Monitor advanced capabilities and emerge…

BackAssess and monitor AI-related cyber incidents

This page is still being polished. If you have thoughts, please share them via the feedback form.

Data on this page is preliminary and may change. Please do not share or cite these figures publicly.

Assess and monitor AI-related cyber incidents

Somai (2025)|LLM classified

Mitigation Taxonomy

2Organisation

2.3Operations & Security

2.3.3Monitoring & Logging

Runtime monitoring, observability, performance tracking, and anomaly detection in production.

Also in Operations & Security

2.3.1 Deployment Management2.3.2 Access & Security Controls2.3.4 Incident Response

Additional Informationp. 4

Stage: Detection; Stakeholder: National Government: Other Agencies; Additional information: Compute providers, national security agencies, and cybersecurity professionals could be trained to recognise LOC indicators and monitor developments in AI capabilities. Cloud providers could incorporate real-time compute monitoring and verification to flag high-risk users. Enhancing the information flow between AI developers, compute providers and governments on AI R&D would also improve detection. Governments should consider requiring developers to track and report key metrics, such as compute usage for AI R&D, as well as to disclose extreme capabilities to AISIs (Mikton 2024).

LLM Classification Details

Reasoning

National government monitors AI-related cyber incidents at runtime to detect threats and anomalies.

Code: 2.3.3Version: v0.6Classified: Jan 27, 2026

Other mitigations from Somai (2025) (38)

Monitor critical capability levels

2.2.2 Testing & Evaluation

Lifecycle:Other (multiple stages)Actor:DeveloperAIRM:Measure

Identify early warning signs and emergent capabilities

2.2.1 Risk Assessment

Lifecycle:Build and Use ModelActor:DeveloperAIRM:Measure

Establish standardised benchmarks and reporting

3.2.1 Benchmarks & Evaluation

Lifecycle:Verify and ValidateActor:DeveloperAIRM:Measure

Implement compute monitoring and anomaly detection

1.2.3 Monitoring & Detection

Lifecycle:Other (multiple stages)Actor:Infrastructure ProviderAIRM:Measure

Enhance hardware and supply chain oversight

2.3.3 Monitoring & Logging

Lifecycle:Other (stage not listed)Actor:Infrastructure ProviderAIRM:Govern

Lead efforts to establish shared criteria for AI LOC

3.2.2 Technical Standards

Lifecycle:Plan and DesignActor:Governance ActorAIRM:Govern

View all 38 mitigations from this source →

Source Document

Strengthening Emergency Preparedness and Response for AI Loss of Control Incidents

Somani, Elika; Friedman, Anjay; Wu, Henry; Lu, Marianne; Byrd, Christopher; van Soest, Henri; Zakaria, Sana (2025)

As artificial intelligence (AI) systems become increasingly embedded in essential infrastructure and services, the risks associated with unintended failures rise. Developing comprehensive emergency response protocols could help mitigate these significant risks. This report focuses on understanding and addressing AI loss of control (LOC) scenarios where human oversight fails to adequately constrain an autonomous, general-purpose AI.

View source DOI: 10.7249/RRA3847-1

Classification

AI Lifecycle Stage

Other (multiple stages)

Applies across multiple lifecycle stages

Responsible Actor

Governance Actor

Regulator, standards body, or oversight entity shaping AI policy

NIST AI RMF Function

Measure

Quantifying, testing, and monitoring identified AI risks

Manage