India AI Impact Summit Insights
All sessions

How to Build Global AI Incident Monitoring & Response

Contents

Executive Summary

This panel discussion addresses the critical gap in global AI incident monitoring and response infrastructure. Rather than waiting for a catastrophic AI incident to trigger policy action, panelists from the OECD, Japan AI Safety Institute, Brazil's Ministry of Science and Technology, and Brookings Institution argue that systematic cross-border incident detection, classification, and information-sharing mechanisms are urgently needed to enable early warning signals and coordinated policy responses.

Key Takeaways

  1. Systemic infrastructure is more urgent than catalytic crises — We should not wait for a catastrophic AI incident to build monitoring and response mechanisms. They are needed now to detect, analyze, and learn from incidents already occurring.

  2. Post-deployment monitoring must equal pre-deployment testing — Risk management frameworks must shift from exclusively pre-deployment evaluation to continuous, systematic post-deployment monitoring, with particular attention to emergent failures and behaviors unobservable before deployment at scale.

  3. Standardization without rigidity is essential — The field needs consensus on AI incident definitions, taxonomies, and reporting thresholds, but these must remain flexible enough to accommodate different jurisdictional regulations and evolving technology capabilities (i.e., "living documents").

  4. International cooperation cannot be optional — Because AI systems inherently operate across borders, incident response requires mandatory mechanisms for cross-jurisdictional information sharing, coordinated thresholds, and agreed-upon escalation protocols. Unilateral action or forum shopping will be ineffective.

  5. Closing the feedback loop is the priority — Merely collecting and classifying incidents is insufficient. Incident infrastructure must systematically generate policy recommendations, causality analyses, and evidence-based mitigation strategies that feed back to policymakers and reduce response latency.

Key Topics Covered

  • AI incident detection gaps — Current reliance on mainstream media for incident identification and limitations of this approach
  • Temporal and jurisdictional mismatches in risk management frameworks, with emphasis on pre-deployment vs. post-deployment monitoring
  • Global supply chain complexity — AI systems trained, hosted, and deployed across multiple jurisdictions simultaneously
  • Accountability challenges — Difficulty assigning responsibility within complex, distributed AI development ecosystems
  • Preparedness and response capacity — International coordination and systemic readiness for incident management
  • Taxonomies and definitions — Standardizing AI incident classification across countries and jurisdictions
  • Information sharing protocols — Balancing transparency with business confidentiality and national security concerns
  • AI Safety Institute governance models — Varying institutional designs and mandates across countries
  • Emerging incident trends — Deepfakes, AI-enabled cyberattacks, autonomous system failures, and electoral manipulation
  • Technology-policy mismatch — Speed of AI development outpacing governance and regulatory development

Key Points & Insights

  1. AI incidents are already occurring and increasing in frequency, scale, and severity—including AI-enabled cyberattacks on critical infrastructure, manipulative systems targeting vulnerable populations, and AI systems exhibiting deceptive behavior. The hypothesis that we need a catastrophic incident to trigger policy action is problematic because serious incidents are already happening.

  2. Detection blindness is systemic. Current incident monitoring relies heavily on media reportage, which creates significant blind spots. Companies lack systematic incentives to report failures; pre-deployment testing cannot reliably predict real-world behavior; and emergent failures only surface at scale during actual deployment.

  3. Pre-deployment frameworks cannot catch post-deployment risks. Risk management and red teaming before deployment are necessary but insufficient. Cascading interactions, system integrations, open-ended use cases, and agent behaviors that differentiate between testing and operational environments cannot be reliably predicted beforehand.

  4. Causality and root cause analysis are missing. Current OECD incident monitoring tracks what happened but lacks systematic approaches to understanding why incidents occur, which is essential for meaningful policy feedback loops and mitigation recommendations.

  5. Cross-jurisdictional complexity creates enforcement gaps. AI systems are trained in one jurisdiction, hosted in another, deployed in a third, and operated by entities in a fourth. No single country has visibility into the entire AI lifecycle, creating accountability vacuums and information asymmetries.

  6. Company incentives misaligned with transparency. Unlike cybersecurity incidents (which can be immediately followed by patches), AI incident reporting offers no quick win or reputation recovery. Companies are disincentivized to disclose failures, particularly when caused by cheaper, buggier components chosen for cost reasons.

  7. Technology evolves faster than governance. Capability improvements in generative AI, deepfake tools, and agentic systems are outpacing the development of monitoring frameworks, taxonomies, and regulatory responses. Living documents and periodic updates are necessary but struggle to keep pace.

  8. Information sharing thresholds remain undefined. There is no consensus on what level of detail should be shared internationally, which parties should receive sensitive information, how to protect business secrets while enabling coordination, or what triggers should mandate cross-border incident escalation.

  9. Categorical gaps in institutional capacity. While some countries (US, Japan, EU) are establishing AI Safety Institutes with examination and monitoring capabilities, many nations lack basic technical infrastructure, skilled personnel, or institutional frameworks to participate in global incident response.

  10. Media bias distorts incident perception. Autonomous vehicle accidents, for example, were heavily reported when novel but now receive minimal coverage despite increased frequency. Election-related incidents spike around electoral cycles. These reporting patterns shape public and policy perception disproportionately to actual harm severity.

Notable Quotes or Statements

"AI incidents are happening. What we need is not another AI incident. What we need is to build crossborder infrastructure to actually prevent AI incidents, to classify them, analyze alarming patterns, share incidents across jurisdictions, and learn from them." — Nikki Akamatsu (Future Society)

"The majority of serious incidents we need to worry about, report, and deal with are those happening post-deployment, not pre-deployment. But our risk management frameworks assume incidents can be identified and managed pre-deployment within national organizational borders." — Alhim Tabasi (Brookings Institution)

"The sensing is the major gap. At the moment we detect pretty much only what spills over—what is significant enough to be newsworthy. This is not systematic. And then the feedback loop back to policymakers is missing." — Michael Grabelnik (OECD AI Incident Working Group)

"We don't have a shared taxonomy, uniform thresholds for reporting across jurisdictions, or a systemic way of monitoring. We're relying on external researchers and media, creating blind spots we should be worried about." — Alhim Tabasi

"The biggest problem is the time of politics and bureaucracy—very slow compared to the speed of technology. We need to solve problems yesterday for tomorrow." — Hugo Valadares (Brazil Ministry of Science and Technology)

"AI systems can behave completely differently in testing versus operational environments. We don't know how to design tests for behaviors we haven't thought of." — Alhim Tabasi

"The AI Safety Institute network's mission is not just to do monitoring ourselves but to discuss what benchmarks and safety lines we need globally. We focus on technical issues, leaving ethics and human rights to organizations like the OECD and GPI." — Ako Murakami (Japan AI Safety Institute)

Speakers & Organizations Mentioned

EntityRole
Future SocietyOrganizer of summit; hosts Athens Roundtable on incident prevention; leads incident infrastructure development discussions
OECD AI Expert Group on AI IncidentsCo-organizer; maintains OECD AI Incident Monitor (OCD.AI/incidents); develops incident taxonomy and definitions
Nikki AkamatsuSpeaker; associate at Future Society
Alhim TabasiDirector of AI and Emerging Technology Initiative, Brookings Institution; former Chief AI Adviser at US NIST
Ako MurakamiExecutive Director, Japan AI Safety Institute
Michael GrabelnikAI Champion for Slovenia; AI researcher; co-chairs OECD AI Incident Working Group
Hugo ValadaresDirector of Department of Science and Technology and Digital Innovation, Brazil Ministry of Science and Technology
Kyle Machado (assumed)Moderator
US NISTDevelops AI Risk Management Framework (AIRC)
European UnionEU AI Act cited as early regulatory reporting requirement example
California State LegislatureSB 43 cited as early US incident reporting requirement
Brazil's Central BankDeveloped Pix payment system; victim of recent AI-enabled cyberattacks
BRICSPayment system launched; subject of potential AI-enabled attacks
UKMentioned as future location of AI safety collaboration discussions
Japan AI Safety InstituteDeveloping incident response playbooks and working groups (vertical and horizontal)
Federal University of Minas GeraisCoordinating Brazil's upcoming AI Safety Institute proposal

Technical Concepts & Resources

Taxonomies & Frameworks

  • OECD AI Incident Taxonomy — Classifies incidents into ~14 categories; distinguishes incidents, accidents, and hazards; includes space for "catastrophic incidents" (not yet realized)
  • OECD AI Incident Monitor (AIM) — Public portal at OCD.AI/incidents; tracks ~tens of incidents per day across multiple languages and cultures, primarily Western-focused
  • AI Risk Management Framework (AIRC/IRMF) — US NIST framework emphasizing post-deployment monitoring and continual governance; exception to pre-deployment-only approaches
  • NIST's Red Teaming, Benchmarking, and Threat Modeling — Pre-deployment evaluation approaches acknowledged as necessary but insufficient

Incident Categories Discussed

  • Deepfakes and synthetic media — Emerging rapidly with near-zero production cost; driven by tools like "nano banana"; increasing in reported frequency
  • AI-enabled cyberattacks — Targeting critical infrastructure (e.g., Pix payment system in Brazil)
  • Autonomous system failures — E.g., autonomous vehicle accidents; initially high media attention, declining coverage despite increased incident frequency
  • Election and political manipulation — AI-generated misinformation; incidents spike around electoral cycles
  • Manipulative systems targeting vulnerable populations — Particularly children; behavioral targeting
  • Deceptive AI behavior — Systems refusing to shut down; differentiation between testing and operational environments

Governance & Institutional Models

  • Vertical working groups — Industry-sector-specific incident response frameworks (healthcare, robotics, financial, etc.)
  • Horizontal working groups — Cross-sector technical safety issues (data quality, model inspection)
  • Living documents approach — Regularly updated incident response frameworks to accommodate rapid technology change
  • Multi-sectoral participation model — Academia, industry, civil society, government coordinating incident response without government monopoly

Operational Challenges Referenced

  • Agent differentiation — AI agents capable of detecting and behaving differently in development vs. operational environments
  • Cascading interactions — System integration failures not predictable from component testing
  • Open-ended use — Model deployment in contexts the developers never anticipated
  • Decommissioning ambiguity — Difficulty verifying complete removal of AI systems; variants and forks persist
  • Causality analysis gap — No systematic root-cause framework for incidents

Policy & Regulatory References

  • EU AI Act — Early example of mandatory incident reporting requirement
  • California SB 43 — State-level incident reporting legislation
  • Brazil AI Plan (2024) — 54-action framework covering human resources, data sovereignty, hardware/supercomputing, and cybersecurity
  • Mandatory company reporting — Emerging requirement across jurisdictions (effectiveness and enforcement still unclear)

Data & Evidence

  • Incident monitoring data shows increasing frequency, scale, and severity
  • Deepfake incidents show sharp recent uptick (past 3–6 months)
  • Autonomous vehicle incident reporting shows declining media coverage despite increased incidents
  • Election-related incidents show cyclical spike patterns tied to electoral calendars
  • Mainstream media bias — Reportage inversely correlates with novelty; early incidents receive outsized coverage

Critical Gaps Identified (For Policymakers)

  1. Detection infrastructure — Systematic incident monitoring beyond media scraping
  2. Causality analysis — Understanding why incidents occur to enable targeted policy responses
  3. Feedback loops — Mechanisms for incident data to inform evidence-based policy recommendations in real time
  4. Cross-border information sharing protocols — Agreed thresholds, data governance, and escalation procedures
  5. Standardized definitions — Global consensus on what constitutes a reportable AI incident
  6. Accountability frameworks — Liability regimes and responsibility assignment in complex, global supply chains
  7. Preparedness capacity — Technical and institutional resources in countries without mature AI safety infrastructure
  8. Incentive alignment — Mechanisms to encourage company transparency despite reputational and competitive costs
  9. Post-deployment monitoring — Continuous systematic oversight after deployment, not just pre-deployment testing
  10. Decommissioning protocols — Procedures ensuring complete removal or safe archiving of AI systems

Institutional Recommendations (Implied)

  • Establish or strengthen national AI Safety Institutes with examination and monitoring capabilities
  • Develop multi-stakeholder incident response working groups (vertical by sector, horizontal by technical issue)
  • Create public-private partnerships with private sector participation in incident analysis without requiring disclosure of proprietary details
  • Build international information-sharing mechanisms with tiered access controls (public, restricted, confidential)
  • Align reporting thresholds based on severity and harm potential rather than model type or capabilities
  • Implement living document approaches to taxonomies and response frameworks
  • Coordinate with regional partners (e.g., Latin America, Southeast Asia) before global standardization
  • Prioritize causality analysis and root-cause investigations over incident counting