Real-world incident record
Already Happening
A curated, representative sample of real-world AI harms — one incident chosen to illustrate each failure mode, per year — drawn from a far larger public record. The OECD AI Incidents Monitor alone tracks over fourteen thousand entries. Deployment is outpacing the evaluation that should follow it.
Real-world incident record
Already Happening
Our 144 entries below are a curated, representative sample — one incident chosen to illustrate each failure mode, per year — drawn from a far larger public record. The full OECD AI Incidents Monitor tracks over 14,000 entries; the AI Incident Database over 5,000; the MIT AI Risk Repository over 1,700. The rise in documented incidents reflects both broader deployment and better reporting — the systems are no longer confined to the lab.
How these are defined — OECD terminology
The OECD distinguishes between actual and potential harm, and classifies events by severity. Source: OECD (May 2024) — Defining AI Incidents and Related Terms.
- AI incident
- Actual harmAn event where AI development, use, or malfunction directly or indirectly leads to injury or harm to health, disruption of critical infrastructure, violation of human/labour/IP rights, or harm to property, communities, or the environment.
- Serious AI incident
- Actual, severeAn AI incident that leads to death, serious health harm, serious and irreversible infrastructure disruption, serious rights violation, or serious harm to property, communities, or the environment. Seriousness is context-dependent.
- AI disaster
- Actual, societalA serious AI incident that disrupts a community or society's functioning and tests or exceeds its capacity to cope. Can be localised and immediate or widespread and prolonged.
- AI hazard
- Potential harmAn event that could plausibly lead to an AI incident. Includes near-misses and AI-related risks across design, training, and operation.
- Serious AI hazard
- Potential, severeAn event that could plausibly lead to a serious AI incident or AI disaster.
Seven recognised types of harm
- Physical — product/functional safety; injury severity.
- Environmental — pollution, contamination, ecological damage.
- Economic or financial — losses to individuals, organisations, markets; includes harm to property.
- Reputational — damage to trust in institutions or individuals.
- Public interest — harm to critical infrastructure, political systems, rule of law, social fabric.
- Human rights and fundamental rights — privacy, non-discrimination, free expression.
- Psychological — mental health, distress, manipulation of preference.
Note: the OECD definition explicitly includes harms arising from two or more AI systems interacting, including agentic systems, and harms caused before wide deployment (e.g. during training). "Use" covers misuse — intentional or unintentional — outside the intended purpose.
A near-miss, not an incident: an AI lab withholds its own frontier model, judging its offensive-security capability too dangerous to release
Under the OECD terminology above, this is a hazard — a near-miss — rather than an incident: no public harm occurred, because the capability was held back. Anthropic disclosed that its unreleased frontier model, Claude Mythos Preview, had found thousands of previously unknown zero-day vulnerabilities — including some in every major operating system and every major web browser, among them a 27-year-old flaw in OpenBSD and a 16-year-old flaw in FFmpeg. Judging that no developer yet has safeguards strong enough to stop a model of that capability being misused, it withheld Mythos and launched Project Glasswing, working with roughly fifty maintainers of systemically important software (including core internet infrastructure) to harden critical systems before increasingly capable AI can be turned against them. A later update reported more than ten thousand high- or critical-severity vulnerabilities across partner software, including 6,202 in open-source projects. Anthropic said it was in ongoing discussions with US government officials; according to news reporting, Treasury Secretary Bessent and Fed Chair Powell went on to brief major US banks. This is the shape of the decade ahead: a single training run can raise offensive capability faster than the world can harden its defences.
Read Anthropic's Project Glasswing announcement →Click a year below to expand its incidents. Click any incident to read its full description. Use the filter buttons above to narrow by failure-mode category.
Each bar shows the number of documented AI incidents per year, drawn from the AI Incident Database, AIAAIC, the OECD AI Incidents Monitor, and news reports. Click any bar to see individual incidents. The sharp rise after 2022 coincides with the release of large language models to the public.
Curated from AI Incident Database, MIT AI Risk Repository, AIAAIC, OECD AI Incidents Monitor, and news reports.
Recap
- What you saw
144 real-world AI incidents catalogued since 2015, rising sharply after 2022.
- What it means
Documented harm tracks deployment, not capability — the harms arrive with the rollout.
- What to watch
OECD AI Incidents Monitor and AIAAIC monthly incident counts.