AI Incident Taxonomy

AI system incidents are categorized differently from traditional software incidents because the failure modes are different. Traditional software either works or crashes. AI systems have a third state: confidently wrong. The agent produces output that looks correct, passes format validation, and is delivered to stakeholders — but contains factual errors, inappropriate recommendations, or decisions based on contaminated data. This third state is the most dangerous because it is invisible to automated monitoring and only detected when a human notices.

The AI incident taxonomy has five categories. Infrastructure failure: the system is down or degraded. This is traditional incident response — the playbooks from traditional operations apply. Quality failure: the system is up but producing bad output. This requires quality-specific detection and containment. Decision failure: the agent made a wrong autonomous decision and acted on it. This requires blast radius assessment because actions were taken. Data failure: the agent operated on corrupted, contaminated, or stale data. This requires tracing which outputs were affected. Safety failure: the agent violated a behavioral boundary — processed restricted data, overstepped its authority, or produced harmful content. This requires immediate containment and compliance notification.

1. 1. Classify the Incident Type Is this infrastructure (system down), quality (bad output), decision (wrong action), data (corrupted input), or safety (boundary violation)? The type determines the response procedure. Misclassification wastes time on the wrong response.
2. 2. Assess Severity Severity is determined by impact scope and reversibility. SEV-1: external stakeholder impact, irreversible actions taken. SEV-2: internal impact, actions taken but reversible. SEV-3: detected before impact, no actions taken. SEV-4: potential incident detected during monitoring, not yet confirmed.
3. 3. Determine Blast Radius How many outputs were affected? How many stakeholders received corrupted output? How many downstream agents acted on the bad data? The blast radius determines the scope of the recovery effort.