Incidents API
The incidents endpoint returns the full database of documented AI threat incidents, including metadata, threat classifications, source references, and outcomes.
Endpoint: /api/incidents.json (opens in new tab)
Format: JSON (UTF-8)
Authentication: None required
CORS: Access-Control-Allow-Origin: *
Cache: public, max-age=3600 (1 hour)
Response Structure
The response contains a _meta object with versioning information, followed by an incidents array. Each incident includes its full metadata and source list.
Incident Object
| Field | Type | Description |
|---|---|---|
id | string | Stable identifier (e.g. INC-24-0001) |
title | string | Descriptive incident title |
slug | string | URL slug |
url | string | Canonical incident page URL |
status | string | confirmed | alleged | under_investigation |
severity | string | critical | high | medium | low |
evidence_level | string | primary | corroborated | single-source |
date_occurred | string | When the incident took place (YYYY-MM or YYYY-MM-DD) |
last_updated | string | Date of most recent content update |
regions | array | Geographic regions affected |
sectors | array | Industry sectors involved |
affected_groups | array | Who was directly harmed (group slugs) |
roles_involved | array | Who caused, enabled, or failed to prevent |
threat_patterns | object | Primary and secondary pattern classifications |
sources | array | Source references (title, type, date, URL) |
outcomes | object | null | Financial losses, regulatory actions, and other outcomes |
Threat Patterns Object
Each incident is classified by a primary pattern and optionally one or more secondary patterns. Each pattern reference contains a domain slug and a pattern slug.
| Field | Type | Description |
|---|---|---|
primary.domain | string | Domain slug (e.g. information-integrity) |
primary.pattern | string | Pattern slug (e.g. deepfake-identity-hijacking) |
secondary | array | Additional pattern classifications (same structure) |
Example Response
A truncated example showing one incident:
{
"_meta": {
"name": "TopAIThreats.com Incidents",
"version": "1.0",
"generated": "2026-02-26T00:00:00.000Z",
"total_incidents": 56,
"url": "https://topaithreats.com",
"license": "CC BY 4.0"
},
"incidents": [
{
"id": "INC-24-0001",
"title": "Hong Kong Deepfake CFO Video Conference Fraud",
"slug": "hong-kong-deepfake-cfo-fraud",
"url": "https://topaithreats.com/incidents/INC-24-0001-hong-kong-deepfake-cfo-fraud/",
"status": "confirmed",
"severity": "critical",
"evidence_level": "primary",
"date_occurred": "2024-01",
"last_updated": "2026-02-26",
"regions": ["asia"],
"sectors": ["finance"],
"affected_groups": ["business-leaders"],
"roles_involved": ["it-security"],
"threat_patterns": {
"primary": {
"domain": "information-integrity",
"pattern": "deepfake-identity-hijacking"
},
"secondary": [
{
"domain": "security-cyber",
"pattern": "ai-morphed-malware"
}
]
},
"sources": [
{
"title": "Hong Kong Police Statement",
"type": "primary",
"date": "2024-02",
"url": "https://..."
}
],
"outcomes": null
}
]
}Use Cases
- Incident tracking — Monitor documented AI threat incidents across industries and regions
- Trend analysis — Filter by severity, status, sector, or region to identify patterns over time
- Source verification — Access original source references for each incident for independent validation
- Risk reporting — Incorporate incident data into organisational AI risk reports and board-level briefings
- Academic research — Use stable incident IDs (
INC-YY-NNNN) as citation anchors in publications