1 min read
Incident Response for AI Systems: Handling AI Failures
I wrote “Incident Response for AI Systems: Handling AI Failures” to share practical, production-minded guidance on this topic.
AI Incident Response Framework
from dataclasses import dataclass
from enum import Enum
from typing import List, Dict, Optional
from datetime import datetime
class IncidentSeverity(Enum):
SEV1 = "critical" # System down, data corruption
SEV2 = "high" # Major feature unavailable
SEV3 = "medium" # Degraded performance
SEV4 = "low" # Minor issues
class IncidentType(Enum):
HALLUCINATION = "hallucination"
TOXICITY = "toxicity"
DATA_LEAK = "data_leak"
PERFORMANCE = "performance"
AVAILABILITY = "availability"
BIAS = "bias"
@dataclass
class AIIncident:
id: str
type: IncidentType
severity: IncidentSeverity
description: str
affected_systems: List[str]
detected_at: datetime
mitigated_at: Optional[datetime] = None
resolved_at: Optional[datetime] = None
class AIIncidentResponse:
def __init__(self):
self.incidents = {}
self.playbooks = self.load_playbooks()
async def detect_incident(self, alert: Dict) -> Optional[AIIncident]:
"""Detect and classify AI incident from alert."""
incident_type = self.classify_incident(alert)
if not incident_type:
return None
severity = self.assess_severity(alert, incident_type)
incident = AIIncident(
id=self.generate_id(),
type=incident_type,
severity=severity,
description=alert.get("description"),
affected_systems=alert.get("systems", []),
detected_at=datetime.now()
)
self.incidents[incident.id] = incident
await self.trigger_response(incident)
return incident
async def trigger_response(self, incident: AIIncident):
"""Execute incident response playbook."""
playbook = self.playbooks.get(incident.type)
if not playbook:
await self.generic_response(incident)
return
# Execute playbook steps
for step in playbook.steps:
try:
await step.execute(incident)
except Exception as e:
await self.log_error(incident, step, e)
def load_playbooks(self) -> Dict:
"""Load incident response playbooks."""
return {
IncidentType.HALLUCINATION: Playbook([
Step("disable_endpoint", self.disable_endpoint),
Step("notify_team", self.notify_team),
Step("collect_evidence", self.collect_hallucination_evidence),
Step("rollback_model", self.rollback_to_previous),
Step("verify_fix", self.verify_endpoint)
]),
IncidentType.TOXICITY: Playbook([
Step("block_output", self.block_toxic_output),
Step("notify_team", self.notify_team),
Step("review_guardrails", self.review_guardrails),
Step("update_filters", self.update_content_filters)
]),
IncidentType.DATA_LEAK: Playbook([
Step("disable_immediately", self.disable_endpoint),
Step("notify_security", self.notify_security_team),
Step("preserve_evidence", self.preserve_logs),
Step("assess_impact", self.assess_data_impact),
Step("notify_affected", self.notify_affected_users)
])
}
async def rollback_to_previous(self, incident: AIIncident):
"""Rollback to previous known-good version."""
for system in incident.affected_systems:
previous = await self.get_previous_version(system)
await self.deploy_version(system, previous)
Effective incident response minimizes AI system impact and enables quick recovery.\n\n## Takeaways\n\nAdd a concise, personal takeaway and recommended next steps here.\n