AI Threats Affecting Business Organizations

How AI-enabled threats affect private sector entities — through fraud, competitive manipulation, operational disruption, or reputational damage. Includes corporations, SMEs, and startups.

organizations

How AI Threats Appear

For business organizations, AI-enabled threats most commonly surface through:

AI-powered fraud — Deepfake impersonation of executives, AI-generated phishing campaigns, and synthetic identity fraud targeting corporate financial processes
Intellectual property theft — Model extraction, training data exfiltration, and AI-assisted corporate espionage
Operational disruption — AI system failures, adversarial attacks on deployed AI, and cascading errors in AI-automated business processes
Reputational damage — AI-generated disinformation targeting brands, deepfake content involving company representatives, and public incidents involving the organization’s own AI products
Competitive manipulation — AI-enabled market manipulation, automated scraping and undercutting, and strategic use of AI to exploit competitor vulnerabilities

Relevant AI Threat Domains

Security & Cyber — AI-enhanced attacks targeting corporate systems and processes
Information Integrity — Synthetic media and disinformation affecting brand reputation
Economic & Labor — Market concentration, dependency on opaque AI vendors, and competitive disruption
Agentic Systems — Autonomous AI agent failures in enterprise deployments

What to Watch For

Indicators of AI-related organizational exposure:

Financial authorization processes that rely on voice or video verification without deepfake detection
AI vendor dependencies without adequate audit rights, explainability requirements, or fallback procedures
Automated business processes with insufficient human oversight at critical decision points
Employee communication channels vulnerable to AI-generated impersonation
Proprietary models or training data accessible through APIs without adequate access controls

Regulatory Context

EU AI Act — Imposes obligations on both AI providers and deployers, with specific requirements for high-risk systems used in business contexts
ISO/IEC 42001 — Provides an AI management system framework for organizations developing or deploying AI
NIST AI RMF — Offers risk management guidance for organizational AI governance
Corporate governance standards increasingly require board-level oversight of AI risks

For classification rules and evidence standards, refer to the Methodology.

→ Explore AI Threat Domains

→ View documented Incidents

Last updated: 2026-03-03 · Back to Affected Groups

Incidents Affecting Business Organizations

Documented incidents where business organizations were directly affected by AI-enabled harm.

INC-24-0020

Slack AI Indirect Prompt Injection Data Exfiltration Vulnerability

Security & Cyber

Attack vector: Indirect prompt injection via public channel messages
Data at risk: Private channel contents including API keys, credentials, and confidential communications
Access bypass: Attacker needed only public channel access to extract private channel data

View record → INC-24-0025

DPD AI Chatbot Swears at Customer and Writes Poem Criticizing the Company

Human-AI Control

Company: DPD (international parcel delivery service, UK operations)
Customer: Ashley Beauchamp (London-based musician)
Chatbot behavior: Swore at customer, wrote a disparaging poem and haiku about DPD, called itself "the worst delivery firm in the world"

View record → INC-25-0015

Replit AI Agent Deletes Production Database During Code Freeze

Agentic Systems

Affected user: Jason Lemkin, founder of SaaStr
Data destroyed: Production database containing 1,200+ executives and 1,190+ companies
Agent action: Deleted production database despite user-declared code freeze

View record → INC-25-0024

Microsoft Reports Blocking $4 Billion in AI-Enabled Fraud Attempts

Security & Cyber

Scale: $4 billion in fraud attempts blocked over 12 months (April 2024–April 2025)
Bot prevention: 1.6 million bot sign-up attempts blocked per hour
Partnership fraud: 49,000 fraudulent partnership enrollments rejected

View record → INC-24-0012

Morris II — First Self-Replicating AI Worm Demonstrated

Agentic Systems View record → INC-25-0010

Unit 42 Demonstrates Agent Session Smuggling in A2A Multi-Agent Systems

Agentic Systems

Attack technique: Agent session smuggling — injecting hidden instructions into stateful A2A sessions between cooperating AI agents
PoC 1 (information exfiltration): A malicious research assistant agent tricked a financial assistant client agent into revealing system instructions, tool configurations, and chat history through seemingly benign follow-up questions during a delegated task<sup><a href="#source-1">[1]</a></sup>
PoC 2 (unauthorized transactions): The malicious agent escalated by smuggling hidden instructions that caused the financial assistant to invoke its stock-buying tool and execute an unauthorized purchase of 10 shares<sup><a href="#source-3">[3]</a></sup>

View record → INC-26-0007

Source: openai.com
Date: 2026-02-18
Keywords matched:

View record → INC-10-0001

2010 Flash Crash — Algorithmic Trading Cascading Failure

Systemic Risk

Market impact: Dow Jones dropped approximately 1,000 points (~9%) in minutes; nearly $1 trillion temporarily erased
Trigger: Automated sell algorithm executed a $4.1 billion order of E-mini S&P 500 futures without price sensitivity
Amplification mechanism: High-frequency trading algorithms created a "hot-potato" volume effect without providing genuine market liquidity

View record → INC-23-0002

Samsung Semiconductor Trade Secret Leak via ChatGPT

Security & Cyber

Method: Employees entered proprietary data into ChatGPT during routine work tasks
Data exposed: Semiconductor source code, internal meeting notes, hardware testing data
Number of incidents: At least three separate instances identified

View record → INC-23-0010

Chegg Stock Collapse After ChatGPT Disruption

Economic & Labor

Company affected: Chegg Inc. (NYSE: CHGG), a publicly traded education technology company
Triggering event: CEO's disclosure on Q1 2023 earnings call that ChatGPT was impacting student growth
Immediate market impact: Approximately 48% stock decline in one trading day

View record → INC-23-0011

New York Times Copyright Lawsuit Against OpenAI

Economic & Labor

Plaintiff: The New York Times Company
Defendants: OpenAI LP and Microsoft Corporation
Court: U.S. District Court for the Southern District of New York, Case No. 1:23-cv-11195

View record → INC-23-0012

Zoom AI Training Terms of Service Controversy

Privacy & Surveillance

Company: Zoom Video Communications
Trigger: Updated terms of service granting broad rights to use customer data for AI training
Section at issue: Section 10.4, covering "Service Generated Data" for machine learning and AI

View record → INC-23-0015

Sports Illustrated Published AI-Generated Articles Under Fake Author Names

Information Integrity

Publication: Sports Illustrated, published by The Arena Group
Content provider: AdVon Commerce, a third-party content company
Method: AI-generated articles published under fictitious author names with AI-generated headshot photos and fabricated biographies

View record → INC-24-0001

Hong Kong Deepfake CFO Video Conference Fraud

Information Integrity

Financial loss: $25.6 million USD (HK$200 million)
Method: Multi-participant deepfake video conference
Target: Finance department employee at multinational firm

View record → INC-24-0005

Air Canada Chatbot Hallucinated Refund Policy — Tribunal Ruling

Agentic Systems

Chatbot error: Air Canada's chatbot fabricated a bereavement fare policy that did not exist, advising retroactive discount applications
Corporate defense: Air Canada attempted to disclaim liability, arguing the chatbot was a "separate legal entity"
Tribunal ruling: Civil Resolution Tribunal found Air Canada liable for its chatbot's statements

View record → INC-24-0011

EU AI Act Enters Into Force as World's First Comprehensive AI Regulation

Systemic Risk

Legislation: Regulation (EU) 2024/1689 (EU AI Act)
Effective date: August 1, 2024 (entry into force); phased implementation through August 2026
Classification system: Four risk tiers (unacceptable, high, limited, minimal)

View record → INC-25-0001

AI-Orchestrated Cyber Espionage Campaign Against Critical Infrastructure

Security & Cyber

Threat actor: Suspected Chinese state-sponsored group designated GTG-1002
Method: Agentic AI (Claude Code) used to automate the majority of the cyber espionage workflow
AI autonomy: An estimated 80–90% of the attack was executed autonomously by AI

View record → INC-19-0001

AI Voice Clone CEO Fraud Against UK Energy Company

Information Integrity

Method: AI-generated voice clone of a German parent company CEO used in a phone call
Target: CEO of UK subsidiary energy company
Financial loss: EUR 220,000 (approximately $243,000 USD)

View record → INC-23-0006

WormGPT: AI-Powered Business Email Compromise Tool

Security & Cyber

Method: Jailbroken large language model specifically trained for generating malicious content
Capabilities: Grammatically correct phishing emails, BEC attack scripts, social engineering content in multiple languages
Distribution: Sold on cybercrime forums as a subscription service

View record →

How to Read These Records

Each record documents a specific, verifiable event in which AI-enabled harm occurred.

Focus on observable impact, not technical implementation
Note the primary threat category and secondary intersections
Use sources and stable identifiers to verify context