the human-in-the-loop validation checkpoints before an output is executed or published?
  • Who owns ultimate accountability for a model’s output, and what immutable evidence proves that the mandatory safety controls were actually followed?

Today, the vast majority of enterprise leaders cannot answer these questions consistently. Trust in AI cannot be achieved by relying on the model itself; it must be engineered through the governance, assurance, and measurable controls wrapped around the deployment of that system.

Bridging the Gap with Operational AI Assurance

True enterprise AI maturity requires an operational layer that translates static risk policies into concrete, automated workflows. This shift toward operational AI assurance means defining precise validation benchmarks for AI outputs, identifying specific legal and performance risks, and establishing continuous monitoring systems to ensure controls remain effective over time. Without this layer, corporate AI governance remains a paper tiger—one that quickly tears apart the moment AI touches real-world business processes.

At AIQURIS, we engineered our core solutions, Risk+ and Control+, precisely to solve this problem. We help enterprises move beyond static compliance checklists and transition into a model of structured, evidence-based AI Quality and Risk Management.

By deep-diving into the unique risks of individual AI applications, automating review processes, and generating audit-ready verification trails, AIQURIS turns theoretical safety into operational certainty.

The Strategic Choice for Enterprise Leaders

The fallout from the EY incident is a loud signal of a systemic vulnerability. It highlights exactly what happens when technical capabilities outpace operational assurance.

The definitive question for modern organizations is no longer whether an AI system will fail or hallucinate—it eventually will. The real question is whether you have the controls, accountability structures, and evidence systems necessary to catch those failures before they become public headlines.

While most companies are still relying on policies to protect them, market leaders understand that AI trust is never automatic. It must be engineered, validated, and continuously demonstrated. The organizations that embrace true operational control today will scale their AI capabilities with confidence, while competitors remain paralyzed by compliance exposure and lost reputation.

Sources

  1. Financial Times, “EY retracts study after researchers discover AI hallucinations” (May 2026) https://www.ft.com/content/a61cbcae-95e4-4449-86e1-ef40fb306f4e?utm_source=chatgpt.com&syn-25a6b1a6=1 ↩︎
  2. International Accounting Bulletin, “EY removes loyalty rewards study after AI hallucinations found” (May 2026) https://www.internationalaccountingbulletin.com/news/ey-removes-loyalty-rewards-study-after-ai-hallucinations-found/ ↩︎
  3. CTV News, “Deloitte report for Newfoundland government found to have apparently false citations” (November 2025) https://www.ctvnews.ca/canada/newfoundland-and-labrador/article/deloitte-report-for-newfoundland-government-found-to-have-apparently-false-citations/ ↩︎
  4. The Global Legal Post, “Sullivan & Cromwell apologises for AI hallucinations in letter to US court” (April 2026) https://www.globallegalpost.com/news/sullivan-cromwell-apologises-for-ai-hallucinations-in-letter-to-us-court-1300253238 ↩︎
  5. International Accounting Bulletin, “EY removes loyalty rewards study after AI hallucinations found” (May 2026) https://www.internationalaccountingbulletin.com/news/ey-removes-loyalty-rewards-study-after-ai-hallucinations-found/ ↩︎