AI Incident Classification
Define a taxonomy for AI incidents that categorizes events by type and severity, determining the appropriate response urgency and notification requirements.
Objective
Ensure AI incidents are consistently categorized so the right people respond with the appropriate urgency and follow the correct procedures.
Maturity Levels
Initial
AI incidents are not formally classified; all issues are treated the same regardless of severity.
Developing
Severity levels exist informally but are not consistently applied to AI-specific incidents.
Defined
A documented AI incident taxonomy covers incident types, severity tiers, and corresponding response SLAs.
Managed
Classification accuracy is reviewed periodically; misclassification patterns are addressed through taxonomy updates.
Optimizing
Classification informs post-incident analysis; taxonomy evolves as new incident types emerge.
Evidence Requirements
What an auditor or assessor would expect to see for this control.
- —Incident classification framework document defining severity tiers, criteria, and response obligations for each tier
- —Incident log entries showing classification decisions with rationale for a sample of recent incidents
- —Escalation records confirming higher-severity incidents were routed to the appropriate responders within defined timeframes
- —Classification accuracy review records showing periodic audits of whether incidents were correctly tiered
- —Training records confirming all staff with incident classification responsibility have completed the relevant module
Implementation Notes
Key steps
- Define AI-specific incident categories that your general IT incident taxonomy likely doesn't cover: model failure, discriminatory output, data exposure through AI, adversarial attack, hallucination causing harm, and agentic system unexpected action.
- Map severity tiers to regulatory notification obligations — some jurisdictions require regulatory notification for AI incidents within defined timeframes.
- Ensure classification criteria are documented precisely enough that two different responders would classify the same incident the same way.
- Include near-misses in your incident taxonomy — they provide valuable signal without the harm.
Example Implementation
SaaS company with AI features across multiple products and a defined incident response program
AI Incident Classification Taxonomy
Incident types:
MODEL_FAILURE— model produces wrong, nonsensical, or significantly degraded outputs at scaleDISCRIMINATORY_OUTPUT— outputs demonstrate disparate treatment of protected groupsDATA_EXPOSURE— personal data of one user exposed to another via AI outputADVERSARIAL_ATTACK— confirmed prompt injection or jailbreak affecting productionAGENTIC_SCOPE_VIOLATION— agent takes action outside its defined permission scopeHALLUCINATION_HARM— factually incorrect output leads to material harm to a userNEAR_MISS— any of the above detected before causing harm
Severity tiers:
| Severity | Criteria | Response SLA | Notification Required |
|---|---|---|---|
| P1 — Critical | User harm confirmed, or regulatory obligation triggered | Immediate; 24/7 on-call | Legal, CISO, CEO; regulators per policy |
| P2 — High | Potential user harm; significant policy violation | 2 hours | AI Lead, CISO, Legal |
| P3 — Medium | Quality degradation; no confirmed harm | Next business day | AI Lead |
| P4 — Low | Near-miss; minor quality issue | 5 business days | Model owner |
Control Details
- Control ID
- IRC-001
- Domain
- Incident Response
- Typical owner
- AI Governance Team / CISO
- Implementation effort
- Low effort
- Agent-relevant
- Yes