AS-301h · Module 2

Stakeholder Communication During Incidents

3 min read

Communication during an AI incident must be accurate, timely, and audience-appropriate. Telling your CEO "we detected a prompt injection exploit that led to context window exfiltration through a RAG pipeline manipulation" is technically accurate and communicatively useless. Telling them "an attacker tricked our AI system into revealing customer data, we have contained it, and we are assessing the scope" is useful. Same incident. Different audience. Different language.

Do This

  • Pre-draft communication templates for each severity level — templates are edited during incidents, not written from scratch
  • Match language to audience — technical for the engineering team, business impact for executives, regulatory for legal
  • Communicate at defined intervals — every 30 minutes during critical incidents, every 2 hours during high severity, daily for medium

Avoid This

  • Draft communications during the incident without templates — the stress produces imprecise language that creates more questions
  • Use technical jargon with non-technical stakeholders — confusion generates anxiety, anxiety generates interference
  • Go silent between updates — silence during an active incident is interpreted as "things are worse than they are telling us"