Risk
Absence of AI-Specific Incident Response Plan
Description
The organization lacks a documented, role-based, and regularly tested IR playbook for AI incidents, delaying containment and recovery efforts
Example
A prompt-leak alert fires in production; without an AI IR playbook the SOC canβt identify owners and legal review stalls
Assets Affected
AI Policy
AI platform
App Usage log
Model files
Model Response
Mitigation
- Establish and maintain an AI-specific IR plan aligned with enterprise IR
- Define AI incident severity levels, owners, and escalation paths
- Integrate AI attack scenarios into tabletop exercises
- Automate evidence capture at alert time; ensure tamper-evident storage
- Review and update the plan after each AI incident or major change
Standards Mapping
- ISO 42001: A.6.1.3, A.5.3
- NIST AI RMF: MANAGE 4.1, GOVERN 4.3
- DAST v2: PLATFORM 12.3