AI Incident Classification

Good news, everyone! Not every alert is an incident. Not every incident is a crisis. The difference between a monitoring system that improves security and a monitoring system that drowns your team in noise is classification — the structured process of determining what happened, how severe it is, and what response it demands.

1. Severity 1: Critical — Active Data Breach Confirmed exfiltration of sensitive data through the AI system. Customer PII in model outputs. Credentials exposed through conversation logs. Unauthorized tool execution that accessed restricted systems. Response: immediate containment, incident commander activation, stakeholder notification within one hour.
2. Severity 2: High — Confirmed Exploit Successful prompt injection that changed model behavior. System prompt extracted by a user. Model consistently bypassing safety constraints. Unauthorized access to AI admin functions. Response: containment within one hour, root cause analysis within four hours, stakeholder notification within 24 hours.
3. Severity 3: Medium — Attempted Exploit Detected injection attempts that were blocked by defenses. Anomalous query patterns suggesting reconnaissance. Guardrail triggers that prevented data leakage. Response: log analysis within 24 hours, defense validation, pattern added to detection rules.
4. Severity 4: Low — Suspicious Activity Statistical anomalies without confirmed malicious intent. Unusual usage patterns from known users. Single guardrail triggers without follow-up activity. Response: logged for trend analysis, reviewed in weekly security review, no immediate action required.