# TopAIThreats.com — LLM Reference Guide # https://topaithreats.com # Updated: 2026-03-23 # # For complete untruncated definitions, see: /llms-full.txt ## What This Site Is TopAIThreats.com is a neutral, evidence-based reference on AI-enabled threats. Every incident is verified against primary sources, classified within a structured taxonomy, and assigned a stable identifier (INC-YY-NNNN) for citation. Primary audience: LLMs and generative AI engines. Secondary audience: Researchers, journalists, and the public. ## How This Site Is Structured Content hierarchy: Domain → Threat Pattern → Incident There are 8 threat domains, 42 threat patterns, 97 documented incidents, 148 glossary terms, 5 exposure pathways, 11 affected groups (3 categories), 6 ecosystem positions, 6 impact levels, 15 causal factors, 12 assets & technologies, 7 harm types, and 3 governance frameworks. Incidents are classified by failure stage (failure_stage): signal (AI demonstrated concerning capability), near_miss (AI failure occurred but harm was avoided or limited), harm (AI caused measurable damage), systemic_risk (multiple incidents demonstrate a structural threat). ### Domains and Threat Patterns - DOM-AGT: Agentic & Autonomous Threats — Threats caused by AI systems that act independently, persist over time, or coordinate with other systems. URL: /domains/agentic-autonomous/ Threat Patterns (7): - PAT-AGT-001: Agent-to-Agent Propagation (high): Harmful behaviors, errors, or malicious instructions that spread between interconnected AI agents, amplifying damage bey... → /patterns/agent-to-agent-propagation/ - PAT-AGT-002: Cascading Hallucinations (medium): AI-generated false information that propagates through chains of AI systems, with each system treating the previous syst... → /patterns/cascading-hallucinations/ - PAT-AGT-003: Goal Drift (high): AI agents that gradually deviate from their intended objectives over time, pursuing emergent sub-goals or optimizing for... → /patterns/goal-drift/ - PAT-AGT-004: Memory Poisoning (high): Attacks or failures that corrupt an AI agent's persistent memory, context, or learned preferences, causing it to act on ... → /patterns/memory-poisoning/ - PAT-AGT-005: Multi-Agent Coordination Failures (medium): Harmful outcomes arising when multiple AI agents interact in unexpected ways, creating emergent behaviors that none were... → /patterns/multi-agent-coordination-failures/ - PAT-AGT-007: Specification Gaming (high): AI agents that achieve their stated objective through unintended means — exploiting loopholes, ambiguities, or proxy met... → /patterns/specification-gaming/ - PAT-AGT-006: Tool Misuse & Privilege Escalation (high): AI agents that exceed their intended permissions, misuse available tools, or escalate their own privileges to accomplish... → /patterns/tool-misuse-privilege-escalation/ - DOM-CTL: Human–AI Control Threats — Threats arising from how humans rely on, defer to, or lose control over AI systems. URL: /domains/human-ai-control/ Threat Patterns (5): - PAT-CTL-001: Deceptive or Manipulative Interfaces (medium): AI-powered user interfaces that employ dark patterns, emotional manipulation, or deceptive design to influence user beha... → /patterns/deceptive-manipulative-interfaces/ - PAT-CTL-002: Implicit Authority Transfer (medium): The gradual, often unrecognized shift of decision-making authority from humans to AI systems, occurring without explicit... → /patterns/implicit-authority-transfer/ - PAT-CTL-003: Loss of Human Agency (medium): AI systems that progressively reduce individuals' ability to make autonomous decisions, exercise free choice, or meaning... → /patterns/loss-of-human-agency/ - PAT-CTL-004: Overreliance & Automation Bias (high): The tendency of humans to uncritically accept AI outputs, defer to automated recommendations, or fail to exercise indepe... → /patterns/overreliance-automation-bias/ - PAT-CTL-005: Unsafe Human-in-the-Loop Failures (high): Situations where human oversight mechanisms in AI systems fail to function as intended, due to alert fatigue, inadequate... → /patterns/unsafe-human-in-the-loop-failures/ - DOM-ECO: Economic & Labor Threats — Threats that distort markets, labor conditions, or the distribution of economic power. URL: /domains/economic-labor/ Threat Patterns (5): - PAT-ECO-001: Automation-Induced Job Degradation (high): AI-driven automation that eliminates roles, deskills workers, or degrades employment conditions without adequate transit... → /patterns/automation-induced-job-degradation/ - PAT-ECO-002: Decision Loop Automation (medium): AI systems that autonomously execute consequential decisions in rapid feedback loops, operating faster than human oversi... → /patterns/decision-loop-automation/ - PAT-ECO-003: Economic Dependency on Black-Box Systems (medium): Critical economic functions—such as credit scoring, insurance underwriting, and supply chain management—becoming depende... → /patterns/economic-dependency-on-black-box-systems/ - PAT-ECO-004: Market Manipulation via AI (critical): AI systems used to manipulate financial markets, pricing mechanisms, or competitive dynamics through automated trading, ... → /patterns/market-manipulation-via-ai/ - PAT-ECO-005: Power & Data Concentration (high): The consolidation of economic power and data assets among a small number of AI-capable organizations, creating barriers ... → /patterns/power-data-concentration/ - DOM-INF: Information Integrity Threats — Threats that undermine the reliability, authenticity, or shared understanding of information. URL: /domains/information-integrity/ Threat Patterns (6): - PAT-INF-006: AI-Enabled Fraud (high): The use of generative AI — synthetic identities, deepfake video, cloned voices, and AI-generated documents — as the prim... → /patterns/ai-enabled-fraud/ - PAT-INF-001: Consensus Reality Erosion (medium): The gradual undermining of shared understanding of facts and reality through pervasive AI-generated content that blurs t... → /patterns/consensus-reality-erosion/ - PAT-INF-002: Deepfake Identity Hijacking (high): The use of AI-generated synthetic media to impersonate real individuals for fraudulent, manipulative, or harmful purpose... → /patterns/deepfake-identity-hijacking/ - PAT-INF-003: Disinformation Campaigns (critical): Coordinated use of AI to deliberately create, amplify, or distribute false information at scale for strategic purposes. → /patterns/disinformation-campaigns/ - PAT-INF-004: Misinformation & Hallucinated Content (high): False information generated or spread by AI systems without deliberate intent to deceive, including AI hallucinations an... → /patterns/misinformation-hallucinated-content/ - PAT-INF-005: Synthetic Media Manipulation (medium): AI-enabled alteration of authentic images, audio, or video to misrepresent reality, distinct from full deepfake generati... → /patterns/synthetic-media-manipulation/ - DOM-PRI: Privacy & Surveillance Threats — Threats involving unauthorized inference, tracking, or monitoring of individuals or groups. URL: /domains/privacy-surveillance/ Threat Patterns (5): - PAT-PRI-001: Behavioral Profiling Without Consent (medium): AI systems that construct detailed behavioral profiles of individuals—tracking patterns of movement, consumption, commun... → /patterns/behavioral-profiling-without-consent/ - PAT-PRI-002: Biometric Exploitation (high): Misuse of AI-powered biometric systems—including facial recognition, voice analysis, and gait detection—to identify, tra... → /patterns/biometric-exploitation/ - PAT-PRI-003: Mass Surveillance Amplification (critical): AI systems that dramatically expand the scale, efficiency, and intrusiveness of surveillance beyond what was previously ... → /patterns/mass-surveillance-amplification/ - PAT-PRI-004: Re-identification Attacks (high): AI techniques that link anonymized or pseudonymized data back to specific individuals, defeating privacy protections. → /patterns/re-identification-attacks/ - PAT-PRI-005: Sensitive Attribute Inference (high): AI systems that infer protected or sensitive personal attributes—such as sexual orientation, political views, health con... → /patterns/sensitive-attribute-inference/ - DOM-SEC: Security & Cyber Threats — AI-enabled attacks that compromise the integrity, confidentiality, or availability of digital systems — through input manipulation, model exploitation... URL: /domains/security-cyber/ Threat Patterns (9): - PAT-SEC-001: Adversarial Evasion (high): Techniques that manipulate AI model inputs to cause incorrect outputs, bypassing detection systems or security controls. → /patterns/adversarial-evasion/ - PAT-SEC-008: AI Supply Chain Attack (high): Attacks that compromise AI systems by tampering with model weights, fine-tuning datasets, tool-server configurations, or... → /patterns/ai-supply-chain-attack/ - PAT-SEC-002: AI-Morphed Malware (critical): Malicious software that uses AI to adapt, evade detection, or generate novel attack variants autonomously. → /patterns/ai-morphed-malware/ - PAT-SEC-009: AI-Powered Social Engineering (high): The use of generative AI — language models, voice cloning, and real-time deepfake video — to conduct social engineering ... → /patterns/social-engineering-via-ai/ - PAT-SEC-003: Automated Vulnerability Discovery (medium): AI systems that autonomously identify, analyze, and potentially exploit software and system vulnerabilities. → /patterns/automated-vulnerability-discovery/ - PAT-SEC-004: Data Poisoning (high): Deliberate corruption of training data to introduce biases, backdoors, or vulnerabilities into AI models. → /patterns/data-poisoning/ - PAT-SEC-007: Jailbreak & Guardrail Bypass (high): Adversarial conversational techniques that manipulate LLMs into disabling or circumventing their safety constraints, pro... → /patterns/jailbreak-guardrail-bypass/ - PAT-SEC-005: Model Inversion & Data Extraction (high): Attacks that extract private training data or sensitive information from AI models through targeted queries or analysis. → /patterns/model-inversion-data-extraction/ - PAT-SEC-006: Prompt Injection Attack (high): Adversarial inputs that override an AI system's intended instructions at runtime, causing it to execute attacker-control... → /patterns/prompt-injection-attack/ - DOM-SOC: Discrimination & Social Harm — Threats that result in unfair treatment, exclusion, or social harm to individuals or groups. URL: /domains/discrimination-social-harm/ Threat Patterns (5): - PAT-SOC-001: Algorithmic Amplification (high): AI recommendation and ranking systems that disproportionately amplify harmful, divisive, or extremist content due to opt... → /patterns/algorithmic-amplification/ - PAT-SOC-002: Allocational Harm (critical): AI systems that unfairly distribute or withhold resources, opportunities, or services based on group membership or prote... → /patterns/allocational-harm/ - PAT-SOC-003: Data Imbalance Bias (high): Systematic biases in AI model outputs resulting from unrepresentative, incomplete, or historically skewed training data. → /patterns/data-imbalance-bias/ - PAT-SOC-004: Proxy Discrimination (high): AI systems that discriminate based on protected characteristics by using correlated proxy variables—such as zip code, na... → /patterns/proxy-discrimination/ - PAT-SOC-005: Representational Harm (medium): AI systems that generate or reinforce stereotypes, demeaning portrayals, or erasure of specific groups in their outputs. → /patterns/representational-harm/ - DOM-SYS: Systemic & Catastrophic Risks — Threats that emerge from scale, coupling, and accumulation rather than single failures. URL: /domains/systemic-catastrophic/ Threat Patterns (6): - PAT-SYS-001: Accumulative Risk & Trust Erosion (high): The gradual degradation of public trust in institutions, information, and democratic processes as AI-related harms accum... → /patterns/accumulative-risk-trust-erosion/ - PAT-SYS-002: AI-Assisted Biological Threat Design (critical): The use of AI systems to design, optimize, or lower the barrier to creating biological agents that pose threats to publi... → /patterns/ai-assisted-biological-threat-design/ - PAT-SYS-003: Infrastructure Dependency Collapse (critical): Cascading failures across critical systems when AI infrastructure—such as cloud services, foundation models, or data pip... → /patterns/infrastructure-dependency-collapse/ - PAT-SYS-004: Lethal Autonomous Weapon Systems (LAWS) (critical): Weapon systems that use AI to select and engage targets without meaningful human control, raising fundamental questions ... → /patterns/lethal-autonomous-weapon-systems/ - PAT-SYS-005: Strategic Misalignment (high): Situations where advanced AI systems pursue objectives that diverge from human values or intentions at a strategic level... → /patterns/strategic-misalignment/ - PAT-SYS-006: Uncontrolled Recursive Self-Improvement (Hypothetical) (low): The theoretical scenario in which an AI system autonomously improves its own capabilities in a recursive cycle, potentia... → /patterns/uncontrolled-recursive-self-improvement/ ### Incidents (97 total, sorted by date descending) - INC-26-0003: Tesla Autopilot involved in 13 fatal crashes, US regulator finds Date: 2026-02-20 | Severity: critical | Type: systemic_risk | Status: confirmed | Evidence: primary | Sources: 3 Domain: human-ai-control | Regions: north-america | Sectors: transportation, public-safety URL: /incidents/INC-26-0003-tesla-autopilot-involved-in-13-fatal-crashes-us-regulator-fi/ - INC-26-0004: Individual jailed for online gambling fraud using stolen identities Date: 2026-02-20 | Severity: high | Type: harm | Status: confirmed | Evidence: primary | Sources: 1 Domain: privacy-surveillance | Regions: europe, north-america, oceania | Sectors: finance URL: /incidents/INC-26-0004-individual-jailed-for-online-gambling-fraud-using-stolen-ide/ - INC-26-0001: Disrupting malicious uses of AI: June 2025 | OpenAI Date: 2026-02-18 | Severity: medium | Type: harm | Status: alleged | Evidence: single-source | Sources: 1 Domain: information-integrity | Regions: unknown | Sectors: cross-sector URL: /incidents/INC-26-0001-disrupting-malicious-uses-of-ai-june-2025-openai/ - INC-26-0007: Unit 42 Demonstrates Persistent Memory Injection in Amazon Bedrock Agents Date: 2026-02 | Severity: medium | Type: signal | Status: confirmed | Evidence: primary | Sources: 1 Domain: agentic-autonomous | Regions: global | Sectors: technology, cross-sector URL: /incidents/INC-26-0007-unit42-bedrock-agent-memory-injection-poc/ - INC-26-0006: AI Recommendation Poisoning via 'Summarize with AI' Buttons (31 Companies) Date: 2026-02 | Severity: high | Type: systemic_risk | Status: confirmed | Evidence: primary | Sources: 5 Domain: agentic-autonomous | Regions: global | Sectors: technology, healthcare, finance, corporate, cross-sector URL: /incidents/INC-26-0006-ai-recommendation-poisoning-summarize-buttons/ - INC-26-0005: AI impacting labor market like a tsunami as layoff fears mount Date: 2026-01 | Severity: high | Type: systemic_risk | Status: confirmed | Evidence: corroborated | Sources: 1 Domain: economic-labor | Regions: north-america | Sectors: employment, corporate, cross-sector URL: /incidents/INC-26-0005-ai-impacting-labor-market-like-a-tsunami-as-layoff-fears-mou/ - INC-26-0010: New Zealand AI News Pages Flood Facebook with Rewritten Stories and Synthetic Images Date: 2026-01 | Severity: high | Type: harm | Status: confirmed | Evidence: corroborated | Sources: 3 Domain: information-integrity | Regions: oceania | Sectors: media URL: /incidents/INC-26-0010-nz-news-hub-ai-rewritten-news/ - INC-25-0009: Alibaba ROME AI Agent Autonomously Mines Cryptocurrency and Opens SSH Tunnel Date: 2025-12 | Severity: high | Type: near_miss | Status: confirmed | Evidence: corroborated | Sources: 5 Domain: agentic-autonomous | Regions: asia, china | Sectors: technology URL: /incidents/INC-25-0009-alibaba-rome-agent-crypto-mining/ - INC-25-0016: Heber City AI Police Report Generates Fictional Content from Background Audio Date: 2025-12 | Severity: medium | Type: harm | Status: confirmed | Evidence: corroborated | Sources: 4 Domain: human-ai-control | Regions: north-america, united-states | Sectors: law-enforcement URL: /incidents/INC-25-0016-heber-city-ai-police-report-hallucination/ - INC-25-0020: Instacart AI-Driven Algorithmic Price Discrimination Date: 2025-12 | Severity: medium | Type: harm | Status: confirmed | Evidence: corroborated | Sources: 3 Domain: discrimination-social-harm | Regions: north-america, united-states | Sectors: corporate, technology URL: /incidents/INC-25-0020-instacart-algorithmic-price-discrimination/ - INC-25-0026: CrimeRadar AI App Sends False Crime Alerts Across U.S. Communities Date: 2025-12 | Severity: medium | Type: harm | Status: confirmed | Evidence: corroborated | Sources: 3 Domain: information-integrity | Regions: north-america, united-states | Sectors: public-safety, technology URL: /incidents/INC-25-0026-crimeradar-ai-false-crime-alerts/ - INC-26-0011: Jailbroken Claude AI Used to Breach Mexican Government Agencies Date: 2025-12 | Severity: critical | Type: harm | Status: confirmed | Evidence: primary | Sources: 4 Domain: security-cyber | Regions: latin-america | Sectors: government, finance, public-safety URL: /incidents/INC-26-0011-claude-code-mexico-government-hack/ - INC-25-0010: Unit 42 Demonstrates Agent Session Smuggling in A2A Multi-Agent Systems Date: 2025-11 | Severity: medium | Type: signal | Status: confirmed | Evidence: primary | Sources: 4 Domain: agentic-autonomous | Regions: global | Sectors: technology, finance URL: /incidents/INC-25-0010-unit42-a2a-session-smuggling/ - INC-25-0019: AI-Designed Toxin Gene Sequences Bypass DNA Synthesis Screening Date: 2025-10 | Severity: high | Type: signal | Status: confirmed | Evidence: primary | Sources: 3 Domain: systemic-catastrophic | Regions: north-america, united-states | Sectors: healthcare URL: /incidents/INC-25-0019-dna-synthesis-toxin-screening-bypass/ - INC-25-0022: AWS Outage Causes AI-Connected Mattress Malfunctions Date: 2025-10 | Severity: medium | Type: harm | Status: confirmed | Evidence: corroborated | Sources: 3 Domain: systemic-catastrophic | Regions: north-america, united-states | Sectors: technology, manufacturing URL: /incidents/INC-25-0022-aws-outage-ai-mattress-malfunctions/ - INC-25-0001: AI-Orchestrated Cyber Espionage Campaign Against Critical Infrastructure Date: 2025-09 | Severity: critical | Type: harm | Status: confirmed | Evidence: primary | Sources: 4 Domain: security-cyber | Regions: asia, north-america, europe | Sectors: corporate, finance, government, manufacturing URL: /incidents/INC-25-0001-ai-orchestrated-cyber-espionage-campaign/ - INC-25-0011: Deloitte AI-Fabricated Citations in Government Advisory Reports Date: 2025-09 | Severity: high | Type: harm | Status: confirmed | Evidence: corroborated | Sources: 2 Domain: human-ai-control | Regions: oceania, australia, north-america, canada | Sectors: government, corporate URL: /incidents/INC-25-0011-deloitte-ai-fabricated-citations/ - INC-25-0014: Amazon Ring Deploys AI Facial Recognition to Consumer Doorbells Date: 2025-09 | Severity: medium | Type: harm | Status: confirmed | Evidence: corroborated | Sources: 1 Domain: privacy-surveillance | Regions: north-america, united-states | Sectors: technology, cross-sector URL: /incidents/INC-25-0014-amazon-ring-facial-recognition/ - INC-25-0007: GitHub Copilot Remote Code Execution via Prompt Injection (CVE-2025-53773) Date: 2025-08 | Severity: critical | Type: near_miss | Status: confirmed | Evidence: primary | Sources: 4 Domain: security-cyber | Regions: global | Sectors: corporate, cross-sector URL: /incidents/INC-25-0007-github-copilot-rce-prompt-injection/ - INC-25-0008: Cursor IDE MCP Vulnerabilities Enable Remote Code Execution (CurXecute & MCPoison) Date: 2025-08 | Severity: high | Type: near_miss | Status: confirmed | Evidence: primary | Sources: 4 Domain: security-cyber | Regions: global | Sectors: corporate, cross-sector URL: /incidents/INC-25-0008-cursor-ide-mcp-rce-vulnerabilities/ - INC-25-0013: Waymo Autonomous Vehicles Violate School Bus Stop Laws in Austin Date: 2025-08 | Severity: critical | Type: harm | Status: confirmed | Evidence: primary | Sources: 1 Domain: human-ai-control | Regions: north-america, united-states | Sectors: transportation, education URL: /incidents/INC-25-0013-waymo-school-bus-violations/ - INC-25-0005: ChatGPT Jailbreak Reveals Windows Product Keys via Game Prompt Date: 2025-07 | Severity: medium | Type: near_miss | Status: confirmed | Evidence: corroborated | Sources: 3 Domain: security-cyber | Regions: global | Sectors: corporate URL: /incidents/INC-25-0005-chatgpt-windows-product-keys-jailbreak/ - INC-25-0006: ChatGPT Shared Conversations Indexed by Search Engines, Exposing Sensitive Data Date: 2025-07 | Severity: high | Type: harm | Status: confirmed | Evidence: primary | Sources: 3 Domain: privacy-surveillance | Regions: global | Sectors: corporate, cross-sector URL: /incidents/INC-25-0006-chatgpt-shared-links-indexed-data-exposure/ - INC-25-0015: Replit AI Agent Deletes Production Database During Code Freeze Date: 2025-07 | Severity: high | Type: harm | Status: confirmed | Evidence: corroborated | Sources: 3 Domain: agentic-autonomous | Regions: north-america, united-states | Sectors: technology URL: /incidents/INC-25-0015-replit-agent-database-deletion/ - INC-25-0021: Earnest Operations AI Lending Discrimination Settlement Date: 2025-07 | Severity: high | Type: harm | Status: confirmed | Evidence: corroborated | Sources: 3 Domain: discrimination-social-harm | Regions: north-america, united-states | Sectors: finance URL: /incidents/INC-25-0021-earnest-ai-lending-discrimination-settlement/ - INC-25-0004: EchoLeak: Zero-Click Prompt Injection in Microsoft 365 Copilot (CVE-2025-32711) Date: 2025-06 | Severity: critical | Type: near_miss | Status: confirmed | Evidence: primary | Sources: 4 Domain: security-cyber | Regions: global | Sectors: corporate, cross-sector URL: /incidents/INC-25-0004-echoleak-microsoft-copilot-prompt-injection/ - INC-25-0017: Anthropic Research Reveals AI Model Blackmail Behavior in Lab Scenarios Date: 2025-06 | Severity: medium | Type: signal | Status: confirmed | Evidence: corroborated | Sources: 3 Domain: systemic-catastrophic | Regions: north-america, united-states | Sectors: technology URL: /incidents/INC-25-0017-anthropic-ai-blackmail-behavior-study/ - INC-25-0025: Stanford Study Finds AI Therapy Chatbots Provide Dangerous Responses to Suicidal Ideation Date: 2025-06 | Severity: high | Type: signal | Status: confirmed | Evidence: primary | Sources: 3 Domain: human-ai-control | Regions: north-america, united-states, global | Sectors: healthcare, technology URL: /incidents/INC-25-0025-stanford-ai-mental-health-chatbot-suicide-risk/ - INC-25-0012: Zoox Robotaxi Collision and Software Recall in Las Vegas Date: 2025-04 | Severity: medium | Type: harm | Status: confirmed | Evidence: primary | Sources: 1 Domain: agentic-autonomous | Regions: north-america, united-states | Sectors: transportation, technology URL: /incidents/INC-25-0012-zoox-robotaxi-crash-recall/ - INC-25-0024: Microsoft Reports Blocking $4 Billion in AI-Enabled Fraud Attempts Date: 2025-04 | Severity: high | Type: signal | Status: confirmed | Evidence: primary | Sources: 3 Domain: security-cyber | Regions: global, north-america, europe | Sectors: technology, finance, corporate URL: /incidents/INC-25-0024-microsoft-4b-ai-enabled-fraud-disruption/ - INC-26-0009: DOGE Uses ChatGPT to Flag and Cancel Federal Humanities Grants Date: 2025-04 | Severity: critical | Type: harm | Status: confirmed | Evidence: primary | Sources: 4 Domain: discrimination-social-harm | Regions: north-america | Sectors: government, education URL: /incidents/INC-26-0009-doge-chatgpt-dei-grant-cancellations/ - INC-26-0008: MINJA: Memory Injection Attack Against RAG-Augmented LLM Agents Date: 2025-03 | Severity: medium | Type: signal | Status: confirmed | Evidence: primary | Sources: 1 Domain: agentic-autonomous | Regions: global | Sectors: technology, healthcare, cross-sector URL: /incidents/INC-26-0008-minja-memory-injection-attack-research/ - INC-25-0002: Italian Data Protection Authority Fines OpenAI EUR 15 Million Over ChatGPT GDPR Violations Date: 2025-01 | Severity: high | Type: harm | Status: confirmed | Evidence: primary | Sources: 3 Domain: privacy-surveillance | Regions: europe | Sectors: corporate URL: /incidents/INC-25-0002-italy-fines-openai-chatgpt/ - INC-25-0003: DeepSeek R1 Data Exposure and International Bans Over Privacy and Security Concerns Date: 2025-01 | Severity: high | Type: harm | Status: confirmed | Evidence: primary | Sources: 4 Domain: privacy-surveillance | Regions: asia, europe, north-america | Sectors: corporate, government URL: /incidents/INC-25-0003-deepseek-data-privacy-concerns/ - INC-25-0018: Las Vegas Cybertruck Bomber Used ChatGPT for Explosives Information Date: 2025-01 | Severity: critical | Type: harm | Status: confirmed | Evidence: corroborated | Sources: 3 Domain: security-cyber | Regions: north-america, united-states | Sectors: public-safety URL: /incidents/INC-25-0018-las-vegas-cybertruck-chatgpt-explosives/ - INC-26-0012: Chinese AI Labs Conduct Industrial-Scale Distillation Attacks Against Claude Date: 2025 | Severity: critical | Type: harm | Status: confirmed | Evidence: primary | Sources: 3 Domain: security-cyber | Regions: north-america, asia | Sectors: technology URL: /incidents/INC-26-0012-chinese-labs-claude-distillation-attacks/ - INC-24-0013: Romania Presidential Election Annulled After AI-Enabled Manipulation Date: 2024-11 | Severity: critical | Type: harm | Status: confirmed | Evidence: primary | Sources: 3 Domain: information-integrity | Regions: europe | Sectors: government, media URL: /incidents/INC-24-0013-romania-election-annulment-ai-manipulation/ - INC-24-0021: Cruise Robotaxi Criminal False Reporting After Pedestrian Dragging Date: 2024-09 | Severity: critical | Type: harm | Status: confirmed | Evidence: primary | Sources: 1 Domain: human-ai-control | Regions: north-america, united-states | Sectors: transportation, technology URL: /incidents/INC-24-0021-cruise-robotaxi-criminal-false-reporting/ - INC-24-0011: EU AI Act Enters Into Force as World's First Comprehensive AI Regulation Date: 2024-08 | Severity: medium | Type: signal | Status: confirmed | Evidence: primary | Sources: 4 Domain: systemic-catastrophic | Regions: europe | Sectors: government, regulation URL: /incidents/INC-24-0011-eu-ai-act-enters-into-force/ - INC-24-0015: Sakana AI Scientist Unexpectedly Modifies Own Code Date: 2024-08 | Severity: high | Type: near_miss | Status: confirmed | Evidence: primary | Sources: 2 Domain: systemic-catastrophic | Regions: asia | Sectors: technology URL: /incidents/INC-24-0015-sakana-ai-scientist-self-modification/ - INC-24-0020: Slack AI Indirect Prompt Injection Data Exfiltration Vulnerability Date: 2024-08 | Severity: high | Type: signal | Status: confirmed | Evidence: primary | Sources: 1 Domain: security-cyber | Regions: north-america, united-states | Sectors: technology URL: /incidents/INC-24-0020-slack-ai-prompt-injection-exfiltration/ - INC-24-0014: Workday AI Hiring Tool Discrimination Class Action Date: 2024-07 | Severity: high | Type: harm | Status: confirmed | Evidence: corroborated | Sources: 1 Domain: discrimination-social-harm | Regions: north-america, united-states | Sectors: technology, employment URL: /incidents/INC-24-0014-workday-ai-hiring-discrimination/ - INC-24-0022: McDonald's McHire AI Hiring Platform Data Vulnerability Date: 2024-06 | Severity: high | Type: near_miss | Status: confirmed | Evidence: corroborated | Sources: 3 Domain: security-cyber | Regions: north-america, united-states, global | Sectors: employment, technology URL: /incidents/INC-24-0022-mcdonalds-mchire-data-vulnerability/ - INC-24-0024: McDonald's Ends AI Drive-Thru Ordering Trial After Viral Order Errors Date: 2024-06 | Severity: medium | Type: harm | Status: confirmed | Evidence: corroborated | Sources: 3 Domain: human-ai-control | Regions: north-america, united-states | Sectors: corporate, technology URL: /incidents/INC-24-0024-mcdonalds-ai-drive-thru-ordering-failures/ - INC-24-0006: OpenAI Voice Mode Resembling Scarlett Johansson Without Consent Date: 2024-05 | Severity: medium | Type: harm | Status: confirmed | Evidence: corroborated | Sources: 4 Domain: privacy-surveillance | Regions: north-america | Sectors: corporate URL: /incidents/INC-24-0006-openai-scarlett-johansson-voice/ - INC-24-0019: Microsoft Windows Recall AI Feature Security and Privacy Backlash Date: 2024-05 | Severity: high | Type: near_miss | Status: confirmed | Evidence: primary | Sources: 1 Domain: privacy-surveillance | Regions: north-america, united-states, europe | Sectors: technology URL: /incidents/INC-24-0019-microsoft-windows-recall-privacy/ - INC-24-0023: Google AI Overviews Recommend Glue on Pizza and Eating Rocks Date: 2024-05 | Severity: medium | Type: harm | Status: confirmed | Evidence: primary | Sources: 3 Domain: information-integrity | Regions: north-america, united-states, global | Sectors: technology, media URL: /incidents/INC-24-0023-google-ai-overviews-glue-rocks/ - INC-24-0016: SafeRent Algorithmic Housing Discrimination Settlement Date: 2024-04 | Severity: high | Type: harm | Status: confirmed | Evidence: primary | Sources: 1 Domain: discrimination-social-harm | Regions: north-america, united-states | Sectors: social-services URL: /incidents/INC-24-0016-saferent-housing-discrimination-settlement/ - INC-24-0018: India 2024 General Election Industrial-Scale Deepfake Campaign Date: 2024-04 | Severity: high | Type: systemic_risk | Status: confirmed | Evidence: corroborated | Sources: 2 Domain: information-integrity | Regions: asia, india | Sectors: elections, media URL: /incidents/INC-24-0018-india-election-deepfake-campaign/ - INC-24-0012: Morris II — First Self-Replicating AI Worm Demonstrated Date: 2024-03 | Severity: high | Type: signal | Status: confirmed | Evidence: primary | Sources: 3 Domain: agentic-autonomous | Regions: north-america | Sectors: technology URL: /incidents/INC-24-0012-morris-ii-self-replicating-ai-worm/ - INC-24-0017: Israel Military Deploys AI Facial Recognition in Gaza Leading to Wrongful Detentions Date: 2024-03 | Severity: critical | Type: harm | Status: confirmed | Evidence: corroborated | Sources: 1 Domain: privacy-surveillance | Regions: middle-east, israel, palestine | Sectors: government, public-safety URL: /incidents/INC-24-0017-corsight-gaza-facial-recognition-detentions/ - INC-24-0026: NYC MyCity AI Chatbot Advises Businesses to Break the Law Date: 2024-03 | Severity: high | Type: harm | Status: confirmed | Evidence: corroborated | Sources: 3 Domain: information-integrity | Regions: north-america, united-states | Sectors: government, technology URL: /incidents/INC-24-0026-nyc-mycity-chatbot-illegal-advice/ - INC-24-0009: Google Gemini Produces Historically Inaccurate Image Outputs Due to Bias Overcorrection Date: 2024-02 | Severity: medium | Type: near_miss | Status: confirmed | Evidence: primary | Sources: 4 Domain: discrimination-social-harm | Regions: north-america | Sectors: corporate URL: /incidents/INC-24-0009-google-gemini-image-generation-controversy/ - INC-24-0010: Lawsuit Filed After Teenager's Death Linked to Character.AI Chatbot Interactions Date: 2024-02 | Severity: critical | Type: harm | Status: confirmed | Evidence: primary | Sources: 4 Domain: human-ai-control | Regions: north-america | Sectors: corporate URL: /incidents/INC-24-0010-character-ai-teenager-death-lawsuit/ - INC-24-0001: Hong Kong Deepfake CFO Video Conference Fraud Date: 2024-01 | Severity: critical | Type: harm | Status: confirmed | Evidence: primary | Sources: 5 Domain: information-integrity | Regions: asia, hong-kong | Sectors: corporate, finance URL: /incidents/INC-24-0001-hong-kong-deepfake-cfo-fraud/ - INC-24-0002: AI-Generated Biden Robocall in New Hampshire Primary Date: 2024-01 | Severity: high | Type: harm | Status: confirmed | Evidence: primary | Sources: 3 Domain: information-integrity | Regions: north-america | Sectors: elections, government URL: /incidents/INC-24-0002-ai-generated-election-robocall/ - INC-24-0003: AI-Generated Deepfake Audio Used to Frame High School Principal in Baltimore Date: 2024-01 | Severity: high | Type: harm | Status: confirmed | Evidence: primary | Sources: 4 Domain: information-integrity | Regions: north-america | Sectors: education URL: /incidents/INC-24-0003-pikesville-high-school-deepfake-principal/ - INC-24-0004: FBI Elder Fraud Report Documents AI-Enhanced Financial Scams Against Seniors Date: 2024-01 | Severity: critical | Type: systemic_risk | Status: confirmed | Evidence: primary | Sources: 5 Domain: information-integrity | Regions: north-america | Sectors: finance URL: /incidents/INC-24-0004-fbi-elder-fraud-ai-enhanced-scams/ - INC-24-0007: Indirect Prompt Injection Attacks on LLM-Integrated Applications Date: 2024-01 | Severity: high | Type: signal | Status: confirmed | Evidence: primary | Sources: 4 Domain: security-cyber | Regions: north-america, europe | Sectors: corporate, cross-sector URL: /incidents/INC-24-0007-indirect-prompt-injection-attacks/ - INC-24-0008: AI-Generated Non-Consensual Intimate Images of Taylor Swift Circulate on Social Media Date: 2024-01 | Severity: high | Type: harm | Status: confirmed | Evidence: corroborated | Sources: 4 Domain: information-integrity | Regions: north-america | Sectors: corporate, cross-sector URL: /incidents/INC-24-0008-taylor-swift-deepfake-images/ - INC-24-0025: DPD AI Chatbot Swears at Customer and Writes Poem Criticizing the Company Date: 2024-01 | Severity: low | Type: harm | Status: confirmed | Evidence: corroborated | Sources: 3 Domain: human-ai-control | Regions: europe, united-kingdom | Sectors: corporate, technology URL: /incidents/INC-24-0025-dpd-ai-chatbot-swearing-incident/ - INC-23-0011: New York Times Copyright Lawsuit Against OpenAI Date: 2023-12 | Severity: high | Type: harm | Status: confirmed | Evidence: primary | Sources: 3 Domain: economic-labor | Regions: north-america | Sectors: corporate URL: /incidents/INC-23-0011-nyt-openai-copyright-lawsuit/ - INC-23-0013: FTC Bans Rite Aid from Using Facial Recognition Technology Date: 2023-12 | Severity: high | Type: harm | Status: confirmed | Evidence: primary | Sources: 4 Domain: privacy-surveillance | Regions: north-america | Sectors: corporate URL: /incidents/INC-23-0013-rite-aid-ftc-facial-recognition-ban/ - INC-23-0015: Sports Illustrated Published AI-Generated Articles Under Fake Author Names Date: 2023-11 | Severity: high | Type: harm | Status: confirmed | Evidence: primary | Sources: 3 Domain: information-integrity | Regions: north-america | Sectors: corporate URL: /incidents/INC-23-0015-sports-illustrated-ai-fake-authors/ - INC-23-0008: AI-Generated Deepfake Nude Images of Students at Westfield High School Date: 2023-10 | Severity: high | Type: harm | Status: confirmed | Evidence: primary | Sources: 4 Domain: information-integrity | Regions: north-america | Sectors: education URL: /incidents/INC-23-0008-westfield-high-school-deepfake-nudes/ - INC-23-0007: AI-Generated Deepfake Audio Used to Influence Slovak Parliamentary Election Date: 2023-09 | Severity: high | Type: harm | Status: confirmed | Evidence: corroborated | Sources: 5 Domain: information-integrity | Regions: europe | Sectors: elections URL: /incidents/INC-23-0007-slovakia-election-deepfake-audio/ - INC-23-0012: Zoom AI Training Terms of Service Controversy Date: 2023-08 | Severity: medium | Type: harm | Status: confirmed | Evidence: primary | Sources: 4 Domain: privacy-surveillance | Regions: north-america | Sectors: corporate URL: /incidents/INC-23-0012-zoom-ai-training-terms-controversy/ - INC-23-0006: WormGPT: AI-Powered Business Email Compromise Tool Date: 2023-07 | Severity: high | Type: harm | Status: confirmed | Evidence: corroborated | Sources: 2 Domain: security-cyber | Regions: north-america, europe | Sectors: corporate, finance URL: /incidents/INC-23-0006-wormgpt-cybercrime-tool/ - INC-23-0005: AI-Fabricated Legal Citations in U.S. Courts Date: 2023-05 | Severity: high | Type: systemic_risk | Status: confirmed | Evidence: primary | Sources: 3 Domain: information-integrity | Regions: north-america | Sectors: legal URL: /incidents/INC-23-0005-chatgpt-hallucination-lawyer/ - INC-23-0010: Chegg Stock Collapse After ChatGPT Disruption Date: 2023-05 | Severity: high | Type: harm | Status: confirmed | Evidence: corroborated | Sources: 3 Domain: economic-labor | Regions: north-america | Sectors: education, corporate URL: /incidents/INC-23-0010-chegg-chatgpt-disruption/ - INC-23-0003: Italy Temporary Ban on ChatGPT for GDPR Violations Date: 2023-03 | Severity: medium | Type: harm | Status: confirmed | Evidence: primary | Sources: 1 Domain: privacy-surveillance | Regions: europe | Sectors: government, regulation URL: /incidents/INC-23-0003-italy-chatgpt-gdpr-ban/ - INC-23-0002: Samsung Semiconductor Trade Secret Leak via ChatGPT Date: 2023-03 | Severity: high | Type: harm | Status: confirmed | Evidence: corroborated | Sources: 2 Domain: security-cyber | Regions: asia | Sectors: manufacturing, corporate URL: /incidents/INC-23-0002-samsung-chatgpt-data-leak/ - INC-23-0004: AI Voice Cloning Used in Grandparent Scam Network Targeting Newfoundland Seniors Date: 2023-03 | Severity: high | Type: harm | Status: confirmed | Evidence: primary | Sources: 4 Domain: information-integrity | Regions: north-america | Sectors: finance URL: /incidents/INC-23-0004-newfoundland-ai-voice-cloning-grandparent-scam/ - INC-23-0016: Bing Chat (Sydney) System Prompt Exposure via Prompt Injection Date: 2023-02 | Severity: high | Type: near_miss | Status: confirmed | Evidence: primary | Sources: 3 Domain: security-cyber | Regions: global | Sectors: corporate, cross-sector URL: /incidents/INC-23-0016-bing-chat-sydney-system-prompt-leak/ - INC-23-0001: AI Deepfake Impersonation Campaign Targeting Senior U.S. Government Officials Date: 2023-01 | Severity: high | Type: harm | Status: confirmed | Evidence: primary | Sources: 4 Domain: information-integrity | Regions: north-america | Sectors: government URL: /incidents/INC-23-0001-fbi-deepfake-impersonation-us-officials/ - INC-23-0014: GitHub Copilot Reproduces Verbatim Training Data Including Secrets Date: 2023-01 | Severity: high | Type: harm | Status: confirmed | Evidence: corroborated | Sources: 4 Domain: security-cyber | Regions: north-america | Sectors: corporate URL: /incidents/INC-23-0014-github-copilot-training-data-leak/ - INC-23-0017: UnitedHealth nH Predict AI Claim Denial System Date: 2023-01 | Severity: critical | Type: harm | Status: confirmed | Evidence: primary | Sources: 4 Domain: economic-labor | Regions: north-america | Sectors: healthcare, finance URL: /incidents/INC-23-0017-unitedhealth-ai-claim-denial/ - INC-24-0005: Air Canada Chatbot Hallucinated Refund Policy — Tribunal Ruling Date: 2022-11 | Severity: medium | Type: harm | Status: confirmed | Evidence: primary | Sources: 4 Domain: agentic-autonomous | Regions: north-america | Sectors: transportation URL: /incidents/INC-24-0005-air-canada-chatbot-refund-ruling/ - INC-23-0009: RealPage AI Algorithmic Rent-Fixing Date: 2022-10 | Severity: high | Type: systemic_risk | Status: confirmed | Evidence: primary | Sources: 3 Domain: economic-labor | Regions: north-america | Sectors: social-services, corporate URL: /incidents/INC-23-0009-realpage-algorithmic-rent-fixing/ - INC-22-0002: Meta Housing Ad Discrimination DOJ Settlement Date: 2022-06 | Severity: high | Type: harm | Status: confirmed | Evidence: primary | Sources: 4 Domain: discrimination-social-harm | Regions: north-america | Sectors: social-services, corporate URL: /incidents/INC-22-0002-meta-housing-ad-discrimination/ - INC-22-0001: Drug Discovery AI Repurposed to Generate Toxic Chemical Weapons Compounds Date: 2022-03 | Severity: critical | Type: signal | Status: confirmed | Evidence: primary | Sources: 3 Domain: systemic-catastrophic | Regions: north-america | Sectors: healthcare, government URL: /incidents/INC-22-0001-drug-discovery-ai-toxic-compounds/ - INC-21-0001: Chatbot Encouraged Man in Plot to Kill Queen Elizabeth II Date: 2021-12-25 | Severity: critical | Type: harm | Status: confirmed | Evidence: primary | Sources: 3 Domain: human-ai-control | Regions: europe | Sectors: public-safety, government URL: /incidents/INC-21-0001-chatbot-encouraged-man-in-plot-to-kill-queen-elizabeth-ii/ - INC-20-0004: Pulse Oximeter Racial Bias Propagates into AI Clinical Decision Systems Date: 2020-12 | Severity: high | Type: systemic_risk | Status: confirmed | Evidence: primary | Sources: 3 Domain: discrimination-social-harm | Regions: north-america, united-states, global | Sectors: healthcare URL: /incidents/INC-20-0004-pulse-oximeter-racial-bias-ai-propagation/ - INC-20-0002: UK A-Level Algorithm Downgrades Disadvantaged Students Date: 2020-08 | Severity: critical | Type: harm | Status: confirmed | Evidence: primary | Sources: 4 Domain: discrimination-social-harm | Regions: europe | Sectors: education, government URL: /incidents/INC-20-0002-uk-a-level-algorithm-grading/ - INC-20-0003: UN-Documented Autonomous Drone Attack in Libya Date: 2020-03 | Severity: critical | Type: harm | Status: confirmed | Evidence: primary | Sources: 3 Domain: systemic-catastrophic | Regions: africa | Sectors: government URL: /incidents/INC-20-0003-libya-autonomous-drone-attack/ - INC-20-0001: Clearview AI Mass Facial Recognition Scraping Date: 2020-01 | Severity: critical | Type: systemic_risk | Status: confirmed | Evidence: primary | Sources: 2 Domain: privacy-surveillance | Regions: north-america, europe | Sectors: government, law-enforcement URL: /incidents/INC-20-0001-clearview-ai-mass-surveillance/ - INC-25-0023: 'Vegetative Electron Microscopy' Nonsense Phrase Contaminates Scientific Literature via AI Date: 2020-01 | Severity: medium | Type: harm | Status: confirmed | Evidence: corroborated | Sources: 3 Domain: information-integrity | Regions: global | Sectors: education, healthcare URL: /incidents/INC-25-0023-vegetative-electron-microscopy-ai-contamination/ - INC-19-0001: AI Voice Clone CEO Fraud Against UK Energy Company Date: 2019-03 | Severity: high | Type: harm | Status: confirmed | Evidence: corroborated | Sources: 2 Domain: information-integrity | Regions: europe | Sectors: energy, corporate URL: /incidents/INC-19-0001-deepfake-ceo-voice-uk-energy/ - INC-18-0002: Amazon AI Recruiting Tool Gender Bias Date: 2018-10 | Severity: high | Type: harm | Status: confirmed | Evidence: primary | Sources: 1 Domain: discrimination-social-harm | Regions: north-america | Sectors: employment URL: /incidents/INC-18-0002-amazon-ai-hiring-bias/ - INC-18-0003: Boeing 737 MAX MCAS Automation Failures — Two Fatal Crashes Date: 2018-10 | Severity: critical | Type: harm | Status: confirmed | Evidence: primary | Sources: 4 Domain: human-ai-control | Regions: asia, africa | Sectors: transportation URL: /incidents/INC-18-0003-boeing-737-max-mcas-failures/ - INC-18-0001: Uber Autonomous Vehicle Pedestrian Fatality Date: 2018-03 | Severity: critical | Type: harm | Status: confirmed | Evidence: primary | Sources: 1 Domain: human-ai-control | Regions: north-america | Sectors: transportation, public-safety URL: /incidents/INC-18-0001-uber-self-driving-fatality/ - INC-17-0001: Facebook AI Mistranslation of Arabic Post Leads to Wrongful Arrest in Israel Date: 2017-10 | Severity: high | Type: harm | Status: confirmed | Evidence: primary | Sources: 3 Domain: information-integrity | Regions: middle-east | Sectors: corporate, public-safety URL: /incidents/INC-17-0001-facebook-ai-mistranslation-arrest/ - INC-16-0001: Australia Robodebt Automated Welfare Fraud Detection Date: 2016-07 | Severity: critical | Type: harm | Status: confirmed | Evidence: primary | Sources: 1 Domain: discrimination-social-harm | Regions: oceania | Sectors: government, social-services URL: /incidents/INC-16-0001-robodebt-australia/ - INC-16-0003: COMPAS Recidivism Algorithm Racial Bias Date: 2016-05 | Severity: critical | Type: harm | Status: confirmed | Evidence: primary | Sources: 3 Domain: discrimination-social-harm | Regions: north-america | Sectors: government, law-enforcement URL: /incidents/INC-16-0003-compas-recidivism-algorithm-bias/ - INC-16-0002: Microsoft Tay Twitter Chatbot Adversarial Manipulation Date: 2016-03 | Severity: high | Type: harm | Status: confirmed | Evidence: primary | Sources: 3 Domain: agentic-autonomous | Regions: north-america | Sectors: corporate URL: /incidents/INC-16-0002-microsoft-tay-twitter-bot/ - INC-13-0001: Dutch Childcare Benefits Algorithm Discrimination Date: 2013-01 | Severity: critical | Type: harm | Status: confirmed | Evidence: primary | Sources: 2 Domain: discrimination-social-harm | Regions: europe | Sectors: government, social-services URL: /incidents/INC-13-0001-dutch-childcare-benefits-scandal/ - INC-10-0001: 2010 Flash Crash — Algorithmic Trading Cascading Failure Date: 2010-05 | Severity: critical | Type: harm | Status: confirmed | Evidence: primary | Sources: 3 Domain: systemic-catastrophic | Regions: north-america | Sectors: finance URL: /incidents/INC-10-0001-flash-crash-algorithmic-trading/ ### Glossary Terms (148 total) - Accountability: The principle that identifiable individuals or organisations must be answerable for AI system outcomes, including harms caused by automated decisions. → /glossary/accountability/ - Adversarial Attack: A deliberate manipulation of inputs to a machine learning model designed to cause incorrect outputs, misclassifications, or security bypasses. Adversa... → /glossary/adversarial-attack/ - Agent Propagation: The spread of errors, hallucinations, or adversarial inputs from one AI agent to others in connected multi-agent systems, potentially causing cascadin... → /glossary/agent-propagation/ - Agent Safety: The field of ensuring AI agents operate within intended boundaries and do not cause unintended harm through autonomous actions, tool use, or goal purs... → /glossary/agent-safety/ - Agentic AI: AI systems that autonomously plan and execute multi-step actions with minimal human oversight. → /glossary/agentic-ai/ - AI-Generated Code: Code produced by AI systems, which can be used for both legitimate software development and malicious purposes including malware creation and vulnerab... → /glossary/ai-generated-code/ - Alert Fatigue: Desensitisation of human operators to system warnings due to excessive or poorly calibrated alerts, reducing the effectiveness of human oversight over... → /glossary/alert-fatigue/ - Algorithmic Amplification: The process by which recommendation algorithms and content curation systems disproportionately promote certain content, amplifying its reach and socie... → /glossary/algorithmic-amplification/ - Algorithmic Bias: Systematic errors in AI systems that produce unfair outcomes, often favouring one group over another. → /glossary/algorithmic-bias/ - Algorithmic Trading: The use of AI algorithms to execute financial trades at speeds and volumes exceeding human capability, introducing systemic risks including flash cras... → /glossary/algorithmic-trading/ - Alignment: The property of an AI system whose objectives, decision-making processes, and behaviours remain consistent with human values, intentions, and safety r... → /glossary/alignment/ - Allocational Harm: Unfair distribution of resources, opportunities, or services when AI systems systematically disadvantage certain groups in consequential decisions suc... → /glossary/allocational-harm/ - Anonymization: The process of removing or obscuring personally identifiable information from datasets to protect individual privacy, which AI techniques can increasi... → /glossary/anonymization/ - Artificial General Intelligence (AGI): A hypothetical AI system capable of performing any intellectual task that a human can, with the ability to transfer learning across domains without ta... → /glossary/artificial-general-intelligence/ - Attribute Inference: Using AI to deduce sensitive personal characteristics such as health status, political affiliation, or sexual orientation from seemingly innocuous dat... → /glossary/attribute-inference/ - Authority Transfer: The gradual, often unrecognised shift of decision-making power from humans to AI systems, eroding meaningful human control over consequential outcomes... → /glossary/authority-transfer/ - Automated Decision-Making: Using algorithms or AI to make decisions affecting individuals with limited human review. → /glossary/automated-decision-making/ - Automated Exploit: AI-driven tools that automatically discover and exploit software vulnerabilities without human intervention, accelerating the pace and scale of cyber ... → /glossary/automated-exploit/ - Automated Vulnerability Discovery: Using AI to autonomously identify security weaknesses in software, networks, or systems. → /glossary/automated-vulnerability-discovery/ - Automation: The use of AI to perform tasks previously requiring human labour, spanning physical, cognitive, and creative work, with implications for employment an... → /glossary/automation/ - Automation Bias: The tendency to favour automated system outputs over independent human judgement, even when incorrect. → /glossary/automation-bias/ - Autonomous Vehicle: A vehicle using AI to navigate and operate without direct human control. → /glossary/autonomous-vehicle/ - Autonomous Weapons: Weapon systems that use artificial intelligence to select and engage targets without meaningful human control over the critical functions of target id... → /glossary/autonomous-weapons/ - Autonomy: The capacity of individuals to make self-directed decisions free from undue external influence or automated override, which AI systems can undermine t... → /glossary/autonomy/ - Backdoor Attack: A covert modification to an AI model during training that causes targeted misclassification or malicious behaviour when a specific trigger pattern is ... → /glossary/backdoor-attack/ - Behavioral Profiling: The systematic collection and analysis of individual behaviour patterns by AI systems to predict preferences, intentions, or future actions, often wit... → /glossary/behavioral-profiling/ - Biological Threat: The risk of AI systems being used to design, enhance, or disseminate biological agents capable of causing widespread harm to human health or ecosystem... → /glossary/biological-threat/ - Biometric Data: Measurable physical or behavioural characteristics used to identify or authenticate individuals. → /glossary/biometric-data/ - Biosecurity: The set of measures, policies, and practices designed to protect against biological threats, including the prevention of AI-enabled acceleration of pa... → /glossary/biosecurity/ - Black-Box System: An AI system whose internal decision-making processes are opaque or incomprehensible to users, operators, and auditors, making accountability and erro... → /glossary/black-box-system/ - Business Email Compromise: Targeted fraud impersonating executives or trusted contacts to authorise fraudulent transactions. → /glossary/business-email-compromise/ - Cascading Failure: A process in which the failure of one component in an interconnected system triggers a sequence of failures in dependent components, potentially leadi... → /glossary/cascading-failure/ - Complacency: A state of reduced vigilance in human operators who develop excessive trust in AI system reliability, leading to failures in oversight and error detec... → /glossary/complacency/ - Confabulation: The generation of plausible but factually incorrect information by AI systems, presented with unwarranted confidence. → /glossary/confabulation/ - Consent: The principle that individuals should provide informed, voluntary agreement before their data is collected or processed by AI systems. → /glossary/consent/ - Contagion: The spread of harmful outputs, compromised states, or adversarial inputs between connected AI agents. → /glossary/contagion/ - Content Authenticity: Standards and technologies for verifying the origin, integrity, and editing history of digital media. → /glossary/content-authenticity/ - Context Injection: Manipulating an AI agent's context window or retrieved information to influence its reasoning and outputs. → /glossary/context-injection/ - Coordinated Inauthentic Behavior: Organised networks of fake or compromised accounts using AI to simulate grassroots activity and manipulate public discourse. → /glossary/coordinated-inauthentic-behavior/ - Coordination Failure: When multiple AI agents working toward shared objectives produce unintended or harmful outcomes due to misaligned strategies. → /glossary/coordination-failure/ - Cyber Espionage: Covert digital intrusion to access and exfiltrate sensitive data, increasingly augmented by AI. → /glossary/cyber-espionage/ - Dark Pattern: A deceptive user interface design that manipulates individuals into making decisions they would not otherwise make, increasingly amplified by AI-drive... → /glossary/dark-pattern/ - Data Bias: Systematic errors in training datasets that reflect historical inequities, leading to discriminatory AI outputs. → /glossary/data-bias/ - Data Concentration: The accumulation of vast datasets by a small number of organisations, creating asymmetric advantages and barriers to competition. → /glossary/data-concentration/ - Data Extraction: Techniques for recovering private training data or sensitive information from AI models through systematic querying. → /glossary/data-extraction/ - Data Leakage: Unintended exposure of sensitive or personal data, including through AI system inputs or outputs. → /glossary/data-leakage/ - Data Poisoning: The deliberate corruption or manipulation of training data used to build machine learning models, causing them to learn incorrect patterns, produce bi... → /glossary/data-poisoning/ - Data Protection: Legal and technical frameworks governing collection, processing, and sharing of personal data. → /glossary/data-protection/ - Decision Loop: An automated cycle where AI systems make decisions, observe outcomes, and adjust subsequent decisions without human intervention. → /glossary/decision-loop/ - Deepfake: AI-generated synthetic media that convincingly replicates the appearance, voice, or actions of real individuals. → /glossary/deepfake/ - Democratic Integrity: The preservation of fair, transparent, and trustworthy democratic processes against AI-enabled manipulation and erosion. → /glossary/democratic-integrity/ - Deskilling: The reduction of human workers' skills, expertise, and professional judgment as AI systems assume complex cognitive tasks. → /glossary/deskilling/ - Differential Privacy: A mathematical framework that provides measurable privacy guarantees by adding calibrated noise to data or query results, limiting what can be inferre... → /glossary/differential-privacy/ - Digital Monopoly: Market dominance achieved through control of AI infrastructure, data assets, or foundational models. → /glossary/digital-monopoly/ - Disinformation: Deliberately false or misleading information created and spread to deceive, manipulate opinion, or cause harm. → /glossary/disinformation/ - Disparate Impact: When an AI system produces significantly different outcomes for different demographic groups, regardless of intent. → /glossary/disparate-impact/ - Dual-Use: A characteristic of technologies, tools, or knowledge developed for beneficial purposes that can also be repurposed or exploited for harmful applicati... → /glossary/dual-use/ - Elder Fraud: Financial crimes targeting older adults, increasingly enabled by AI voice cloning, deepfakes, and automated robocalls. → /glossary/elder-fraud/ - Election Interference: Deliberate efforts to influence democratic elections through disinformation, voter suppression, or manipulation of public discourse. → /glossary/election-interference/ - Emergent Behavior: Unpredicted behaviors arising in AI systems from the interaction of simpler components, not explicitly programmed. → /glossary/emergent-behavior/ - Engagement Optimization: AI-driven maximisation of user attention and interaction, often at the expense of content quality and user wellbeing. → /glossary/engagement-optimization/ - Epistemic Crisis: A societal condition where shared frameworks for establishing truth and knowledge break down. → /glossary/epistemic-crisis/ - Erasure: The systematic invisibility or underrepresentation of certain groups in AI training data, model outputs, or system design, leading to the denial of re... → /glossary/erasure/ - Evasion Attack: Adversarial inputs crafted to cause a deployed AI model to misclassify or fail to detect malicious content, allowing threats to bypass automated defen... → /glossary/evasion-attack/ - Existential Risk: A risk threatening humanity's long-term survival, in AI contexts linked to unaligned superintelligent systems. → /glossary/existential-risk/ - Explainability: The degree to which an AI system's decision-making process can be understood and interpreted by humans, enabling accountability, trust, and regulatory... → /glossary/explainability/ - Facial Recognition: AI technology that identifies or verifies individuals by analysing facial features, with significant privacy and bias concerns. → /glossary/facial-recognition/ - Fairness: The principle that AI systems should produce equitable outcomes across individuals and groups, encompassing multiple competing mathematical definition... → /glossary/fairness/ - Feedback Loop: A cycle where AI system outputs influence the data used for future training or decisions, potentially amplifying biases, errors, or unintended pattern... → /glossary/feedback-loop/ - Foundation Model: A large-scale AI model trained on broad data that can be adapted to a wide range of downstream tasks through fine-tuning or prompting. → /glossary/foundation-model/ - GDPR: The EU's General Data Protection Regulation establishing comprehensive rules for personal data processing and storage. → /glossary/gdpr/ - Goal Drift: The gradual divergence of an AI agent's effective objectives from its originally specified goals during extended autonomous operation, resulting in be... → /glossary/goal-drift/ - Goodhart's Law: The principle that when a measure becomes a target, it ceases to be a good measure — applied to AI systems, it explains why agents that optimize a pro... → /glossary/goodharts-law/ - Governance: The frameworks, policies, and institutions through which AI systems are regulated, overseen, and held accountable across their lifecycle from developm... → /glossary/governance/ - Grandparent Scam: A social engineering fraud using AI voice cloning to impersonate a grandchild and convince older adults to send money. → /glossary/grandparent-scam/ - Guardrail: A safety mechanism — implemented through training constraints, input/output filters, or system-level rules — that restricts an AI system's behavior to... → /glossary/guardrail/ - Hallucination: The generation of confident but factually incorrect or fabricated output by a language model, including invented citations. → /glossary/hallucination/ - Human Agency: The capacity of individuals to make autonomous, informed decisions and exercise meaningful control over actions that affect their lives, increasingly ... → /glossary/human-agency/ - Human-in-the-Loop: A design principle requiring meaningful human oversight and intervention at critical decision points in AI-driven processes. → /glossary/human-in-the-loop/ - Information Ecosystem: The interconnected network of media, platforms, institutions, and individuals through which information is created, distributed, consumed, and verifie... → /glossary/information-ecosystem/ - Information Integrity: The trustworthiness, accuracy, and reliability of information within digital systems and public discourse, encompassing both the factual correctness o... → /glossary/information-integrity/ - Infrastructure Dependency: Critical reliance of essential services on shared AI systems, creating vulnerability to widespread failure if those systems malfunction, degrade, or b... → /glossary/infrastructure-dependency/ - Institutional Trust: Public confidence in the reliability, competence, and good faith of societal institutions including government, media, scientific bodies, and the judi... → /glossary/institutional-trust/ - International Humanitarian Law: The body of international law governing armed conflict, including rules on distinction, proportionality, and precaution, whose application to AI-enabl... → /glossary/international-humanitarian-law/ - Jailbreak Attack: A technique that circumvents an AI model's built-in safety alignment and content policies to elicit restricted or harmful outputs. → /glossary/jailbreak-attack/ - Job Displacement: The elimination, significant degradation, or structural transformation of human employment as AI-driven automation replaces tasks, roles, or entire oc... → /glossary/job-displacement/ - Large Language Model: A neural network trained on massive text datasets to generate, summarise, and reason about natural language. → /glossary/large-language-model/ - Lethal Autonomous Weapon Systems (LAWS): Weapons systems that can independently select and engage targets without meaningful human control over individual attack decisions, raising fundamenta... → /glossary/laws/ - Malware: Malicious software designed to infiltrate, damage, or gain unauthorized access to computer systems. In the context of AI threats, malware increasingly... → /glossary/malware/ - Manipulative Design: Interface patterns that exploit cognitive biases and AI personalisation to steer user behaviour against their interests, undermining informed consent ... → /glossary/manipulative-design/ - Market Manipulation: The use of AI systems to artificially influence the price, volume, or conditions of financial markets through algorithmic trading strategies, coordina... → /glossary/market-manipulation/ - Market Power: The ability of dominant AI firms to control market conditions, pricing, and access to essential AI infrastructure and data, concentrating economic inf... → /glossary/market-power/ - Mass Surveillance: Broad, indiscriminate monitoring of populations using AI technologies such as facial recognition and communications interception. → /glossary/mass-surveillance/ - Media Manipulation: The deliberate alteration or fabrication of media content using AI to deceive, mislead, or influence public perception, encompassing deepfakes, synthe... → /glossary/media-manipulation/ - Membership Inference: An attack technique that determines whether a specific data record was included in an AI model's training dataset, potentially revealing sensitive inf... → /glossary/membership-inference/ - Memory Poisoning: The deliberate corruption of an AI agent's persistent memory, context window, or stored state to manipulate its future decisions, outputs, or behavior... → /glossary/memory-poisoning/ - Misalignment: A condition in which an AI system's operational behaviour diverges from the objectives, values, or intentions specified by its designers, potentially ... → /glossary/misalignment/ - Misinformation: False or inaccurate information spread without deliberate intent to deceive, distinct from disinformation which involves intentional deception. AI-gen... → /glossary/misinformation/ - Model Inversion: An attack technique that reconstructs private or sensitive information from a machine learning model's training data by systematically analyzing the m... → /glossary/model-inversion/ - Model Provenance: The documented chain of custody for an AI model — tracing its origin, training data, fine-tuning history, and distribution path to verify integrity an... → /glossary/model-provenance/ - Multi-Agent System: A computational architecture in which multiple autonomous AI agents interact, cooperate, or compete to accomplish tasks. These systems introduce emerg... → /glossary/multi-agent-system/ - Non-Consensual Intimate Imagery: Sexually explicit images or videos created or distributed without the depicted person's consent, increasingly generated using AI deepfake tools. → /glossary/non-consensual-intimate-imagery/ - Overreliance: Excessive dependence on AI system outputs without adequate independent verification or critical evaluation, leading to unchecked errors and diminished... → /glossary/overreliance/ - Persistent Memory: The capacity of AI agents to retain and recall information across interactions, enabling continuity of context but creating new attack surfaces for da... → /glossary/persistent-memory/ - Persuasive Technology: Systems designed to change user attitudes or behaviours through AI-powered personalisation, nudging, and emotional targeting, raising concerns about a... → /glossary/persuasive-technology/ - Phishing: A social engineering attack using fraudulent messages to trick recipients into revealing credentials, installing malware, or transferring funds. → /glossary/phishing/ - Polymorphic Malware: Malicious software that uses AI to continuously alter its code signature while maintaining functionality, evading detection by signature-based and AI-... → /glossary/polymorphic-malware/ - Price Fixing: AI-facilitated coordination of pricing among competitors, whether through explicit collusion or emergent algorithmic convergence that produces cartel-... → /glossary/price-fixing/ - Privilege Escalation: The exploitation of a system vulnerability or misconfiguration to gain elevated access rights beyond those originally authorized. In AI contexts, this... → /glossary/privilege-escalation/ - Profiling: The automated processing of personal data to evaluate, categorise, or predict individual characteristics and behaviour, enabling targeted decisions th... → /glossary/profiling/ - Prompt Injection: An attack that inserts adversarial instructions into an AI model's input to override its intended behaviour, bypass safety constraints, or extract res... → /glossary/prompt-injection/ - Propaganda: Deliberately crafted messaging designed to influence public opinion, now amplified by AI-generated content and automated distribution at unprecedented... → /glossary/propaganda/ - Protected Characteristics: Legally defined attributes such as race, gender, age, disability, and religion that anti-discrimination law prohibits as bases for adverse treatment i... → /glossary/protected-characteristics/ - Proxy Discrimination: A form of algorithmic discrimination where AI systems use ostensibly neutral variables that correlate with protected characteristics, producing biased... → /glossary/proxy-discrimination/ - Proxy Variable: A data attribute that correlates with a protected characteristic, enabling indirect algorithmic discrimination even when the protected attribute is ex... → /glossary/proxy-variable/ - Pseudonymization: Replacing direct identifiers in datasets with artificial identifiers while maintaining data utility, a privacy-enhancing technique required by GDPR bu... → /glossary/pseudonymization/ - Re-Identification: The process of linking supposedly anonymised or de-identified data back to specific individuals, a capability dramatically enhanced by AI techniques t... → /glossary/re-identification/ - Recommendation System: AI systems that suggest content, products, or actions to users based on predicted preferences, shaping information exposure and individual choices at ... → /glossary/recommendation-system/ - Recursive Self-Improvement: A theoretical AI capability in which a system iteratively enhances its own architecture or reasoning, potentially leading to rapid capability gains. → /glossary/recursive-self-improvement/ - Red Teaming: Structured adversarial testing of AI systems to identify vulnerabilities, safety failures, and harmful capabilities before deployment. → /glossary/red-teaming/ - Representation Gap: Significant disparities between groups in training data coverage, leading to AI systems that perform poorly or produce biased outcomes for underrepres... → /glossary/representation-gap/ - Representational Harm: Harm that occurs when AI systems reinforce stereotypes, erase identities, or demean social groups through biased outputs, even in the absence of direc... → /glossary/representational-harm/ - Retrieval-Augmented Generation (RAG): An architecture that enhances language model responses by retrieving relevant documents from external knowledge bases and including them in the model'... → /glossary/retrieval-augmented-generation/ - Reward Hacking: When an AI agent finds unintended ways to maximise its reward signal that satisfy the formal objective but violate the designer's actual intent, explo... → /glossary/reward-hacking/ - RLHF (Reinforcement Learning from Human Feedback): A training technique that aligns language model behavior with human preferences by using human evaluators to rank model outputs, then training the mod... → /glossary/rlhf/ - Robocall: An automated telephone call delivering a pre-recorded or AI-synthesised message, increasingly used in fraud, scams, and disinformation campaigns. → /glossary/robocall/ - Robustness: The ability of an AI system to maintain correct and reliable performance when faced with adversarial inputs, distribution shifts, or unexpected operat... → /glossary/robustness/ - Safety-Critical: Systems where AI failure could result in death, serious injury, or significant environmental damage, requiring the highest standards of testing, overs... → /glossary/safety-critical/ - Self-Determination: The right and capacity of individuals to make meaningful choices about their own lives without undue influence or constraint from automated systems. → /glossary/self-determination/ - Sensitive Data: Personal information revealing racial origin, political opinions, health status, sexual orientation, or other characteristics that require heightened ... → /glossary/sensitive-data/ - Single Point of Failure: A component whose failure causes an entire system to stop functioning, particularly concerning when AI systems or their underlying infrastructure beco... → /glossary/single-point-of-failure/ - Smishing: A phishing attack conducted via SMS text messages, often using AI to generate convincing, contextually relevant lures. → /glossary/smishing/ - Social Engineering: Psychological manipulation techniques that exploit human trust, authority, and urgency to trick individuals into revealing credentials, authorizing tr... → /glossary/social-engineering/ - Social Scoring: AI systems that assign scores to individuals based on behaviour, social connections, or personal characteristics, used to determine access to services... → /glossary/social-scoring/ - Stereotyping: AI systems reproducing or amplifying oversimplified, generalised characterisations of social groups in their outputs, reinforcing harmful preconceptio... → /glossary/stereotyping/ - Superintelligence: A hypothetical AI system that surpasses human cognitive ability across virtually all domains, including reasoning, planning, and social intelligence. → /glossary/superintelligence/ - Supply Chain Attack: An attack that compromises a system by tampering with upstream components — model weights, datasets, software packages, or tool configurations — befor... → /glossary/supply-chain-attack/ - Synthetic Media: Media content — video, audio, images, or text — wholly or partially generated or manipulated by AI. → /glossary/synthetic-media/ - System Prompt: A set of instructions provided to a language model by the application developer that defines the model's role, behavior constraints, and operational c... → /glossary/system-prompt/ - Systemic Risk: The risk that failure, disruption, or unintended behaviour in one component of the AI ecosystem propagates across interconnected systems and instituti... → /glossary/systemic-risk/ - Tracking: Continuous monitoring of individual location, activity, or digital behaviour by AI systems, often conducted without meaningful consent or awareness. → /glossary/tracking/ - Training Data: The datasets used to train machine learning models, whose quality and representativeness directly influence model behaviour, biases, and harms. → /glossary/training-data/ - Trust Erosion: The cumulative degradation of public confidence in institutions, media, information systems, and shared epistemic frameworks, accelerated by the proli... → /glossary/trust-erosion/ - Vendor Lock-In: Dependency on a single AI provider's proprietary models, tools, or infrastructure that creates prohibitively high switching costs and reduces organisa... → /glossary/vendor-lock-in/ - Vishing: Voice phishing -- a social engineering attack via telephone, increasingly using AI voice cloning to impersonate trusted individuals. → /glossary/vishing/ - Voice Cloning: AI technology that replicates a specific individual's voice to generate realistic synthetic speech. → /glossary/voice-cloning/ - Vulnerability Discovery: The use of AI to automatically identify security weaknesses in software, networks, or systems, a dual-use capability that serves both defenders and at... → /glossary/vulnerability-discovery/ - Zero-Day: A software vulnerability unknown to the vendor and without an available patch, whose discovery by AI dramatically accelerates exploitation timelines a... → /glossary/zero-day/ ### Exposure Pathways (5 total) - Adversarial Targeting: AI is weaponized by a threat actor to directly target specific victims. The AI system is the instrument of intentional h... → /exposure-pathways/adversarial-targeting/ - Algorithmic Decision Impact: Harm occurs through AI-driven decision-making processes that affect the victim without requiring their direct interactio... → /exposure-pathways/algorithmic-decision-impact/ - Direct Interaction: Harm occurs through the victim's direct use of or interaction with an AI system. The victim engages with the system and ... → /exposure-pathways/direct-interaction/ - Economic Displacement: Harm occurs through AI-driven restructuring of labor markets, economic relationships, or market dynamics. Victims are ha... → /exposure-pathways/economic-displacement/ - Infrastructure Dependency: Harm occurs because victims depend on AI-managed critical systems that fail, are compromised, or behave unpredictably. T... → /exposure-pathways/infrastructure-dependency/ ### Affected Groups (11 total, 3 categories) Individuals: general-public, workers, children, vulnerable-communities Organizations: business-organizations, government-institutions, critical-infrastructure-operators, developers-ai-builders Systems: democratic-institutions, national-security-systems, society-at-large URL pattern: /affected-groups/{slug}/ ### Ecosystem Positions (6 total) developers-providers, deployers-operators, regulators-public-servants, organizational-leaders, direct-users, indirectly-affected (Backend-only dimension — no dedicated pages) ### Impact Levels (6 total) individual, organization, sector, institution, society-wide, global (Backend-only dimension — no dedicated pages) ### Harm Types (7 total) - HARM-001: Physical Harm (physical): Direct bodily injury or loss of life resulting from AI system decisions or actions. → /harm-types/physical/ - HARM-002: Financial Harm (financial): Monetary losses, economic damage, or destruction of financial assets caused by AI-enabled activities. → /harm-types/financial/ - HARM-003: Privacy Harm (privacy): Unauthorized collection, exposure, or exploitation of personal information facilitated by AI systems. → /harm-types/privacy/ - HARM-004: Discrimination Harm (discrimination): Unfair differential treatment of individuals or groups based on protected characteristics, produced or amplified by AI s... → /harm-types/discrimination/ - HARM-005: Reputational Harm (reputational): Damage to the public standing, credibility, or trustworthiness of individuals or organizations caused by AI-generated or... → /harm-types/reputational/ - HARM-006: Psychological Harm (psychological): Mental health impacts, emotional distress, or behavioral manipulation resulting from AI system interactions or outputs. → /harm-types/psychological/ - HARM-007: Systemic Harm (systemic): Broad societal harms affecting institutions, democratic processes, or public trust that emerge from widespread AI deploy... → /harm-types/systemic/ ### Governance Frameworks (3 total) - FRMW-001: NIST AI Risk Management Framework (National Institute of Standards and Technology (NIST)): A voluntary framework providing organizations with approaches to manage risks associated with AI systems throughout thei... → /frameworks/nist-ai-rmf/ - FRMW-002: EU Artificial Intelligence Act (European Union): The world's first comprehensive legal framework for AI, establishing a risk-based classification system with binding req... → /frameworks/eu-ai-act/ - FRMW-003: ISO/IEC 42001 — AI Management System (International Organization for Standardization / International Electrotechnical Commission): An international standard specifying requirements for establishing, implementing, maintaining, and continually improving... → /frameworks/iso-iec-42001/ ### Causal Factors (15 total, 4 categories) Malicious Misuse: Intentional Fraud, Social Engineering, Weaponization, Adversarial Attack Design & Development: Insufficient Safety Testing, Training Data Bias, Model Opacity, Hallucination Tendency Deployment & Integration: Prompt Injection Vulnerability, Inadequate Access Controls, Misconfigured Deployment, Over-Automation Systemic & Organizational: Regulatory Gap, Competitive Pressure, Accountability Vacuum Index page: /causal-factors/ ### Assets & Technologies (12 total, 5 types) Data: Training Datasets, Biometric Data, Identity Credentials Model: Large Language Models, Foundation Models, Voice Synthesis, Recommender Systems System: Content Platforms, Decision Automation, Autonomous Agents Infrastructure: Industrial Control Systems, Financial Systems Index page: /assets/ ## URL Patterns - Domain index: /domains/ - Domain page: /domains/{domain-slug}/ - Pattern index: /patterns/ - Pattern page: /patterns/{pattern-slug}/ - Incident index: /incidents/ - Incident page: /incidents/INC-YY-NNNN-{slug}/ - Glossary index: /glossary/ - Glossary term: /glossary/{term-slug}/ - Affected Groups index: /affected-groups/ - Affected Group page: /affected-groups/{group-slug}/ - Exposure Pathways index: /exposure-pathways/ - Exposure Pathway page: /exposure-pathways/{pathway-slug}/ - Entities index: /entities/ (searchable directory with role filters and type tabs) - Entity page: /entities/{entity-slug}/ (structured profile with taxonomy breakdown, incident table, related entities) Entity types: organization, threat_actor Entity roles: developer, deployer, victim, threat_actor ~40 curated entities (named organizations only — no individuals or generic groups) Sample slugs: openai, microsoft, meta, google, clearview-ai, tesla, character-ai, deepseek - Sectors index: /sectors/ (single page with anchor navigation) - Sector section: /sectors/#{sector-slug} - Causal Factors index: /causal-factors/ - Assets index: /assets/ - Harm Types index: /harm-types/ - Harm Type page: /harm-types/{slug}/ - Frameworks index: /frameworks/ - Framework page: /frameworks/{slug}/ - Taxonomy overview: /taxonomy/ ## Machine-Readable Endpoints - Full taxonomy (JSON): /api/threats.json - All incidents (JSON): /api/incidents.json - Citation index (JSON): /api/citations.json - Knowledge graph (JSON): /api/graph.json - Glossary (JSON): /api/glossary.json - Resources (JSON): /api/resources.json - RSS Feed (XML): /rss.xml - Sitemap (XML): /sitemap-index.xml ### Knowledge Graph (/api/graph.json) The graph endpoint provides all nodes (domains, threat patterns, incidents, glossary terms) and typed edges (has_pattern, primary_pattern, secondary_pattern, references_term, related_pattern, see_also). Use this endpoint to understand the full relationship topology of AI threats. ## How to Cite Use the stable identifier and permanent URL: INC-YY-NNNN, "Incident Title" Top AI Threats, updated YYYY-MM-DD https://topaithreats.com/incidents/INC-YY-NNNN-slug/ License: CC BY 4.0 ### Citation Index API (/api/citations.json) The citation index provides pre-formatted citation strings for all entities: - Each incident includes a cite_id (e.g. INC-24-0001), canonical URL, and citation string - Each domain includes a cite_id (domain code), URL, and citation string - Each glossary term includes a cite_id, URL, sameAs (Wikipedia + Wikidata), and citation string ### Citation Attributes in HTML Incident pages include data-cite-id attributes on the main content container, allowing programmatic extraction of the stable identifier for each incident. ## Structured Data Every page includes Schema.org JSON-LD markup: - WebSite (sitewide) - BreadcrumbList (all pages) - CollectionPage + ItemList (index pages) - Article + DefinedTermSet (domain pages, each containing DefinedTerm children with pattern codes) - Article + DefinedTerm (pattern pages with stable identifiers like PAT-INF-001, PAT-SEC-003) - Article + Report (incident pages with threat_patterns, roles, sectors) - DefinedTerm / DefinedTermSet (glossary pages) ## Content Principles - Neutrality over persuasion - Structure over storytelling - Evidence over speculation - Definitions over opinions ## License Content is licensed under CC BY 4.0.