A pragmatic classification of AI incident trajectories
For policymakers and corporate risk managers, this framework clarifies what can and cannot be claimed from incident databases, addressing a key uncertainty in AI governance.
The paper proposes a framework to disentangle reporting propensity, deployment growth, and harm frequency in AI incident databases, enabling meaningful trajectory classification for governance. Applied to various monitoring questions, it shows that exposure estimation is essential as AI deployments increase.
Public AI incident database counts conflate changes in reporting propensity, deployment growth, and shifts in harm frequency per unit of exposure. These issues introduce significant uncertainties challenging public and corporate policy frameworks centred on realized risks. We propose a simple framework that establishes clear points of inquiry, separately estimates exposure from harm-rate trends, and then classifies into meaningful trajectory categories for governance decisions. The framework combines a structured monitoring question format (SORT) to clarify coverage decisions, a tiered estimation procedure calibrated to available evidence, and LLM-assisted incident matching against public databases. Applied to various monitoring questions, we draw conclusions regarding the monitoring ecosystem more broadly: Providing an essential interpretative classification, determining what can and cannot be claimed, and establishing that exposure estimation is required as AI deployments become increasingly common.