Privacy & Security

Encompasses risks to personal privacy and system security from AI. This spans unauthorized inference or leakage of sensitive information, as well as vulnerabilities in AI systems that can be exploited through adversarial attacks, data breaches, or manipulation of model behavior.

Incidents up 81% since 2024
327 governance documents adopted or proposed in 2025–2026
55% of incidents involve AI system as the causal entity
OpenAI is the most frequently cited developer (21 incidents, 19%)

192 risks(5th)

109 incidents(5th)

944 governance(3rd)

2.1 Loss of privacy

80 risks 88 incidents 410 governance

View subdomain details →

2.2 AI security vulnerabilities

112 risks 21 incidents 534 governance

View subdomain details →

Governance vs. Incident volume

Well-covered (-0.05)

Well-governedUnder-governed

Incident volume relative to governance coverage; each dot is one of 7 domains

Dataset Drilldown

Recent Incidents

An autonomous AI security testing agent successfully compromised McKinsey's internal AI platform Lilli within 2 hours, gaining full read and write access to the production database containing 46.5 million chat messages, 728,000 files, and 57,000 user accounts through an unauthenticated SQL injection vulnerability.

AI systemIntentionalPost-deployment

Developers: Mckinsey And Company, Codewall

Deployers: Mckinsey And Company, Codewall

View on AIID View full details →

Meta's AI-powered smart glasses captured intimate footage including people using bathrooms, having sex, and handling sensitive documents, which was then reviewed by human contractors in Kenya without the subjects' knowledge or consent.

AI systemUnintentionalPost-deployment

Developers: Meta, Meta AI

Deployers: Meta, Meta AI, Sama

View on AIID View full details →

Three Chinese AI labs (DeepSeek, Moonshot, and MiniMax) conducted large-scale distillation attacks against Anthropic's Claude model, using over 24,000 fraudulent accounts to generate 16+ million exchanges and extract capabilities for their own models.

HumanIntentionalPost-deployment

Developers: Anthropic

Deployers: Deepseek, Moonshot AI, Minimax, Proxy Reseller Services

View on AIID View full details →

Browse all 109 incidents →

Entity

Who or what caused the harm

Human

AI system

Other

Not coded

Intent

Whether the harm was intentional or accidental

Intentional

Unintentional

Other

Not coded

Timing

Whether the risk is pre- or post-deployment

Pre-deployment

Post-deployment

Other

Not coded

Browse all 199 risks →

Recent Governance Documents

Authorize the Secretary of Defense to establish AI Institutes focused on national security. Directs support for interdisciplinary AI research, partnership, innovation ecosystems, and workforce development.

EnactedHard LawAI Systems

Source AGORA

View full details →

Requires the Secretary of Defense to develop requirements ensuring DoD-funded biological data resources facilitate AI use. Defines "qualified biological data," includes metrics for data quality, cybersecurity safeguards, privacy protections, and allows national security exceptions. Requires the Secretary to consult relevant sectors about the feasibility of new requirements and review existing frameworks.

EnactedHard Law

Source AGORA

View full details →

Requires the Secretary of Defense to develop a cybersecurity policy for AI/ML systems no later than 180 days after the act is passed. Develop a comprehensive review of the effectiveness of the AI/ML policies. Addresses potential security risks, implements methods to mitigate those risks, and establishes standard policy. Requires a comprehensive report of the threats and cybersecurity measures by August 31, 2026.

EnactedHard LawAI Systems

Source AGORA

View full details →

Browse all 643 documents →