Need support? Helpdesk: (780) 800-5528
Home / Insights & Resources / AI Risk Series / Wrong or mixed AI output

Risk 12 of 13 · AI Risk Series

Wrong AI outputMay 2026 • 8 min read

When AI sounds right but is wrong

The risky moment can look like a polished answer.

AI output can be confident and wrong at the same time. Polished drafts may carry invented citations, stale data, or details from another client.

Where it comes from Staff treat fluent, useful-looking AI output as verified and stop checking the facts the deliverable depends on.
What the business loses Trust with clients, customers, or regulators when wrong AI material appears in deliverables and the firm cannot say what was checked.
What ends it Verification proportional to consequence, plus a reviewer who can name the claim, the source that proves it, and what happens if it is wrong.
← Series introduction Article 12 of 13

The risky moment can look like a polished answer.

The draft reads cleanly, uses the right tone, and includes numbers and citations that look reasonable enough for a capable person to have written.

That polish is why the mistake survives.

AI output can be wrong without looking wrong.

It can invent sources, misstate dates, mix one client's details into another client's draft, summarize away the clause that matters, or present stale information as current. If staff treat the output as an answer instead of a draft, the business can carry that error into client work, sales material, legal review, financial planning, customer support, or management decisions.

What the risk is

This risk is business reliance on AI output that appears correct and is later found wrong.

The output may include:

  • Invented facts, numbers, sources, or citations.
  • Real-looking report titles, authors, dates, or quotations that do not exist.
  • Stale information presented as current.
  • A summary that misses the one detail that changes the answer.
  • One client's wording, context, or confidential detail appearing in another client's draft.
  • Customer-facing AI answers that are confident but wrong.
  • AI-generated content used commercially without clear review of provenance, rights, or originality.

The defining issue is that AI can sound confident without being correct. Large language models generate plausible text, and the facts still need to be proven elsewhere. They may produce a citation-shaped sentence, a source-shaped title, or a number-shaped answer because that is the pattern the prompt asks for.

The safer business habit is to treat AI output as a draft that still needs verification.

This is separate from Prompt injection. Prompt injection is an attack that manipulates the AI. This article is about ordinary output failure where no attacker is involved.

It is also separate from Insider misuse. If an employee intentionally uses AI to fabricate, impersonate, or cover wrongdoing, that is insider misuse. Here, the staff member is trying to do legitimate work but trusts the output too far.

It is separate from confidential data entering AI, which covers the data entered into AI. This article covers what comes back out and how the business uses it.

For customer-facing AI, Vendor AI features covers the deployment decision and vendor posture. This article covers whether the AI's answer is true, current, complete, and appropriate to rely on.

How it happens in a normal SMB

A small Canadian marketing agency is preparing a creative brief for a regional retail client. The client is launching a new product line and wants the agency to summarize the market, customer attitudes, competitor positioning, and recommended messaging.

The account manager uses the firm's sanctioned AI assistant to speed up the first draft. She asks for a concise market overview, recent Canadian consumer trends, competitor share estimates, and source citations that the client can review.

The AI produces a polished brief with three market-size figures, two competitor share percentages, a paragraph about changing consumer attitudes, and citations that look credible: industry research reports, a trade association publication, and a recent Statistics Canada survey.

The account manager reads the brief for tone and usefulness. It looks professional, so she edits the tone, adds client-specific context, and sends it to the creative team and the client.

Nobody checks the sources.

The client uses the brief in an internal strategy presentation. During review, one of the client's finance leaders asks for the underlying report behind a market-size figure because it does not match the client's own planning assumptions.

The account manager goes back to the AI-generated citations. Two of the industry reports do not exist. One real trade association exists, but the report title is invented. There is no Statistics Canada survey with the title the AI provided; the AI created a plausible title and attached it to a trusted institution.

The brief was wrong in exactly the way that is easy to miss: polished and useful-looking.

The client asks for a written explanation. They also ask the agency to review other AI-assisted work delivered over the past year and to identify which deliverables included AI-generated research, statistics, or citations. The agency now has to investigate old work that was never labeled, source-checked, or stored with verification notes.

The failure path

The failure path looks like this:

Case file Sequence 12 · Wrong output

  1. A staff member uses AI to draft, summarize, research, analyze, or prepare a deliverable.

  2. The AI produces output that is fluent, specific, and confident.

  3. The output includes facts, dates, names, numbers, citations, recommendations, or summaries that appear credible.

  4. The staff member reviews for tone and usefulness while the claims that matter remain unchecked.

  5. The output is sent externally, used in a decision, added to a customer-facing answer, or passed downstream to another team.

  6. A client, customer, regulator, business owner, or later workflow relies on the output.

  7. The error is discovered after it has already shaped work, decisions, commitments, or customer expectations.

  8. The business has to explain how the output was created, what was checked, who relied on it, and whether similar errors exist elsewhere.

The dangerous step is treating AI output as verified because it sounds competent.

A competent-sounding answer still needs source checking before it leaves the business.

Business consequence

The first consequence is trust loss.

In the marketing-agency example, the client can understand the failure without understanding language models. The agency put invented research into a client deliverable. The client used that material in internal planning. Now the client has to ask whether the agency's other work was checked.

Other consequences depend on the output:

  • Client embarrassment when wrong AI-generated material appears in a board deck, sales document, proposal, report, or customer communication.
  • Operational mistakes when staff act on stale policy, pricing, tax, regulatory, or market information.
  • Contract or legal risk when a clause summary misses the caveat that changes the conclusion.
  • Professional liability where regulated work relies on AI output without appropriate review.
  • Cross-client trust damage when one client's wording, detail, or strategy appears in another client's draft.
  • Customer support harm when a chatbot or automated response gives a confident answer that the business cannot honour.
  • Management decisions based on numbers, comparisons, or trends that were never source-checked.

There is also an intellectual-property and copyright exposure. AI-generated text, images, code, slide content, campaign concepts, and product copy can create commercial risk if the business cannot explain provenance, rights, or review. Treat externally used AI output like other commercial material: someone owns the decision to use it, someone checks it, and the business keeps enough record to defend the choice if challenged.

The evidence gap matters. If the business did not label AI-assisted work, preserve source links, or keep verification notes, it may not be able to answer a client's basic questions later: what was AI-generated, what was checked, which sources were real, and which deliverables might contain the same failure.

Controls that interrupt the failure path

The first control is verification proportional to consequence.

Review should match consequence. A rough internal brainstorm needs a lighter process than a client report, legal interpretation, financial recommendation, customer-facing answer, or regulated deliverable.

Start here

  • Treat AI output as a draft that still needs verification.
  • Verify any specific claim before it leaves the business or informs a material decision.
  • Check citations, source names, links, quotations, numbers, dates, dollar figures, laws, policies, product claims, and named references at the source.
  • Use a current authoritative source for current questions. AI can point toward sources, but the authoritative source itself has to carry the claim.
  • Require domain review for client-facing, regulated, financial, legal, technical, or high-consequence work.
  • Keep separate AI sessions, projects, or workspaces for separate clients to reduce cross-client confusion.
  • Disable memory or persistent context for AI tools used across multiple clients unless there is a reviewed reason to keep it on.
  • Label AI-assisted drafts where it helps reviewers understand that source-checking is required.

Add where needed

  • Keep source links or verification notes with client deliverables that include AI-assisted research, statistics, citations, or claims.
  • Build a simple checklist for external work: claims checked, citations opened, dates current, client context verified, no cross-client content, reviewer named.
  • For customer-facing AI, use approved knowledge sources, escalation to a person, answer limits, and clear labeling that the user is interacting with AI.
  • Require human checking before AI-generated citations, legal references, market statistics, case studies, customer claims, or technical instructions pass review.
  • Require stronger review before using AI-generated content commercially where IP, copyright, brand, or customer reliance matters.

The standard should scale with the consequence of being wrong. A low-stakes internal summary may need only light review, while client-facing recommendations need subject-matter review and regulated or contractual deliverables need verification against the actual source material.

The reviewer should be able to answer three questions:

  • What claims in this output matter?
  • Which source proves each claim?
  • What happens if this claim is wrong?

If nobody can answer those questions, hold the output inside the business until the claims are checked.

Policy rule this creates

Rule 12 of 13

AI output must be verified by a person qualified to assess it before it is used in client work, sent externally, published, or relied on for material business decisions. The staff member using AI remains accountable for the output. Citations, sources, numbers, dates, dollar figures, legal or regulatory references, named facts, product claims, and customer-facing answers must be checked against authoritative sources before use. AI-assisted work for different clients must be kept in separate sessions, projects, or workspaces where practical.

Common questions about wrong or mixed AI output

The questions that come up most often when a business starts working out how to verify AI-generated material before it reaches a client, a regulator, or a customer.

We've heard AI just makes things up. Doesn't that make it too risky for serious work?

AI-assisted output is now showing up through Copilot in Microsoft 365, Gemini in Google Workspace, embedded summarizers in PDF readers, CRM and inbox tools, and assistants built into accounting and customer-support platforms. The practical question for the business is whether anything checks AI output before it leaves the building, because in many small companies the same staff member who drafts is also the one who reviews the work. A single wrong client deliverable can cost a relationship, and a wrong number in a regulated or contractual context can be disproportionately expensive relative to a small business's revenue and client base. The exposure comes from unverified AI output being used as if it were already checked, which is something the business can address through process even though the underlying AI behavior cannot be eliminated.

What kinds of AI errors should staff actually be watching for?

Staff should be watching for six recognizable error categories that all share the trait of looking like normal, useful writing. The first category is invented sources: citations, report titles, authors, dates, or quotations that read as real but do not exist, because the AI produces a citation-shaped sentence when the prompt asks for one. The second is stale information presented as current, such as policy, tax, pricing, regulatory, or product information that was true at some point and is now wrong. The remaining categories are content from a different client or project mixed into the current draft, summaries that omit the qualifier or caveat that changes the conclusion, customer-facing AI answers that sound confident but are wrong, and numbers or comparisons that look reasonable but are not anchored to a verifiable source.

How do we verify AI output without slowing every piece of work down?

The right amount of verification is proportional to the cost of being wrong on a specific deliverable, which varies far more than the volume of AI use does. A rough internal brainstorm or a first-pass draft for the staff member's own use needs light verification because nothing leaves the business yet. A client deliverable, sales document, or any output that informs a real decision needs the specific claims that drive the recommendation checked against the actual source. Regulated work, legal-context summaries, financial recommendations, and customer-facing answers need verification against the authoritative source before the work leaves the building, because the cost of being wrong falls entirely on the business and its relationships.

When AI gives a citation, source, or specific number, what does 'check it' actually mean?

Checking a citation or number means opening the source the AI named and confirming the claim is there in the form the AI presented it. The four concrete checks are: confirm the source exists at the URL or in the database the AI cited, confirm the title and authorship match what the AI said, confirm the specific number or quote appears in that source, and confirm the date is current enough for the use the business is making of it. A common shortcut staff fall into is Googling the title and accepting whatever a search snippet says, which is not source-checking, because AI sometimes invents titles that produce real-looking search hits at unrelated sources. The honest check is clicking through to the actual document the AI named and confirming the claim is supported in the text itself.

How do we keep one client's information from showing up in another client's work?

Cross-client mixing happens when AI carries wording, context, numbers, or confidential details from one client's session into another client's draft, usually because the same conversation, project, or memory feature is being reused across clients. The practical separations are: keep a fresh AI session for each client rather than continuing one long session across multiple accounts; use separate AI projects or workspaces for each client where the tool supports it; and turn off memory or persistent-context features for any AI tool used across multiple clients unless there is a reviewed reason to keep them on. This failure mode is the output-side counterpart to confidential data entering AI, with the same confidentiality exposure for the business and the affected clients. Where AI-assisted drafts include client-specific names, dates, dollar figures, or strategy details, the reviewer should confirm those details belong to the client the draft is being delivered to.

What about a customer-support chatbot or AI answers on our website? How is that different?

Customer-facing AI carries the same wrong-output risk as internal AI use, but the answer reaches a customer in real time without any staff member reviewing it first. The difference from vendor AI features is the focus: that topic covers what it means for the business that a customer-facing AI feature exists at all, while this question covers what to do about it being confidently wrong when it answers a real customer. The highest-leverage control is restricting the AI to approved knowledge sources (the business's own documentation, pricing, policy, and support knowledge base) instead of allowing it to answer from the general model, because answers grounded in the business's actual knowledge are the ones the business can stand behind. The realistic SMB control set is approved-source restriction, an escalation path to a person, clear labeling that the customer is interacting with AI, and answer limits on commitments the business cannot honour.

Is AI-generated content safe to use commercially, like in marketing materials or client deliverables?

Whether a specific piece of AI-generated content is legally usable in commercial work is a question the business should take to its own counsel, because it depends on the source material, the AI vendor's terms, the use, the industry, and the jurisdiction. The operational discipline the business can put in place independently is provenance tracking: keeping a simple record of what was AI-generated, what prompt or source the AI was given, what staff edited or rewrote, what review the work received, and what was published or sent commercially. The defensibility question matters because if a customer, regulator, or rights-holder later asks how the material was made, the business should be able to answer by pulling records of how the work was created. Practical questions to take to counsel include which AI vendor terms apply to the company's use, what rights, restrictions, or indemnities the terms provide for business use, what disclosure obligations exist in the firm's industry, and what review standard to require before AI-generated work appears in commercial deliverables.

Who in the business is actually qualified to verify AI output, and what should they be doing?

The qualified reviewer is the person on staff who knows the subject matter of the output. For an AI-drafted report on insurance coverage, the person who knows the firm's insurance practice is the qualified reviewer; for an AI-drafted summary of a contract clause, the person who knows the contract and the surrounding business context is the qualified reviewer. The reviewer should be able to answer three questions about the output before it leaves the business: which claims in this material actually matter, which source proves each of those claims, and what happens if any of those claims is wrong. The practical constraint for small businesses is often making time and applying the framing to actually open the sources and confirm the claims, because the cost of skipping that step shows up externally after the work has already been delivered.

How do we figure out which past deliverables included AI-generated material that was never source-checked?

Discovery is partial-coverage by design, because most small businesses do not have document-management systems that tag which deliverables were AI-assisted. The practical paths are: review the high-stakes deliverables by date range starting from when staff began using AI heavily; ask staff directly to flag past work they used AI on, framed as a process review rather than a personal audit; and search the document corpus for known phrases, citation formats, or recurring wording from commonly used prompts where the corpus is small enough to do that practically. Citations, statistics, and named sources in past deliverables are the most checkable items because each one is either real or invented, and a sample check across the highest-stakes work surfaces whether the firm has a broader problem. The goal of the exercise is to find the highest-risk past work that needs re-verification, accepting that discovery will not catch every instance.

A client just told us a report we delivered has wrong AI-generated information. What do we do?

The first conversation with the client should acknowledge the issue without speculating about cause, because committing to a cause before checking the disputed claims often turns a fixable error into a credibility problem. Identify the specific claims in the report that are wrong rather than treating the document as a whole as suspect. Pull the source for each disputed claim and confirm directly whether the citation, statistic, summary, or named fact is invented, stale, or correct, because the corrective conversation depends on knowing exactly what failed. Determine whether the same failure exists in other deliverables to the same client and in other AI-assisted work from the same staff member during the same period, because that scope determines what the client needs to know and what other clients may need to be told. If cross-client content was mixed into the report, the response should also treat the original client's confidential information as having reached the wrong audience, which is the same confidentiality exposure covered in confidential data entering AI. Provide a revised version of the report with the corrected claims clearly marked and the sources cited so the client can verify them, and review what changed in the firm's verification process so the same failure does not repeat. Notification decisions for affected clients, customers, or regulators depend on what was delivered and to whom, and stay with the owner and appropriate counsel.

One of 13 rules for your AI usage policy

The rule above is one of 13 that make up a working AI Usage Policy. The SMB AI Policy Builder walks you through the full set of decisions and produces the policy, working documents, and a 90-day implementation plan.

Launching soon. Join the waitlist to be notified.

Get practical insights like this in your inbox

Occasional articles and updates on technology, risk, operations, and support.