Tracking AI’s Blind Spots: A New Approach to Incident Analysis

by

Author: Denis Avetisyan

A novel framework adapts public health surveillance methods to move beyond simple incident counts and understand the underlying dynamics of AI-related risks.

AI incident management proceeds through distinct phases-spanning prevention, detection, response, and learning-each requiring tailored governance measures to ensure responsible and effective handling.
AI incident management proceeds through distinct phases-spanning prevention, detection, response, and learning-each requiring tailored governance measures to ensure responsible and effective handling.

This paper proposes a phase-based modeling approach, leveraging time series analysis and state-space models, to improve AI incident monitoring and inform proactive governance strategies.

Despite the increasing deployment of artificial intelligence systems across critical sectors, current incident databases struggle to translate event counts into actionable risk assessments. This limitation motivates ‘AI Incident Monitoring through a Public Health Lens’, which proposes a novel phase-based modeling approach, inspired by epidemiological surveillance, to move beyond simple incident reporting. By adapting public health principles, the work demonstrates how expert panels can combine incident data, statistical tools, and domain expertise to determine incident phases and ultimately inform proactive AI governance. Could this framework offer a pathway towards a more nuanced and effective understanding of-and response to-emerging AI-related risks?

Navigating the Evolving Landscape of AI Incidents

The increasing prevalence of artificial intelligence necessitates robust incident reporting, yet current methodologies are proving inadequate for both categorization and proactive risk anticipation. As AI systems become integrated into more facets of daily life – from autonomous vehicles to medical diagnoses – the potential for novel failures expands exponentially. Existing frameworks, often adapted from traditional software or engineering safety protocols, struggle to capture the unique characteristics of AI-driven incidents, such as those stemming from biased datasets, emergent behaviors, or adversarial attacks. This lack of specificity hinders effective analysis, making it difficult to discern patterns, predict future occurrences, and implement preventative measures, ultimately creating a growing gap between deployment and responsible governance of these increasingly powerful technologies.

Conventional risk assessment methodologies frequently prove insufficient when applied to artificial intelligence incidents due to a lack of detailed analysis throughout the incident’s progression. These established frameworks typically focus on static evaluations, failing to capture the dynamic and iterative nature of AI failures – from initial development flaws and deployment vulnerabilities to unexpected emergent behaviors and long-term societal impacts. This limited granularity hinders proactive governance, preventing timely intervention and effective mitigation strategies; instead, responses often become reactive, addressing symptoms rather than underlying causes. Consequently, organizations struggle to anticipate future incidents, adapt to evolving risks, and establish robust safety protocols, ultimately impeding the responsible development and deployment of AI systems.

Understanding the nature of AI incidents requires differentiating between those that are entirely new, those that are increasing in frequency, and those that represent persistent, baseline risks; however, current data presents a significant challenge to this categorization. Recent analysis demonstrates a negligible correlation – a mere 0.062 agreement – between incidents reported for AI systems and those documented in traditional vehicle collision data. This disconnect underscores a critical need for dedicated, AI-specific risk assessment frameworks that move beyond established safety metrics and address the unique failure modes and emergent behaviors characteristic of artificial intelligence, allowing for targeted mitigation strategies and proactive governance rather than reactive responses to unforeseen issues.

Analysis of AIID incidents and DMV collisions between 2019-2025 using PELT changepoint detection reveals differing regime shifts, with only some detected in media reports (AIID) aligning with those from mandatory reporting (DMV), indicating that model-centric analysis can miss critical governance-relevant changes.
Analysis of AIID incidents and DMV collisions between 2019-2025 using PELT changepoint detection reveals differing regime shifts, with only some detected in media reports (AIID) aligning with those from mandatory reporting (DMV), indicating that model-centric analysis can miss critical governance-relevant changes.

A Phased Approach to Incident Understanding

The Phase-Based Framework categorizes AI incidents according to their developmental stage – rare, expanding, or endemic – to facilitate a more granular assessment of systemic risk. A “rare” incident represents an isolated event with limited impact. An “expanding” incident demonstrates a growing frequency or severity, signaling a potential escalation of risk. An “endemic” incident is characterized by widespread occurrence and persistent impact, indicating a systemic failure or vulnerability. This categorization allows for targeted risk mitigation strategies based on the incident’s current phase, moving beyond simple incident counts to a more nuanced understanding of the overall risk landscape.

Latent-State Modeling (LSM) is employed within the framework to dynamically assess the current phase of an AI incident – rare, expanding, or endemic – based on observed incident data. LSM functions by identifying hidden or unobservable states representing these phases and inferring the most probable phase based on patterns in reported incidents, system logs, and related telemetry. This probabilistic approach enables early detection of incidents transitioning from rare occurrences to expanding threats, and ultimately to endemic states where mitigation becomes significantly more challenging. The model’s output provides actionable intelligence for prioritizing resources and implementing preventative measures before an incident escalates, thereby improving overall system resilience.

The proposed framework utilizes standardized risk metrics to facilitate comparative analysis of incident severity, irrespective of the AI system or deployment scale. These metrics allow for consistent evaluation across diverse applications and organizational contexts. Specifically, for deepfake incidents, a transition to an endemic and unmitigated state is quantitatively defined by a +0.43σ change in the calculated risk score. This threshold provides an objective indicator for escalating mitigation efforts and resource allocation when deepfake-related incidents reach a critical, widespread level of impact. The standardized approach ensures consistent interpretation and response, improving overall AI safety and reliability.

Analysis of deepfake incidents from 2017 to 2025 reveals an initial dormant period followed by 43 consecutive months of widespread, unmitigated activity coinciding with key repository releases like Roop and FaceFusion.
Analysis of deepfake incidents from 2017 to 2025 reveals an initial dormant period followed by 43 consecutive months of widespread, unmitigated activity coinciding with key repository releases like Roop and FaceFusion.

Refining Analysis: Addressing Systemic Biases

Reporting-delay represents a systematic bias in incident analysis where the time elapsed between an event’s occurrence and its formal reporting introduces inaccuracies. This delay isn’t random; certain incident types or those affecting specific user demographics may experience longer reporting lags. Consequently, analyses based on raw, uncorrected incident reports can underestimate the prevalence of quickly-reported incidents and overestimate the persistence of older issues. To mitigate this, statistical methods such as survival analysis or time-to-event modeling are employed to account for the probability of an incident remaining unreported over time, providing a more accurate representation of true risk levels and enabling more effective resource allocation for incident prevention and mitigation.

Exposure normalization is a critical step in incident analysis due to the widely varying deployment scales of AI systems; a system deployed to millions of users will inherently have a higher potential for incidents than one used by a small, internal team. To facilitate meaningful comparisons of incident rates across different systems, raw incident counts must be adjusted to reflect the relative exposure of each system. This adjustment typically involves calculating incidents per unit of exposure – such as incidents per 1,000 active users, or incidents per million requests processed – providing a standardized metric for assessing risk irrespective of scale. Failing to normalize for exposure can lead to misinterpretations, where systems with larger deployments are incorrectly perceived as being less safe, or vice versa, obscuring genuine differences in underlying risk profiles.

Media Adjustment techniques address the potential for biased incident reporting caused by disproportionate media coverage of specific events. These techniques typically involve weighting reported incidents based on the volume of related media mentions; incidents receiving significant coverage are down-weighted to reduce their influence on overall risk assessments. This approach aims to separate genuine increases in incident occurrence from increases in reporting due to media attention, providing a more accurate estimation of underlying risk levels. Statistical methods employed often include regression models that control for media exposure as a confounding variable, allowing for a clearer understanding of incident trends independent of media influence.

Negative Binomial Generalized Linear Models (GLM) are particularly suited for analyzing incident count data related to specific content types, such as deepfakes, which often exhibit overdispersion relative to Poisson distributions. Analysis utilizing this model has demonstrated that platform-level governance interventions targeting deepfake content result in a statistically significant reduction in risk, measured at -1.78 standard deviations (σ). This reduction was determined with a false discovery rate (pFDR) of 0.002, indicating a low probability of a false positive result and supporting the efficacy of these interventions in mitigating risk associated with deepfake incidents.

Despite consistent raw incident counts, the declining incident rate per autonomous mile driven (Dec 2020 - Nov 2024) demonstrates that increasing deployment scale, rather than decreasing safety, explains observed incident volumes.
Despite consistent raw incident counts, the declining incident rate per autonomous mile driven (Dec 2020 – Nov 2024) demonstrates that increasing deployment scale, rather than decreasing safety, explains observed incident volumes.

From Reaction to Anticipation: Proactive Governance

Organizations are increasingly leveraging Bayesian Structural Time Series models to anticipate shifts in AI incident patterns, moving beyond simply reacting to problems as they arise. These models dissect complex time-series data – such as the frequency and types of AI failures – to identify underlying trends, seasonality, and even the impact of external factors. When integrated with a robust Phase-Based Framework, this forecasting capability allows for the proactive identification of emerging risks before they escalate. By predicting potential incident hotspots, resources can be strategically allocated, preventative measures implemented, and overall system resilience strengthened. This approach not only minimizes the impact of AI failures but also supports continuous improvement by providing data-driven insights into areas requiring focused attention and investment, ultimately fostering a more dependable and trustworthy AI ecosystem.

Hawkes processes represent a sophisticated statistical methodology for analyzing events that trigger further events, proving particularly insightful when modeling complex, interconnected systems. Unlike traditional models that assume independence, a Hawkes process accounts for the probability of an event occurring not only based on its inherent likelihood, but also influenced by the rate of previous events – a self-exciting characteristic. This capability is crucial for identifying cascading failures, where an initial incident precipitates a series of subsequent issues, or for detecting emerging vulnerabilities in AI systems. By quantifying the degree to which one event influences others, organizations can anticipate and mitigate potential risks before they escalate, effectively moving from reactive incident response to predictive risk management. The model’s ability to discern patterns of excitation offers a powerful lens through which to understand system dynamics and bolster the resilience of increasingly complex AI deployments.

Effective AI Governance extends beyond initial deployment, necessitating continuous Post-Market Monitoring to ensure sustained safety and reliability. This framework facilitates a dynamic feedback loop, where real-world AI system performance is systematically observed and analyzed, identifying previously unforeseen issues or emergent vulnerabilities. The collected data informs iterative improvements to the AI model, algorithms, and operational protocols, allowing organizations to refine their systems proactively. This process isn’t simply about correcting errors; it’s about fostering a culture of continuous learning and adaptation, ultimately strengthening the AI’s resilience and aligning its behavior with evolving ethical standards and societal expectations. By embracing this proactive approach, organizations can move beyond compliance and cultivate genuinely trustworthy AI systems.

The convergence of Bayesian Structural Time Series, Hawkes Processes, and continuous Post-Market Monitoring fundamentally shifts AI risk management from a posture of reaction to one of anticipation. Instead of solely addressing incidents as they arise, organizations can leverage these combined methodologies to forecast potential vulnerabilities and cascading failures before they manifest. This proactive stance fosters a resilient AI ecosystem, enabling iterative improvements informed by continuous feedback and predictive insights. By identifying emerging risks and anticipating future trends, organizations not only minimize potential harm but also cultivate trust and ensure the sustained, responsible deployment of artificial intelligence – ultimately moving beyond damage control towards a future of preventative governance.

Analysis of autonomous vehicle (AV) incidents from 2015-2025 reveals a recurring pattern of rapid expansion of safety concerns (pink and dark red) following major incidents-such as those involving Tesla, Uber, and Cruise-followed by a return to baseline safety levels (grey).
Analysis of autonomous vehicle (AV) incidents from 2015-2025 reveals a recurring pattern of rapid expansion of safety concerns (pink and dark red) following major incidents-such as those involving Tesla, Uber, and Cruise-followed by a return to baseline safety levels (grey).

The pursuit of robust AI governance, as outlined in this work, often falls prey to unnecessary complexity. Systems are built to detect incidents, yes, but frequently these become elaborate constructions, masking a fundamental lack of understanding about the dynamics of risk. One recalls Linus Torvalds’ observation: “Most developers think lots of features mean a better product. That’s a fallacy.” This paper’s adaptation of public health methodologies – moving beyond simple incident counts to a phase-based model – demonstrates a welcome maturity. It suggests that true progress lies not in adding more layers of detection, but in stripping away the superfluous to reveal the underlying state – a simplification that allows for genuinely proactive risk assessment.

Further Refinements

The application of phase modeling, borrowed from epidemiological surveillance, offers a structured, if not entirely novel, approach to AI incident analysis. The utility of this methodology rests on the fidelity of incident reporting – a dependence currently predicated on voluntary disclosures and nascent regulatory frameworks. A critical next step involves developing standardized, quantifiable metrics for ‘incident severity’ and ‘system state’, moving beyond categorical labels to continuous variables amenable to rigorous statistical analysis. Absent such standardization, the predictive power of these models remains largely theoretical.

A persistent limitation lies in the inherent opacity of complex AI systems. Phase models, while adept at identifying patterns of incident escalation, offer limited insight into causal mechanisms. Future work should explore integrating these models with techniques for explainable AI (XAI), attempting to correlate incident phases with specific system behaviors or algorithmic vulnerabilities. The premise, however, is that detailed understanding is not always necessary; early warning, even without complete causal knowledge, remains a pragmatic advantage.

Ultimately, the efficacy of this approach, like all attempts at proactive governance, will be judged not by the elegance of the models, but by the reduction in real-world harm. The pursuit of ‘AI safety’ frequently resembles a search for absolute certainty, a fundamentally irrational endeavor. A more honest, and arguably more effective, strategy acknowledges the inevitability of failure and focuses on minimizing its consequences. Clarity, in this context, is not compassion for cognition, but a necessary condition for damage control.

Original article: https://arxiv.org/pdf/2604.19914.pdf

Contact the author: https://www.linkedin.com/in/avetisyan/

See also:

2026-04-23 09:02