Defining an “AI Incident Response”

An AI Incident Response refers to a public official response to an incident in the AI Incident Database (AIID) from an entity (i.e. company, organization, individual) allegedly responsible for developing or deploying the AI or AI system involved in said incident.

An AI Incident Response typically contains reasonably adequate information about the incident regarding:

  1. What happened,
  2. Why the incident happened,
  3. What the entity has done or is going to do to
    1. remediate the incident, and
    2. prevent future incidents from recurring.

Submitting Incident Responses

The AI Incident Database is designed to provide information, structure, and perspectives on AI incidents. If you are listed as an entity for one or more incidents, we would very much like to work with you to provide your perspective. You can either submit a response directly to the database, or contact us to discuss submitting a response.

Purpose of an AI Incident Response

Publishing a response in the AIID is an opportunity for the allegedly responsible entities to have a voice in the discussion of the incident in order to proactively prevent future harms and promote the ethical and responsible practice of AI.

Responses are opportunities to:

  • Provide transparency to the public about the AI incident, the root incident causes, and the entity’s actions to remediate harms and/or prevent future harms.
  • Demonstrate proactivity and leadership, and
  • Highlight the entity’s unique perspective and relevant analysis stemming from their technical knowledge of the underlying AI system components.

Full and complete incident responses are opportunities to simultaneously benefit society and corporate interests. To illustrate what constitutes “full and complete,” we introduce several examples of incident responses that are already in the Incident Database along with where they could improve.

Examples of Incident Responses

Report 1: Knightscope Issues Field Incident Report

Incident description: On July 7, 2016, a Knightscope K5 autonomous security robot collided with a 16-month old boy while patrolling the Stanford Shopping Center in Palo Alto, CA.

Incident Response Excerpt by Knightscope, Inc.:

“K5 Autonomous Data Machines have driven over 25,000 miles and have been in operation for over 35,000 hours typically traveling at approximately 1 mph without any reported incidents. There have been thousands of encounters with adults, children and both large and small pets documented daily on social media that have also taken place without any reported incidents. Each K5 hosts nearly 30 sensors, including a multitude of laser ranging devices, sonar sensors and a robust software stack, allowing machines the capability to sense the surrounding environment from less than an inch away to over 300 feet.”

Why is this report an AI incident response? This report provides the entity’s perspective on what and why the incident happened, details about the AI involved, and their public apology and method for remediating the incident with the involved party.

What is missing from the response? The entity did not provide many details about prevention of future incidents.

Report 2: Removing Coordinated Inauthentic Behavior From Georgia, Vietnam and the US

Incident description: A large network of pages, groups, and fake accounts having GAN-generated face photos associated with The BL, a US-based media outlet, reportedly bypassed Facebook moderation systems to push political narratives on its platform and Instagram.

Incident Response Excerpt by Facebook:

Although Facebook is not the party deploying the attack, their involvement as a social media platform having a responsibility to protect their users from these attacks qualifies their response as an incident response.

We’re constantly working to detect and stop this type of activity because we don’t want our services to be used to manipulate people. We’re taking down these Pages, Groups and accounts based on their behavior, not the content they posted. In each of these cases, the people behind this activity coordinated with one another and used fake accounts to misrepresent themselves, and that was the basis for our action.

Today, we removed 39 Facebook accounts, 344 Pages, 13 Groups and 22 Instagram accounts as part of a domestic-focused network that originated in the country of Georgia.

We also removed 610 accounts, 89 Facebook Pages, 156 Groups and 72 Instagram accounts that originated in Vietnam and the US and focused primarily on the US and and some on Vietnam, Spanish and Chinese-speaking audiences globally.

Why is this report an AI incident response? This report provides a clear description on how Facebook services were used by The BL to manipulate people, and a detailed account of the incident and their immediate containment and remediation processes.

What is missing from the response? The entity did not include details on prevention of future incidents or recurring harms.