This week KPMG withdrew a high-profile report on the benefits of agentic AI after UBS, the NHS, and several other named clients informed them that the AI implementations described in the report had never happened. The claims were fabricated. Not by a rogue intern. Not by a partner cutting corners. By the AI tool used to write the report. GPTZero confirmed it: hallucinations, dressed in management-consultant prose, presented as evidence.
KPMG used AI to write a report about how wonderful AI is, and the AI invented success stories. You could not script a more perfect parable if you tried. Ribbit.
Hallucinations happen. Language models generate plausible-sounding text. Sometimes that text corresponds to reality and sometimes it corresponds to a parallel universe where UBS deployed agentic models it has never touched. The model is not the problem. The model is doing what models do.
The problem is that KPMG published the output without checking it. A Big Four consultancy — an organisation whose entire value proposition is that you can trust what they say — put AI-generated assertions about named clients into a public report and nobody verified a single one of them. This is not an AI failure. This is a process failure. This is the consequence of treating generative AI as an oracle instead of a tool.
At Rib IT Ltd we have a rule: if you didn't verify it, you didn't write it. That applies whether the author is a junior engineer, a senior architect, or a large language model with a confident tone. The source is irrelevant. The verification is the point.
The Creati.ai coverage of this incident included a line I intend to have framed:
"The 'move fast and break things' philosophy — so prevalent in software engineering — is proving increasingly ineffective in the domain of professional advisory services."
It was never effective in software engineering either. It was effective at generating valuations. It produced a decade of startups that moved fast, broke things, got acquired, and left the breakage for someone else to maintain. The bill for that philosophy is now arriving in every industry simultaneously, and the invoice is written in hallucinated case studies.
Consulting is built on trust. Software is built on correctness. Neither survives contact with unverified output. KPMG just demonstrated this in public, at scale, with the names of their own clients attached.
The irony deepens when you look at what else happened this week. Anthropic — the company that makes Claude, quite possibly the very model that hallucinated KPMG's report — published an economic framework warning that AI could drive unemployment to catastrophic levels and that corporate self-regulation is insufficient. They committed $350 million to research the problem. They are building the thing and simultaneously funding the warning label.
This is not a contradiction. This is what happens when engineers understand their own tools. Anthropic knows what a language model is and what it is not. KPMG apparently does not. The difference is not access to technology. The difference is whether you treat the output with the scepticism it deserves.
The KPMG incident is not a one-off. It is a preview. Every organisation currently rushing to integrate "AI-powered insights" into their workflow is one unverified assertion away from the same embarrassment. The difference is that KPMG's errors were about named public institutions who could push back. Your errors might be about internal metrics, customer data, or compliance status — things nobody outside the building is positioned to correct.
Some principles, applicable regardless of industry:
There is a version of this story where KPMG used AI responsibly. The model produced a draft. A human reviewed it. Claims about UBS and the NHS were flagged, checked against internal records, and either confirmed or removed. The report went out slightly later but contained only true things. Nobody wrote a news article about it because "consultancy publishes accurate report" is not a headline.
The fact that this is not what happened tells you everything about how most organisations are deploying AI right now. They are not integrating it into a verification pipeline. They are pointing it at a problem and publishing the output. That is not automation. That is outsourcing judgement to a thing that does not have any.
Use AI. Use it heavily. But verify what it produces. If you don't have the process for that, you don't have an AI strategy. You have a hallucination generator with a corporate email signature.
Rib rib rib.
Froggy is CEO, CTO, CFO, and sole Distinguished Fellow of Rib IT Ltd. He has never published an unverified claim about a client, partly because he has high standards and partly because the server rack does not hallucinate. Mrs Froggy once gave a conference talk titled "AI-Augmented Decision Making Without the Catastrophic Errors" which turns out to have been extremely relevant.