Define severity tiers in your AI incident response plan

AI-specific incidents should be explicitly scoped and defined within your Incident Response Plan (IRP). These incidents may involve model failures, hallucinations, data leakage, unauthorized access to model outputs, unsafe behavior, or failures in risk mitigation mechanisms.

To operationalize this, your IRP should include:

An AI incident definition. Clearly define what qualifies as an “AI-related incident.” Examples may include "Sensitive user data is exposed via model responses". An incident response strategy. Develop playbooks for common AI failure modes. These playbooks should outline:

• Detection: How incidents are identified (e.g., monitoring logs, human review, flagged outputs).

• Triage: Criteria for severity (e.g., user harm, data exposure, system integrity).

• Response roles: Who leads technical, legal, and communication responses.

• Communication: Internal escalation, external disclosure, and user notification if applicable.

• Containment & Recovery: How the system is stabilized and brought back into a safe state.

• Remediation & Prevention: Postmortem analysis and updates to models, prompts, or safeguards.

Each AI incident should be documented with structured fields:

• Date/Time

• Detection Method

• Incident Summary

• Which AI system or model was involved

• Which component of the Manage function broke down (e.g., policy, access control, testing, monitoring)

• Impact (e.g., user harm, data exposure, financial cost)

• Response Actions Taken

• Root Cause

• Preventative Measures Implemented