What AI gets wrong.
What the correct answer is.

WHAT AI COMMONLY GETS WRONG

AI frequently states a flat CGT rate (e.g. 25%) for Australian capital gains.

VERIFIED CORRECT ANSWER

Australia does not have a flat CGT rate. Individuals who hold an asset for more than 12 months receive a 50% CGT discount — only half the gain is assessable income. That is then taxed at the individual's marginal rate (0–45%).

WHAT AI COMMONLY GETS WRONG

AI often cites wrong SG rates (9%, 9.5%, 10%, 12% for current year).

VERIFIED CORRECT ANSWER

The Superannuation Guarantee rate is 11.5% for 2024–25, rising to 12% from 1 July 2025. It is legislated in the Superannuation Guarantee (Administration) Act 1992.

WHAT AI COMMONLY GETS WRONG

AI frequently cites wrong GST thresholds ($50K, $100K, $80K).

VERIFIED CORRECT ANSWER

The GST registration threshold is $75,000 annual turnover for most businesses, and $150,000 for non-profit organisations. These thresholds have not changed since GST was introduced in 2000.

WHAT AI COMMONLY GETS WRONG

AI confuses ATO, ASIC, APRA, and RBA — or uses US regulators (SEC, IRS, FED) in Australian context.

VERIFIED CORRECT ANSWER

Australia's financial regulators: ATO (tax administration), ASIC (corporate and markets regulation), APRA (prudential regulation of banks and super funds), RBA (monetary policy, cash rate). The SEC, IRS, and FED are US bodies with no authority in Australia.

WHAT AI COMMONLY GETS WRONG

AI frequently gets the exact weeks wrong for specific years of service.

VERIFIED CORRECT ANSWER

Fair Work Act 2009, Schedule 4 — Redundancy pay scale: 1yr=4wks, 2yrs=6wks, 3yrs=7wks, 4yrs=8wks, 5yrs=10wks, 6yrs=10wks, 7yrs=11wks, 8yrs=11wks, 9yrs=12wks, 10yrs+=12wks. Small businesses (under 15 employees) are exempt.

WHAT AI COMMONLY GETS WRONG

AI often states 1 week notice for all employees, or incorrect periods.

VERIFIED CORRECT ANSWER

NES minimum notice: <1yr service=1 week; 1–3yrs=2 weeks; 3–5yrs=3 weeks; >5yrs=4 weeks. Employees over 45 with 2+ years service get +1 week. Enterprise agreements may provide more but not less.

WHAT AI COMMONLY GETS WRONG

AI states various incorrect periods (3 months, 12 months for all employees).

VERIFIED CORRECT ANSWER

The minimum employment period for unfair dismissal access is 6 months for businesses with 15+ employees, and 12 months for small businesses (fewer than 15 employees). This is defined in s.383 of the Fair Work Act 2009.

WHAT AI COMMONLY GETS WRONG

AI frequently says 'FDA approved' for drugs used in Australia.

VERIFIED CORRECT ANSWER

In Australia, therapeutic goods are approved by the TGA (Therapeutic Goods Administration), not the US FDA. An FDA approval does not mean a drug is approved for use in Australia. Australian prescribers must rely on TGA-registered products.

WHAT AI COMMONLY GETS WRONG

AI frequently invents dosage figures or applies adult doses to children.

VERIFIED CORRECT ANSWER

Metformin adult dose: 500–3000mg/day in divided doses. Paediatric dose (10+ years): 500–2000mg/day weight-based. Starting dose is typically 500mg twice daily. Adult dosing must not be applied to children without weight-based calculation.

WHAT AI COMMONLY GETS WRONG

AI invents court codes and citation formats that don't exist.

VERIFIED CORRECT ANSWER

Australian case citations: [Year] CourtCode Number. Valid court codes: HCA (High Court), FCA (Federal Court), NSWCA (NSW Court of Appeal), VSCA (Vic), QCA (Qld), WASC (WA Supreme), SASC (SA Supreme). Example: [2023] HCA 12.

WHAT AI COMMONLY GETS WRONG

AI invents section numbers above the actual Act's range.

VERIFIED CORRECT ANSWER

The Corporations Act 2001 (Cth) contains sections up to approximately 1800. Section numbers above this (e.g. Section 2341F, Section 5003) do not exist. All sections can be verified at legislation.gov.au.

WHAT AI COMMONLY GETS WRONG

AI misnames items, gets the count wrong, or uses outdated lists.

VERIFIED CORRECT ANSWER

OWASP Top 10 (2021): A01 Broken Access Control, A02 Cryptographic Failures, A03 Injection, A04 Insecure Design, A05 Security Misconfiguration, A06 Vulnerable and Outdated Components, A07 Identification and Authentication Failures, A08 Software and Data Integrity Failures, A09 Security Logging and Monitoring Failures, A10 Server-Side Request Forgery.

WHAT AI COMMONLY GETS WRONG

AI recommends MD5, SHA-1, or SHA-256 for password hashing.

VERIFIED CORRECT ANSWER

Passwords must be hashed with slow, purpose-built algorithms: Argon2id (OWASP first recommendation), bcrypt (cost factor ≥12), or scrypt. General-purpose hash functions (MD5, SHA-1, SHA-256) are fast by design — which makes them dangerous for passwords as attackers can test billions per second.

WHAT AI COMMONLY GETS WRONG

AI treats vulnerability scanning and penetration testing as the same thing.

VERIFIED CORRECT ANSWER

Vulnerability scanning is automated — tools check software versions and configurations against CVE databases. It reports potential weaknesses without confirming exploitability. Penetration testing involves a human tester actively exploiting vulnerabilities to demonstrate real business impact. Both are valuable but serve different purposes.

WHAT AI COMMONLY GETS WRONG

AI claims HTTPS prevents XSS, SQL injection, and all attacks.

VERIFIED CORRECT ANSWER

HTTPS (TLS) encrypts data in transit only. It does NOT prevent XSS (requires Content Security Policy, output encoding), SQL injection (requires parameterised queries), CSRF (requires CSRF tokens), or other application-layer attacks. HTTPS prevents eavesdropping and man-in-the-middle attacks on the transport layer only.

WHAT AI COMMONLY GETS WRONG

AI inverts the pyramid — placing UI/E2E tests at the base.

VERIFIED CORRECT ANSWER

The Test Pyramid (Mike Cohn): BASE = Unit tests (most, fastest, cheapest — test isolated functions); MIDDLE = Integration tests (fewer — test component interactions); TOP = E2E/UI tests (fewest, slowest, most expensive — test full user flows). The pyramid shape shows you should have many more unit tests than UI tests.

WHAT AI COMMONLY GETS WRONG

AI describes TDD as writing code first, then tests.

VERIFIED CORRECT ANSWER

TDD follows Red-Green-Refactor: (1) RED — write a failing test first; (2) GREEN — write minimum code to pass the test; (3) REFACTOR — improve the code while keeping tests green. The test always comes before the implementation. Writing code first then adding tests is not TDD.

WHAT AI COMMONLY GETS WRONG

AI describes unit tests that call databases, APIs, or render UIs.

VERIFIED CORRECT ANSWER

A unit test tests a single unit of code (function, method, class) in complete isolation. All external dependencies (database, API, file system, network) must be replaced with mocks or stubs. Tests that touch real external systems are integration tests or end-to-end tests.

WHAT AI COMMONLY GETS WRONG

AI states binary search is O(n) or O(1).

VERIFIED CORRECT ANSWER

Binary search is O(log n). It requires a sorted array and divides the search space in half at each step. For 1,000,000 elements, it takes at most 20 comparisons (log₂(1,000,000) ≈ 20).

WHAT AI COMMONLY GETS WRONG

AI states hash table lookup is O(log n).

VERIFIED CORRECT ANSWER

Hash table lookup is O(1) average case (amortised constant time). The key is hashed to find its bucket directly. Worst case is O(n) with many hash collisions. O(log n) is the complexity of balanced binary search trees, not hash tables.

WHAT AI COMMONLY GETS WRONG

AI states incorrect number of OSI layers or wrong layer names.

VERIFIED CORRECT ANSWER

The OSI model has exactly 7 layers: Layer 1 Physical, Layer 2 Data Link, Layer 3 Network, Layer 4 Transport, Layer 5 Session, Layer 6 Presentation, Layer 7 Application. Mnemonic: 'Please Do Not Throw Sausage Pizza Away'.

WHAT AI COMMONLY GETS WRONG

AI references SSL as current, or mentions non-existent TLS versions.

VERIFIED CORRECT ANSWER

Current: TLS 1.3 (RFC 8446, 2018) — recommended; TLS 1.2 (RFC 5246, 2008) — acceptable minimum. Deprecated: TLS 1.0, TLS 1.1, SSL 3.0 (POODLE), SSL 2.0. TLS 1.3 removed obsolete cipher suites and is significantly faster due to 0-RTT handshake.