Section 06 · Incident Response
Extend cyber IR for AI-specific failure modes.
AI incidents extend traditional cyber incident response. They are not a replacement, and many AI incidents are cyber incidents (registry compromise, supply chain attacks, credential theft enabling model swap). What changes is the addition of failure modes that traditional IR models do not capture: non-deterministic decision failures, model behavior degradation without system compromise, bias amplification, automation cascades, training data contamination, vendor regressions, and adversarial manipulation without breach.
Why a distinct taxonomy
AI incidents may not involve network intrusion, credential theft, malware, or traditional exploit patterns, yet they create regulatory exposure, financial harm, customer trust erosion, legal liability, and reputational damage. They warrant their own classification within enterprise IR.
Six AI incident classes
Use this taxonomy to classify, route, and report. Multiple classes may apply to a single incident.
Model Integrity
Unexpected degradation, corruption, or behavioral shift in a deployed model.
Examples
- Significant unexplained performance drop
- Corrupted model artifact
- Unauthorized retraining event
- Vendor model update causing regression
Data Integrity
Compromise or contamination of data impacting model behavior.
Examples
- Training data poisoning
- Feature pipeline tampering
- Drift beyond safe thresholds
- Data source compromise affecting inference
Automation Impact
AI-driven output triggers harmful or unintended automated consequences.
Examples
- Incorrect financial action
- Erroneous employment workflow trigger
- Safety-impacting automation
- Workflow cascade failure
Bias & Fairness
Material evidence of discriminatory or disparate impact.
Examples
- Statistically significant bias discovery
- Protected class performance disparity
- Regulatory complaint tied to model output
Adversarial Exploitation
Evidence of active model manipulation or probing.
Examples
- Model extraction attempts
- Adversarial input crafting
- Prompt injection (direct or indirect)
- Systematic probing patterns
Aligned with MITRE ATLAS adversarial techniques and ATT&CK-style attack modeling.
Vendor AI
Third-party model or AI service introduces material risk.
Examples
- Unannounced model retraining
- Model behavior regression
- Vendor data processing deviation
- API control failure
Severity factors
- Automation impact level
- Regulatory exposure
- Customer impact
- Reversibility
- Public disclosure likelihood
Tier 4 AI systems default to higher severity escalation thresholds.
Response workflow
AI incidents follow existing enterprise IR structure with AI-specific phases inserted.
Phase 1
Containment
- Disable model endpoint
- Roll back to prior model version
- Disable automation triggers
- Isolate feature pipeline
- Suspend vendor integration
Phase 2
Assessment
- Affected model version
- Data input source
- Risk tier classification
- Business impact
- Regulatory implications
- ATT&CK / ATLAS technique mapping (if adversarial)
Phase 3
Remediation
- Retrain model
- Remove contaminated data
- Patch inference logic
- Adjust thresholds
- Update access controls
- Amend vendor agreements
Phase 4
Governance & Reporting
- Governance committee notification
- Legal and compliance review
- Executive visibility (if material)
- Regulatory reporting (if required)
- Log in centralized AI risk registry
Post-incident review
Unlike traditional cyber events, AI incidents demand a feedback loop into risk tiering and monitoring. Five questions to answer before closing the incident:
Outputs feed back into risk tiering and monitoring, closing the governance loop.