90 incidents on record · 2026 Headlights Incident reports by Ellie Harris · Melbourne
10 new this week Library last updated 13 July 2026
← The incident library
HD-INC-057
Legal services · Australia · 2023 · Defamatory hallucination

ChatGPT reportedly told users an Australian mayor had gone to prison for bribery, when he was the whistleblower who exposed it

By Ellie Harris · Filed Concerns notice sent 21 March 2023

Alleged: OpenAI developed or deployed the AI system implicated in this incident. Details are drawn from public reports; parties are presumed innocent of any wrongdoing not established by an official finding.

ChatGPT reportedly told users an Australian mayor had gone to prison for bribery, when he was the whistleblower who exposed it

What happened

Brian Hood spent the early 2000s working for Note Printing Australia, a subsidiary of Australia’s Reserve Bank. He became the person who helped bring to light that it and a sister company, Securency, had paid bribes to foreign officials to win banknote-printing contracts. He was a whistleblower. He was never charged with anything; the people charged were others, and his role was to expose the scheme, not to take part in it.

In early 2023, by which time Hood was mayor of Hepburn Shire Council in Victoria, he learned that ChatGPT was telling a very different story. Asked about him, the system described him not as the whistleblower but as a guilty party in the bribery affair, stating, according to his lawyers, that he had been found guilty and had served a prison sentence. It had inverted his role entirely, casting the man who reported the crime as one of its perpetrators, and presenting this in the fluent, authoritative register that makes a chatbot’s output read as fact rather than guess.

In March 2023 Hood’s lawyers, Gordon Legal, sent OpenAI a concerns notice, the step Australian defamation law requires before a suit can be filed, giving the company a window to correct the error. The matter drew international attention because it looked like it might become the first defamation action anywhere against the operator of an AI chatbot. One of his lawyers, James Naughton, said that if it proceeded “it would potentially be a landmark moment in the sense that it’s applying this defamation law to a new area of artificial intelligence and publication in the IT space.” In the end the landmark was not set: a lawsuit was not ultimately filed, and the dispute did not produce a court ruling. What it produced instead was an early, concrete illustration of a model stating a damaging falsehood about a real, named person, and of how little stood between that falsehood and the people reading it.

What an auditable version would have shown

The output that prompted the notice was a confident factual assertion about a living person, that he had been convicted and imprisoned, with nothing behind it but the model’s tendency to produce plausible text. The defect was not that the model lacked a fact; it is that it generated a specific, checkable, false claim about an identifiable individual and presented it as established. A claim of that kind, “this named person was convicted of a crime,” is precisely the sort that can be checked against a source of record, and was not.

An auditable version separates what a model can assert on its own from what it may only state after verification. A factual claim about a specific person’s criminal history is routed to a trusted source, court records, an authoritative database, rather than answered from the model’s own associations, and the system records that the claim was made, what it was checked against, and what the check returned. With that, a fabricated conviction is caught before it reaches a user, or at minimum is logged as an unverified generation about a named individual, which is the difference between a correctable process and a reputational harm discovered only when the subject happens to hear of it.

Where the gap was

The gap was that a high-stakes factual claim about a real person, a criminal conviction, was emitted with no check against reality and no record that it had been made. The model proposed; nothing disposed. A generative system will produce confident, specific, false statements as a matter of course; the failure is deploying one to answer questions about real people without a verification step for exactly the claims that can defame.

A VerificationGate is the control. A factual assertion about an identifiable person, especially one alleging criminal conduct, is checked against a trusted external source before it is presented as fact, and the model’s fluent guess is not allowed to stand in for the record. A ConductRecord is the second: a log of the claim the system made about the person, so that when an output defames someone there is an account of what was said and on what basis, rather than an ephemeral answer that vanishes once the chat is closed.

What governance should have looked like

The pattern recurs wherever a model’s fluency is mistaken for knowledge: the more confident and specific the false claim, the more damage it does, and confidence is exactly what these systems manufacture for free. The claim is a proposal until something real has checked it.

The reference implementation of VerificationGate and ConductRecord is open source. It lives at github.com/saffronandindia/headlights-oss, Apache 2.0 licensed and free to install. The repository is public now.

Sources

The mailing list

Fresh incident reports every week. One email to match.

We add new incidents to the library regularly, and send a single short email each week with what's new. The library stays free and open; this is just how you keep up with it.

No tracking. Unsubscribe in one click.

The record

An auditable system would have produced a signed, tamper-evident record the moment this happened: what the system did, the version that did it, the basis it acted on, and the action taken, and OpenAI could have produced it on demand.

This is the record the system as deployed did not produce in a signed, auditable form.

What this teaches
Capture what happened when it happens
What the system did, the version that did it, the basis it acted on, and the action taken, recorded at the moment, not reconstructed after.
Sign it, so no one has to trust the record-keeper
A tamper-evident entry. Edit it later and the signature breaks. The record does not ask for the benefit of the doubt.
Make it verifiable by anyone
A court, a regulator, a customer's lawyer can check the record themselves, without taking the company, or us, at our word.

Headlights summarises publicly reported AI incidents. All summaries are independently written, attributed to their original sources, and intended for research and educational purposes. Allegations are identified as such until established through official findings.

Last reviewed June 2026. This report is based on the sources listed above and reflects information available at the time of review; later developments may not be captured. Where a person is described as charged with or alleged to have done something, that allegation is unproven unless a conviction or a court or regulatory finding is stated. Headlights publishes journalism and commentary, not legal advice.

Want to write back?

Direct to my inbox.

ellie@useheadlights.com →