Threat reports by the European Union cybersecurity agency ENISA were riddled with artificial intelligence (AI) hallucinations.
Two reports on cybersecurity threats, published in October and November, raised suspicions among researchers at the Westfälische Hochschule university.
They said that many of the passages seemed inconclusive, Heise Online reports, citing Der Spiegel.
When researchers clicked on links to cited sources, many didn’t work. In one of the ENISA reports, 26 out of 492 footnotes were incorrect.
While there are many reasons why links don’t work, such as changes in website structure, the researchers identified many errors typical of large language models (LLMs), including ChatGPT and Claude.
ENISA admitted that “human errors” had occurred and the AI had been allowed to make “minor editorial revisions.”
The Chaos Computer Club, Europe's largest association of hackers, has described the incident as "embarrassing," stating that ENISA should ensure the presence of independent expertise.
"If such sloppy work is done even in very superficial threat reports, it casts a very bad light on the institution," the organization’s spokesperson Linus Neumann told Der Spiegel.
The conversation on this topic is live. Join in the discussion.
With an annual budget of around €27 million ($31.5 million), ENISA is “dedicated to achieving a high common level of cybersecurity across Europe,” according to its website.
It isn’t the first major organization to have been caught using AI for producing reports that require extensive expertise.
Deloitte, a British consulting firm, has come under intense scrutiny twice after it was discovered that the company’s reports for the Australian and Canadian governments cited sources hallucinated by AI.
Unlock more exclusive Cybernews content on YouTube.
Your email address will not be published. Required fields are markedmarked