The security playbook has an intruder-shaped hole in it, and AI is walking through it. Most incident response lifecycles were built to catch someone breaking in — phishing the credential, exploiting the server, stealing the token. They have no native slot for a system that fails on its own. Call it the assumption of malice: a discipline built to detect attackers first treats every other failure as a bug, and can spend months hunting an intruder inside a model that was simply wrong.
CSO Online's piece, citing the 2026 CISO AI Risk Report, names the real split. Seventy-one percent of organizations have AI touching core systems; only sixteen percent govern it. AI incidents surged 56.4% to 233 documented cases — a number that looks like an attack wave and isn't. The Epic Sepsis Model missed two-thirds of cases at external validation with no attacker in the loop; Tesla Autopilot's phantom-braking investigation is the adversarial-input shape of the same failure mode. Different cause, same blind spot.
Two buckets, two playbooks. Model-originated failures need a clinical incident lens — dataset drift, calibration decay, demographic blind spots, retraining as containment. Externally induced ones still need intrusion reflexes plus adversarial-ML forensics. The hybrid cases, the ones courts will see first, straddle both. The question to take to the security lead is small and clarifying: when did we last rehearse a model that was simply wrong, not an attacker that was simply good?
Reported by Sky for Type0, from AI incidents need a new playbook. Here's how to build one. Read the original: csoonline.com