top of page
Search

Hallucinated Due Diligence: The AI Fraud in Your Deal Room

A 200-page report lands the night before close (yah we have all been there). Management interviews, working capital adjustments, an EBITDA bridge, customer concentration, a quality-of-earnings opinion. Your buy-side advisor invoiced $400,000 on a $40M deal. Bulletproof.


What you don’t know: half the interviews never happened. The churn was extrapolated from three invoices. The opinion was generated by a language model in 40 seconds. Your R&W binder now contains a materially false document.


The mechanics:


The deliverable is a PDF and an Excel model, exactly what generative AI produces fastest. Buyers commission diligence for lender covenants, R&W underwriters, board fiduciary duty, and integration planning. The report lands on timeline. Work papers rarely get checked.


Plausible-generic findings carry the fraud: working capital seasonality, customer concentration above 20%, deferred CapEx, key-man risk. True of 70% of mid-market targets, so they read credible.


The exposure:


A fabricated report inside an R&W binder is materially false, not a vendor dispute. Carriers, lenders, and indemnification escrows rely on the diligence having occurred. Fabrication is grounds for rescission and claim denial. You signed the binder.


Auditing your auditor:


Demand interview evidence: calendar invites, Zoom recordings, signed NDAs. No artifacts, no interview. Zoom recordings are going to need to become a fact of life going forward for all audits. Consider them the auditors artifacts. 


Pull data room access logs. Every finding should map to a document the analyst opened. Datasite, Intralinks, and Firmex log every view, user, and timestamp. If there is no document or meeting recording it didn’t happen. 


Re-perform one workstream live. Ask the lead analyst to walk the trial balance on screen-share. Fabricated work can’t be reperformed.


Verify customer concentration the hard way. Pull the GL sample and re-aggregate against the report’s revenue table.


Hunt LLM fingerprints: hallucinated GAAP citations, nonexistent ASC subsections, em-dash floods, fabricated comparables. Same hallmarks now in Big Four audit failures.


Lock it in the engagement letter:


Work-paper handover. Data room audit-log access. Analyst attribution per section. No-AI-without-disclosure attestation. Right-to-reperform backed by professional liability cover.


Fake diligence is worse than no diligence. It buries real risk under a paper trail that proves you were warned. I have said it before and will say it again, the major firms are gutting staff and forcing AI substitution where work papers get built. Just as importantly there are few people left at the end of the day who actually have done an IT diligence. Ask the questions before signing.


Call if you want to discuss.

 
 

Recent Posts

See All
Scamming - Public Service Announcement

A text arrived on my phone this morning. Final Warning. Today’s date. Massachusetts Department of Transportation. License suspension if I don’t pay by end of day. A code citation. Five escalating cons

 
 

Timcke Risk Management, LLC

660 Massachusetts Ave

6th Floor, Boston, MA 02118

 

© 2025 by Timcke Risk Management, LLC

 

bottom of page