AI Incident Response
What This Requires
Develop AI-specific incident response plan covering: detection, triage, containment, eradication, recovery, and post-incident review. Define incident types (security breach, bias, drift, outage) and response procedures. Conduct annual tabletop exercise.
Why It Matters
Generic incident response misses AI-specific scenarios (prompt injection, model poisoning, bias incidents). Tailored plan ensures rapid, appropriate response.
How To Implement
Define Incident Types
Categories: (1) Security (prompt injection, data exfiltration), (2) Performance (drift, outage), (3) Bias/Fairness (discriminatory outputs), (4) Safety (harmful content generation).
Response Procedures
For each type, define: detection criteria (alerts, user reports), triage (assess severity), containment (disable feature, roll back model), eradication (fix root cause), recovery (deploy fix, validate), post-incident review.
Roles & Communication
Designate incident commander, technical lead, comms lead. Define escalation path (on-call → manager → exec). Template for user communication (status page, email).
Tabletop Exercise
Annually simulate incident (e.g., prompt injection exfiltrating PII). Walk through response steps, identify gaps, update plan.
Evidence & Audit
- Incident response plan document
- Incident type definitions and response procedures
- Roles and escalation matrix
- Communication templates
- Tabletop exercise reports with lessons learned