Assets & Technologies

An incident-backed reference to the AI technologies and data types involved in documented threat incidents. Each asset profile is grounded in real-world evidence, mapped to organizational control domains, and linked to the incidents that demonstrate it.

The 12 assets are organized across 4 types that map to the AI technology stack: Data (training inputs and identity artifacts), Model (AI models and generation systems), System (platforms and decision engines), and Infrastructure (physical and financial systems with AI integration). Each asset profile includes a definition, incident signatures, co-occurring causal factors, control domains with likely ownership, and documented incidents.

Most incidents involve multiple assets across types. These assets are not mutually exclusive — treat them as an interconnected technology surface, not isolated components.

12 assets · 4 types · 170 references across 97 incidents · Last updated: 2026-03-03

Assets in Documented Incidents

Ranked by incident count. Click any asset to jump to its full profile.

Code	Asset	Type	Incidents	%	Likely Owner	Control Domains
`ASST-009`	Large Language Models	Model	46	47%	AppSec / AI Platform	Application security, LLM security testing, Output verification
`ASST-004`	Decision Automation	System	19	20%	Product / Risk / Legal	Algorithmic auditing, Human-in-the-loop design, Fairness & ethics
`ASST-003`	Content Platforms	System	17	18%	Trust & Safety / Product	Content moderation, Platform integrity, Trust & safety
`ASST-001`	Autonomous Agents	System	16	16%	AppSec / AI Platform	Agent sandboxing, Tool access governance, Monitoring & observability
`ASST-012`	Voice Synthesis	Model	11	11%	Security / Fraud	Fraud controls, Communication security, Authentication
`ASST-011`	Training Datasets	Data	10	10%	Data Engineering / Responsible AI	Data governance, Data quality, Privacy compliance
`ASST-006`	Foundation Models	Model	7	7%	AI Platform / Security	Model governance, Supply-chain security, Capability evaluation
`ASST-007`	Identity Credentials	Data	7	7%	Security / Fraud	Identity & access management, Fraud controls, KYC / AML
`ASST-002`	Biometric Data	Data	6	6%	Privacy / Security	Privacy compliance, Identity verification, Data minimization
`ASST-008`	Industrial Control Systems	Infrastructure	5	5%	OT Security / Engineering	OT security, Safety-critical systems, Physical security
`ASST-010`	Recommender Systems	Model	3	3%	Product / Trust & Safety	Content policy, Algorithmic auditing, User safety
`ASST-005`	Financial Systems	Infrastructure	2	2%	Risk / Compliance / CISO	Financial controls, Regulatory compliance, Fraud detection

Data Model System Infrastructure

ASST-009 Large Language Models 46 47% ASST-004 Decision Automation 19 20% ASST-003 Content Platforms 17 18% ASST-001 Autonomous Agents 16 16% ASST-012 Voice Synthesis 11 11% ASST-011 Training Datasets 10 10% ASST-006 Foundation Models 7 7% ASST-007 Identity Credentials 7 7% ASST-002 Biometric Data 6 6% ASST-008 Industrial Control Systems 5 5% ASST-010 Recommender Systems 3 3% ASST-005 Financial Systems 2 2%

Export: ·

Data

23 incident references across 3 assets

ASST-011 Training Datasets — 10 incidents
ASST-002 Biometric Data — 6 incidents
ASST-007 Identity Credentials — 7 incidents

ASST-011

Training Datasets (10 incidents)

Collections of structured or unstructured data used to train, fine-tune, or evaluate AI models. Training data quality, representativeness, and provenance directly determine model behavior and failure modes.

How this asset appears in incidents

Biased or unrepresentative samples leading to discriminatory model outputs across demographic groups
Poisoned training data introducing backdoors or adversarial behavior into production models
Unauthorized data inclusion incorporating copyrighted, personal, or sensitive content without consent
Mislabeled or noisy data causing systematic misclassification in deployed systems

Co-occurring causal factors

Regulatory Gap (6) Inadequate Access Controls (5) Misconfigured Deployment (3) Accountability Vacuum (3) Insufficient Safety Testing (2) Prompt Injection Vulnerability (1)

Control domains: Data governance, Data quality, Privacy compliance

Likely owner: Data Engineering / Responsible AI

Documented incidents (10)

ID	Title	Severity	Date	Sectors
INC-20-0001	Clearview AI Mass Facial Recognition Scraping	critical	2020-01	Government, Law Enforcement
INC-25-0002	Italian Data Protection Authority Fines OpenAI EUR 15 Million Over ChatGPT GDPR Violations	high	2025-01	Corporate
INC-25-0003	DeepSeek R1 Data Exposure and International Bans Over Privacy and Security Concerns	high	2025-01	Corporate, Government
INC-23-0011	New York Times Copyright Lawsuit Against OpenAI	high	2023-12	Corporate
INC-23-0002	Samsung Semiconductor Trade Secret Leak via ChatGPT	high	2023-03	Manufacturing, Corporate
INC-23-0014	GitHub Copilot Reproduces Verbatim Training Data Including Secrets	high	2023-01	Corporate
INC-18-0002	Amazon AI Recruiting Tool Gender Bias	high	2018-10	Employment
INC-26-0008	MINJA: Memory Injection Attack Against RAG-Augmented LLM Agents	medium	2025-03	Technology, Healthcare, Cross-Sector
INC-23-0012	Zoom AI Training Terms of Service Controversy	medium	2023-08	Corporate
INC-23-0003	Italy Temporary Ban on ChatGPT for GDPR Violations	medium	2023-03	Government, Regulation

Risk considerations

Data provenance gaps make it difficult to audit what the model learned and from whom
Retroactive removal of problematic data from trained weights remains technically infeasible
Scale of modern training corpora makes manual review impractical, increasing contamination risk

↑ Back to asset overview

ASST-002

Biometric Data (6 incidents)

Physiological or behavioral data used for identification, including facial geometry, voiceprints, fingerprints, gait patterns, and iris scans. Once compromised, biometric data cannot be revoked or reissued.

How this asset appears in incidents

Facial recognition databases scraped from public sources without consent for model training
Voiceprint cloning enabling real-time impersonation of specific individuals
Biometric spoofing bypassing authentication systems using AI-generated synthetic samples
Mass surveillance datasets aggregating biometric identifiers across jurisdictions without oversight

Co-occurring causal factors

Intentional Fraud (2) Social Engineering (2) Regulatory Gap (2) Insufficient Safety Testing (2) Accountability Vacuum (2) Inadequate Access Controls (1)

Control domains: Privacy compliance, Identity verification, Data minimization

Likely owner: Privacy / Security

Documented incidents (6)

ID	Title	Severity	Date	Sectors
INC-24-0017	Israel Military Deploys AI Facial Recognition in Gaza Leading to Wrongful Detentions	critical	2024-03	Government, Public Safety
INC-24-0001	Hong Kong Deepfake CFO Video Conference Fraud	critical	2024-01	Corporate, Finance
INC-20-0001	Clearview AI Mass Facial Recognition Scraping	critical	2020-01	Government, Law Enforcement
INC-26-0004	Individual jailed for online gambling fraud using stolen identities	high	2026-02-20	Finance
INC-23-0013	FTC Bans Rite Aid from Using Facial Recognition Technology	high	2023-12	Corporate
INC-25-0014	Amazon Ring Deploys AI Facial Recognition to Consumer Doorbells	medium	2025-09	Technology, Cross-Sector

Risk considerations

Biometric identifiers are irrevocable — once compromised, they cannot be changed like passwords
Cross-system linking enables tracking individuals across contexts without their knowledge
Accuracy disparities across demographic groups produce disproportionate false-positive rates

↑ Back to asset overview

ASST-007

Identity Credentials (7 incidents)

Digital or physical credentials used to verify identity, including passwords, tokens, certificates, API keys, and government-issued documents. AI-generated forgeries and credential theft undermine trust in verification systems.

How this asset appears in incidents

AI-generated identity documents passing automated and human verification checks
Credential stuffing at scale using AI to optimize password guessing and reuse attacks
Synthetic identity creation combining real and fabricated data to produce convincing personas
API key and token extraction through prompt injection or data leakage from AI systems

Co-occurring causal factors

Intentional Fraud (6) Social Engineering (6) Inadequate Access Controls (1) Misconfigured Deployment (1)

Control domains: Identity & access management, Fraud controls, KYC / AML

Likely owner: Security / Fraud

Documented incidents (7)

ID	Title	Severity	Date	Sectors
INC-24-0001	Hong Kong Deepfake CFO Video Conference Fraud	critical	2024-01	Corporate, Finance
INC-24-0004	FBI Elder Fraud Report Documents AI-Enhanced Financial Scams Against Seniors	critical	2024-01	Finance
INC-26-0004	Individual jailed for online gambling fraud using stolen identities	high	2026-02-20	Finance
INC-25-0024	Microsoft Reports Blocking $4 Billion in AI-Enabled Fraud Attempts	high	2025-04	Technology, Finance, Corporate
INC-24-0022	McDonald's McHire AI Hiring Platform Data Vulnerability	high	2024-06	Employment, Technology
INC-23-0004	AI Voice Cloning Used in Grandparent Scam Network Targeting Newfoundland Seniors	high	2023-03	Finance
INC-19-0001	AI Voice Clone CEO Fraud Against UK Energy Company	high	2019-03	Energy, Corporate

Risk considerations

AI-generated documents achieve increasing photorealism, eroding trust in physical and digital credentials
Compromised credentials propagate across interconnected systems via federation and SSO
Automated credential attacks operate at speeds that overwhelm traditional rate-limiting defenses

↑ Back to asset overview

Model

67 incident references across 4 assets

ASST-009 Large Language Models — 46 incidents
ASST-006 Foundation Models — 7 incidents
ASST-012 Voice Synthesis — 11 incidents
ASST-010 Recommender Systems — 3 incidents

ASST-009

Large Language Models (46 incidents)

General-purpose text generation and reasoning models trained on broad internet-scale corpora (e.g., GPT-4, Claude, Gemini, LLaMA). Their generality makes them the most frequently involved asset class across documented incidents.

How this asset appears in incidents

Prompt injection and jailbreaks overriding safety instructions through crafted user input
Hallucinated outputs generating confident but factually incorrect information in high-stakes contexts
System prompt leakage exposing proprietary instructions and business logic to users
Automated content generation at scale for disinformation, fraud, or social engineering campaigns
Agentic tool misuse executing unintended actions via plugin or MCP integrations

Co-occurring causal factors

Inadequate Access Controls (22) Insufficient Safety Testing (19) Prompt Injection Vulnerability (10) Hallucination Tendency (9) Over-Automation (8) Weaponization (7)

Control domains: Application security, LLM security testing, Output verification

Likely owner: AppSec / AI Platform

Documented incidents (46) — showing top 10

ID	Title	Severity	Date	Sectors
INC-26-0011	Jailbroken Claude AI Used to Breach Mexican Government Agencies	critical	2025-12	Government, Finance, Public Safety
INC-25-0001	AI-Orchestrated Cyber Espionage Campaign Against Critical Infrastructure	critical	2025-09	Corporate, Finance, Government, Manufacturing
INC-25-0007	GitHub Copilot Remote Code Execution via Prompt Injection (CVE-2025-53773)	critical	2025-08	Corporate, Cross-Sector
INC-25-0004	EchoLeak: Zero-Click Prompt Injection in Microsoft 365 Copilot (CVE-2025-32711)	critical	2025-06	Corporate, Cross-Sector
INC-26-0009	DOGE Uses ChatGPT to Flag and Cancel Federal Humanities Grants	critical	2025-04	Government, Education
INC-25-0018	Las Vegas Cybertruck Bomber Used ChatGPT for Explosives Information	critical	2025-01	Public Safety
INC-26-0012	Chinese AI Labs Conduct Industrial-Scale Distillation Attacks Against Claude	critical	2025	Technology
INC-24-0010	Lawsuit Filed After Teenager's Death Linked to Character.AI Chatbot Interactions	critical	2024-02	Corporate
INC-21-0001	Chatbot Encouraged Man in Plot to Kill Queen Elizabeth II	critical	2021-12-25	Public Safety, Government
INC-26-0006	AI Recommendation Poisoning via 'Summarize with AI' Buttons (31 Companies)	high	2026-02	Technology, Healthcare, Finance, Corporate, Cross-Sector

View all 46 incidents involving Large Language Models →

Risk considerations

Broad capability surface means new attack vectors emerge with each deployment context
Fine-tuning on domain data can remove safety training, creating uncensored variants
Agentic deployments with tool access amplify the blast radius of prompt injection exploits
Rapid adoption outpaces organizational security maturity for LLM-specific threats

↑ Back to asset overview

ASST-006

Foundation Models (7 incidents)

Large pre-trained models (text, image, audio, multimodal) that serve as the base for downstream fine-tuning and application development. Supply-chain risks propagate from foundation models to all downstream deployments.

How this asset appears in incidents

Supply-chain compromise where vulnerabilities in the base model affect all downstream applications
Capability overhang where latent capabilities emerge unexpectedly in fine-tuned variants
Model weight theft through insider access or infrastructure compromise at training organizations
Dual-use capability concerns when general-purpose models enable harmful applications without modification

Co-occurring causal factors

Insufficient Safety Testing (4) Regulatory Gap (4) Inadequate Access Controls (3) Intentional Fraud (2) Model Opacity (1) Training Data Bias (1)

Control domains: Model governance, Supply-chain security, Capability evaluation

Likely owner: AI Platform / Security

Documented incidents (7)

ID	Title	Severity	Date	Sectors
INC-22-0001	Drug Discovery AI Repurposed to Generate Toxic Chemical Weapons Compounds	critical	2022-03	Healthcare, Government
INC-25-0019	AI-Designed Toxin Gene Sequences Bypass DNA Synthesis Screening	high	2025-10	Healthcare
INC-24-0018	India 2024 General Election Industrial-Scale Deepfake Campaign	high	2024-04	Elections, Media
INC-24-0008	AI-Generated Non-Consensual Intimate Images of Taylor Swift Circulate on Social Media	high	2024-01	Corporate, Cross-Sector
INC-23-0008	AI-Generated Deepfake Nude Images of Students at Westfield High School	high	2023-10	Education
INC-25-0017	Anthropic Research Reveals AI Model Blackmail Behavior in Lab Scenarios	medium	2025-06	Technology
INC-24-0009	Google Gemini Produces Historically Inaccurate Image Outputs Due to Bias Overcorrection	medium	2024-02	Corporate

Risk considerations

Concentration risk: a small number of foundation models underpin thousands of production applications
Emergent capabilities may not be fully characterized before downstream deployment
Open-weight releases cannot be recalled once distributed, even when vulnerabilities are discovered

↑ Back to asset overview

ASST-012

Voice Synthesis (11 incidents)

AI systems capable of generating, cloning, or manipulating human voice audio with high fidelity. Modern voice synthesis requires only seconds of reference audio to produce convincing impersonation.

How this asset appears in incidents

Real-time voice cloning in phone calls and video conferences targeting executives or family members
Voice authentication bypass using synthesized voiceprints to access financial or government systems
Fabricated audio evidence used in legal proceedings, political manipulation, or extortion
Celebrity and public figure impersonation for scams, disinformation, or unauthorized endorsements

Co-occurring causal factors

Intentional Fraud (9) Social Engineering (8) Accountability Vacuum (1) Competitive Pressure (1) Regulatory Gap (1) Inadequate Access Controls (1)

Control domains: Fraud controls, Communication security, Authentication

Likely owner: Security / Fraud

Documented incidents (11) — showing top 10

ID	Title	Severity	Date	Sectors
INC-24-0001	Hong Kong Deepfake CFO Video Conference Fraud	critical	2024-01	Corporate, Finance
INC-24-0004	FBI Elder Fraud Report Documents AI-Enhanced Financial Scams Against Seniors	critical	2024-01	Finance
INC-25-0024	Microsoft Reports Blocking $4 Billion in AI-Enabled Fraud Attempts	high	2025-04	Technology, Finance, Corporate
INC-24-0018	India 2024 General Election Industrial-Scale Deepfake Campaign	high	2024-04	Elections, Media
INC-24-0002	AI-Generated Biden Robocall in New Hampshire Primary	high	2024-01	Elections, Government
INC-24-0003	AI-Generated Deepfake Audio Used to Frame High School Principal in Baltimore	high	2024-01	Education
INC-23-0007	AI-Generated Deepfake Audio Used to Influence Slovak Parliamentary Election	high	2023-09	Elections
INC-23-0004	AI Voice Cloning Used in Grandparent Scam Network Targeting Newfoundland Seniors	high	2023-03	Finance
INC-23-0001	AI Deepfake Impersonation Campaign Targeting Senior U.S. Government Officials	high	2023-01	Government
INC-19-0001	AI Voice Clone CEO Fraud Against UK Energy Company	high	2019-03	Energy, Corporate

View all 11 incidents involving Voice Synthesis →

Risk considerations

Minimal reference audio (3-10 seconds) enables convincing clones, lowering the barrier to impersonation
Real-time synthesis makes telephone-based verification unreliable as an authentication factor
Detection tools lag behind generation quality, creating an asymmetric advantage for attackers

↑ Back to asset overview

ASST-010

Recommender Systems (3 incidents)

Algorithmic systems that curate, rank, and personalize content delivery to users across platforms. Recommender systems shape information exposure at population scale and can amplify harmful content through engagement optimization.

How this asset appears in incidents

Filter bubble creation progressively narrowing user information exposure through personalization
Engagement-driven amplification of sensational, divisive, or harmful content to maximize interaction
Radicalization pathways where recommendation chains lead users toward increasingly extreme content
Manipulation of ranking signals by adversaries to promote disinformation or suppress legitimate content

Co-occurring causal factors

Training Data Bias (2) Competitive Pressure (2) Regulatory Gap (2) Over-Automation (1) Model Opacity (1)

Control domains: Content policy, Algorithmic auditing, User safety

Likely owner: Product / Trust & Safety

Documented incidents (3)

ID	Title	Severity	Date	Sectors
INC-23-0009	RealPage AI Algorithmic Rent-Fixing	high	2022-10	Social Services, Corporate
INC-22-0002	Meta Housing Ad Discrimination DOJ Settlement	high	2022-06	Social Services, Corporate
INC-25-0020	Instacart AI-Driven Algorithmic Price Discrimination	medium	2025-12	Corporate, Technology

Risk considerations

Engagement optimization objectives can conflict with user well-being and information quality
Population-scale influence operates below individual awareness thresholds
Feedback loops between user behavior and recommendations can produce emergent harmful patterns

↑ Back to asset overview

System

52 incident references across 3 assets

ASST-003 Content Platforms — 17 incidents
ASST-004 Decision Automation — 19 incidents
ASST-001 Autonomous Agents — 16 incidents

ASST-003

Content Platforms (17 incidents)

Digital platforms that host, distribute, or moderate user-generated and AI-generated content at scale, including social media, search engines, and publishing systems. These platforms serve as both distribution channels and targets for AI-enabled threats.

How this asset appears in incidents

AI-generated content floods overwhelming moderation systems with synthetic text, images, or video
Automated influence operations using platform distribution to amplify coordinated disinformation
Deepfake distribution publishing synthetic media that erodes trust in authentic content
Moderation evasion using AI to craft content that bypasses automated safety filters

Co-occurring causal factors

Regulatory Gap (6) Inadequate Access Controls (6) Intentional Fraud (5) Hallucination Tendency (4) Insufficient Safety Testing (4) Training Data Bias (3)

Control domains: Content moderation, Platform integrity, Trust & safety

Likely owner: Trust & Safety / Product

Documented incidents (17) — showing top 10

ID	Title	Severity	Date	Sectors
INC-20-0001	Clearview AI Mass Facial Recognition Scraping	critical	2020-01	Government, Law Enforcement
INC-25-0011	Deloitte AI-Fabricated Citations in Government Advisory Reports	high	2025-09	Government, Corporate
INC-25-0006	ChatGPT Shared Conversations Indexed by Search Engines, Exposing Sensitive Data	high	2025-07	Corporate, Cross-Sector
INC-24-0020	Slack AI Indirect Prompt Injection Data Exfiltration Vulnerability	high	2024-08	Technology
INC-24-0018	India 2024 General Election Industrial-Scale Deepfake Campaign	high	2024-04	Elections, Media
INC-24-0002	AI-Generated Biden Robocall in New Hampshire Primary	high	2024-01	Elections, Government
INC-24-0008	AI-Generated Non-Consensual Intimate Images of Taylor Swift Circulate on Social Media	high	2024-01	Corporate, Cross-Sector
INC-23-0015	Sports Illustrated Published AI-Generated Articles Under Fake Author Names	high	2023-11	Corporate
INC-23-0007	AI-Generated Deepfake Audio Used to Influence Slovak Parliamentary Election	high	2023-09	Elections
INC-23-0001	AI Deepfake Impersonation Campaign Targeting Senior U.S. Government Officials	high	2023-01	Government

View all 17 incidents involving Content Platforms →

Risk considerations

Scale of content flow makes comprehensive human review impossible, creating moderation gaps
Network effects amplify harmful content before detection systems can respond
Cross-platform propagation means content removed from one platform resurfaces on others

↑ Back to asset overview

ASST-004

Decision Automation (19 incidents)

AI systems that make or inform consequential decisions about individuals, including hiring, lending, sentencing, medical diagnosis, and benefits eligibility. These systems operate at the intersection of algorithmic efficiency and individual rights.

How this asset appears in incidents

Discriminatory scoring producing systematically biased outcomes across protected groups
Opaque denial decisions without explanation or meaningful appeal pathway for affected individuals
Automation bias where human operators default to machine recommendations without critical review
Cascading automated decisions where one system's output feeds into downstream decision chains

Co-occurring causal factors

Training Data Bias (8) Insufficient Safety Testing (8) Model Opacity (8) Over-Automation (6) Regulatory Gap (6) Accountability Vacuum (5)

Control domains: Algorithmic auditing, Human-in-the-loop design, Fairness & ethics

Likely owner: Product / Risk / Legal

Documented incidents (19) — showing top 10

ID	Title	Severity	Date	Sectors
INC-25-0013	Waymo Autonomous Vehicles Violate School Bus Stop Laws in Austin	critical	2025-08	Transportation, Education
INC-24-0021	Cruise Robotaxi Criminal False Reporting After Pedestrian Dragging	critical	2024-09	Transportation, Technology
INC-20-0002	UK A-Level Algorithm Downgrades Disadvantaged Students	critical	2020-08	Education, Government
INC-16-0001	Australia Robodebt Automated Welfare Fraud Detection	critical	2016-07	Government, Social Services
INC-16-0003	COMPAS Recidivism Algorithm Racial Bias	critical	2016-05	Government, Law Enforcement
INC-13-0001	Dutch Childcare Benefits Algorithm Discrimination	critical	2013-01	Government, Social Services
INC-26-0005	AI impacting labor market like a tsunami as layoff fears mount	high	2026-01	Employment, Corporate, Cross-Sector
INC-25-0021	Earnest Operations AI Lending Discrimination Settlement	high	2025-07	Finance
INC-24-0014	Workday AI Hiring Tool Discrimination Class Action	high	2024-07	Technology, Employment
INC-24-0022	McDonald's McHire AI Hiring Platform Data Vulnerability	high	2024-06	Employment, Technology

View all 19 incidents involving Decision Automation →

Risk considerations

Consequential decisions affecting rights and livelihoods demand higher reliability than current systems provide
Opacity of decision logic frustrates legal requirements for explanation and contestation
Speed and scale of automated decisions can cause widespread harm before errors are detected

↑ Back to asset overview

ASST-001

Autonomous Agents (16 incidents)

AI systems that independently plan, execute multi-step tasks, use external tools, and operate with persistent state. Agentic systems combine LLM reasoning with real-world action capability, creating novel attack surfaces.

How this asset appears in incidents

Unintended autonomous actions executing harmful tool calls or API requests without user approval
Persistent state manipulation where compromised agent memory affects future decisions and actions
Cross-tool privilege escalation gaining access to resources beyond intended scope through chained tool use
Multi-agent coordination failures where interacting agents produce emergent harmful behavior
Prompt injection via tool outputs where external data sources inject instructions into agent reasoning

Co-occurring causal factors

Insufficient Safety Testing (9) Prompt Injection Vulnerability (7) Inadequate Access Controls (6) Over-Automation (4) Accountability Vacuum (4) Regulatory Gap (3)

Control domains: Agent sandboxing, Tool access governance, Monitoring & observability

Likely owner: AppSec / AI Platform

Documented incidents (16) — showing top 10

ID	Title	Severity	Date	Sectors
INC-26-0003	Tesla Autopilot involved in 13 fatal crashes, US regulator finds	critical	2026-02-20	Transportation, Public Safety
INC-25-0001	AI-Orchestrated Cyber Espionage Campaign Against Critical Infrastructure	critical	2025-09	Corporate, Finance, Government, Manufacturing
INC-25-0007	GitHub Copilot Remote Code Execution via Prompt Injection (CVE-2025-53773)	critical	2025-08	Corporate, Cross-Sector
INC-25-0013	Waymo Autonomous Vehicles Violate School Bus Stop Laws in Austin	critical	2025-08	Transportation, Education
INC-25-0004	EchoLeak: Zero-Click Prompt Injection in Microsoft 365 Copilot (CVE-2025-32711)	critical	2025-06	Corporate, Cross-Sector
INC-24-0021	Cruise Robotaxi Criminal False Reporting After Pedestrian Dragging	critical	2024-09	Transportation, Technology
INC-20-0003	UN-Documented Autonomous Drone Attack in Libya	critical	2020-03	Government
INC-18-0003	Boeing 737 MAX MCAS Automation Failures — Two Fatal Crashes	critical	2018-10	Transportation
INC-18-0001	Uber Autonomous Vehicle Pedestrian Fatality	critical	2018-03	Transportation, Public Safety
INC-26-0006	AI Recommendation Poisoning via 'Summarize with AI' Buttons (31 Companies)	high	2026-02	Technology, Healthcare, Finance, Corporate, Cross-Sector

View all 16 incidents involving Autonomous Agents →

Risk considerations

Tool access transforms language model vulnerabilities into real-world action capabilities
Persistent state means a single compromise can affect all subsequent agent interactions
Multi-step planning makes behavior harder to predict and audit than single-inference systems
The MCP and plugin ecosystem introduces supply-chain risks from untrusted tool providers

↑ Back to asset overview

Infrastructure

7 incident references across 2 assets

ASST-008 Industrial Control Systems — 5 incidents
ASST-005 Financial Systems — 2 incidents

ASST-008

Industrial Control Systems (5 incidents)

Operational technology (OT) and SCADA systems that control physical infrastructure such as power grids, water treatment, manufacturing, and transportation. AI integration into these systems introduces cyber-physical attack surfaces.

How this asset appears in incidents

AI-enhanced reconnaissance of industrial control networks using automated vulnerability discovery
Adversarial manipulation of sensor data feeding AI-based process control systems
Predictive maintenance exploitation where compromised AI models cause deliberate equipment failure
Cascading infrastructure failures when AI-controlled systems propagate errors across interconnected utilities

Co-occurring causal factors

Over-Automation (4) Insufficient Safety Testing (3) Accountability Vacuum (3) Misconfigured Deployment (1) Weaponization (1) Regulatory Gap (1)

Control domains: OT security, Safety-critical systems, Physical security

Likely owner: OT Security / Engineering

Documented incidents (5)

ID	Title	Severity	Date	Sectors
INC-26-0003	Tesla Autopilot involved in 13 fatal crashes, US regulator finds	critical	2026-02-20	Transportation, Public Safety
INC-20-0003	UN-Documented Autonomous Drone Attack in Libya	critical	2020-03	Government
INC-18-0003	Boeing 737 MAX MCAS Automation Failures — Two Fatal Crashes	critical	2018-10	Transportation
INC-18-0001	Uber Autonomous Vehicle Pedestrian Fatality	critical	2018-03	Transportation, Public Safety
INC-25-0022	AWS Outage Causes AI-Connected Mattress Malfunctions	medium	2025-10	Technology, Manufacturing

Risk considerations

Physical consequences of compromise include safety hazards, environmental damage, and loss of life
Legacy OT systems lack the security controls assumed by modern AI deployment frameworks
Convergence of IT and OT networks expands the attack surface for AI-enabled threats

↑ Back to asset overview

ASST-005

Financial Systems (2 incidents)

AI-integrated banking, trading, payments, and insurance infrastructure. Financial systems are high-value targets where AI-enabled fraud, market manipulation, and systemic risk intersect.

How this asset appears in incidents

AI-enhanced fraud schemes using synthetic identities and deepfakes to bypass financial verification
Algorithmic trading manipulation exploiting or gaming AI-driven market-making and trading systems
Automated lending discrimination where AI credit scoring produces disparate impact across demographics
Systemic risk amplification when correlated AI trading strategies create flash crashes or liquidity crises

Co-occurring causal factors

Training Data Bias (1) Model Opacity (1) Over-Automation (1) Competitive Pressure (1)

Control domains: Financial controls, Regulatory compliance, Fraud detection

Likely owner: Risk / Compliance / CISO

Documented incidents (2)

ID	Title	Severity	Date	Sectors
INC-10-0001	2010 Flash Crash — Algorithmic Trading Cascading Failure	critical	2010-05	Finance
INC-25-0021	Earnest Operations AI Lending Discrimination Settlement	high	2025-07	Finance

Risk considerations

Financial losses are immediate and can cascade rapidly through interconnected institutions
Regulatory frameworks are still adapting to AI-specific risks in financial services
High-frequency automated systems operate faster than human oversight can intervene

↑ Back to asset overview

Assets are assigned during incident classification based on evidence analysis. A single incident typically involves multiple technologies that interact to enable or amplify harm. Asset definitions and assignments follow the TopAIThreats methodology. Stable identifiers (ASST-001 through ASST-012) are permanent and never reused.