Subscribe to the Non-Human & AI Identity Journal
Home Glossary Serious incident

Serious incident

← Back to Glossary
By NHI Mgmt Group Updated July 10, 2026

An event linked to AI operation that causes, or could cause, significant harm to people, rights, property, cybersecurity, public order, or national security. The term matters because it triggers escalation, investigation, and potential regulatory response.

Expanded Definition

A serious incident is more than a routine security event. In AI governance, it refers to an event linked to AI operation that causes, or could plausibly cause, significant harm to people, rights, property, cybersecurity, public order, or national security. The scope is intentionally broad because the classification is meant to trigger escalation, containment, investigation, and possible regulatory notification. Definitions vary across vendors and jurisdictions, so the practical test is not whether a model failed, but whether the AI-enabled action or decision created material harm or a credible path to harm.

For security and governance teams, the term sits at the intersection of AI risk management, incident response, and accountability. NIST’s AI Risk Management Framework is useful here because it frames how organisations govern, measure, and manage AI risk across the lifecycle. In operational terms, a serious incident can include unsafe model outputs, harmful automated decisions, exposed credentials used by an agent, or tool misuse that affects critical business processes. The most common misapplication is treating a serious incident as any model error, which occurs when teams skip harm assessment and classify low-impact defects as regulatory-grade events.

Examples and Use Cases

Implementing serious-incident handling rigorously often introduces slower triage and broader stakeholder review, requiring organisations to weigh rapid service recovery against the cost of formal escalation and evidence preservation.

  • An AI agent with tool access initiates an unauthorised transaction sequence that affects customer funds, requiring immediate containment and forensic review.
  • A chatbot handling regulated advice gives instructions that could cause physical, financial, or rights-based harm, prompting escalation under AI governance procedures.
  • A model integrated into fraud screening creates discriminatory outcomes at scale, turning a policy failure into a rights-impacting incident.
  • An autonomous workflow exposes secrets or API keys and enables secondary compromise, linking the AI event to a broader cybersecurity incident.
  • NHIMG research on The 52 NHI breaches Report shows how compromised non-human identities can translate technical access into real operational harm, which is why incident classification must include agent and service-account behaviour. That pattern is consistent with Anthropic’s first AI-orchestrated cyber espionage campaign report, where AI-enabled activity was not just unusual but operationally consequential.

Why It Matters for Security Teams

Security teams need a shared definition of serious incident because ambiguous thresholds delay containment, distort reporting, and weaken post-incident learning. In AI-heavy environments, the question is rarely whether a system behaved unexpectedly; it is whether the AI operation crossed into material harm, rights impact, or security compromise. That distinction matters for incident response, legal review, communications, and governance sign-off.

This is especially important where AI agents act with execution authority, because a failure can move from model quality issue to operational incident in seconds. NHIMG research shows that NHI governance gaps are widespread, and the same conditions that leave service accounts overprivileged also increase the blast radius of autonomous systems. The NIST AI Risk Management Framework helps teams tie incident severity to governance, measurement, and response processes rather than ad hoc judgment. Organisations typically encounter the operational reality of a serious incident only after harmful output, compromised access, or downstream impact has already occurred, at which point escalation becomes unavoidable.

Standards & Framework Alignment

This section maps relevant standards and security frameworks to the operational risks and controls described in this guidance.

OWASP Agentic AI Top 10 address the attack surface, NIST AI RMF and NIST AI 600-1 set the technical controls, and EU AI Act and NIS2 define the regulatory obligations.

FrameworkControl / ReferenceRelevance
NIST AI RMFAI RMF frames governance, measurement, and management of AI risks that can become serious incidents.
NIST AI 600-1The GenAI profile addresses operational AI risks relevant when model behavior causes serious harm.
EU AI ActThe AI Act uses high-risk and serious-risk concepts that drive reporting and governance duties.
NIS2NIS2 strengthens incident reporting expectations for significant cybersecurity events affecting services.
OWASP Agentic AI Top 10Agentic AI guidance highlights tool misuse and unsafe autonomy that can escalate into serious incidents.

Use AI RMF to define harm thresholds, escalation paths, and accountable incident review for AI systems.

NHIMG Editorial Note
Reviewed and updated by the NHIMG editorial team on July 10, 2026.
NHI Mgmt Group — the #1 independent authority on Non-Human Identity, IAM, and Agentic AI security. nhimg.org