{
 "reviewed": "2026-07-15",
 "disclosure": "ALLinAI 編輯初步分流資料，不是法定事故分級、資安事件認定、個資外洩通知判斷、法律意見或完整 incident response plan；請接進組織既有事件流程。",
 "categories": {
  "output": "輸出與決策",
  "data": "資料與隱私",
  "security": "攻擊與濫用",
  "actions": "Agent 與外部動作",
  "operations": "營運與供應鏈",
  "people": "人工與受影響者"
 },
 "systems": {
  "generation": "文字生成",
  "rag": "RAG 知識庫",
  "extraction": "擷取／結構化",
  "classification": "分類／預測",
  "agent": "AI Agent"
 },
 "attention": {
  "immediate": "立即處理",
  "prompt": "儘速處理",
  "review": "調查與追蹤"
 },
 "sources": {
  "nist_rmf": "https://airc.nist.gov/airmf-resources/airmf/5-sec-core/",
  "nist_playbook": "https://airc.nist.gov/airmf-resources/playbook/govern/",
  "nist_sp800_61r3": "https://csrc.nist.gov/pubs/sp/800/61/r3/final",
  "nist_ai800_4": "https://www.nist.gov/news-events/news/2026/03/new-report-challenges-monitoring-deployed-ai-systems",
  "owasp_incident": "https://genai.owasp.org/resource/genai-incident-response-guide-1-0/",
  "cisa_secure_ai": "https://www.cisa.gov/news-events/alerts/2023/11/26/cisa-and-uk-ncsc-unveil-joint-guidelines-secure-ai-system-development"
 },
 "incidents": [
  {
   "slug": "unsupported-critical-claim",
   "category": "output",
   "systems": [
    "generation",
    "rag",
    "agent"
   ],
   "attention": "immediate",
   "name": "重大主張無依據或引用不支持",
   "signal": "系統對權益、安全、金額或正式規則給出錯誤主張，引用不存在或無法支持。",
   "first_actions": "停止把同類輸出送入正式決策；確認受影響版本、時間、工作與使用者。",
   "preserve": "原始輸入、完整輸出、檢索候選與引用段落、模型／提示／索引版本、人工判斷。",
   "contain": "暫時關閉該用途、改為只顯示來源或全面人工覆核，避免繼續擴散。",
   "recovery": "以標準來源重建案例，修正後逐題重測並確認已使用錯誤結果是否要更正。",
   "people": "業務 Owner、內容／法務、ML／工程、客服"
  },
  {
   "slug": "wrong-classification-routing",
   "category": "output",
   "systems": [
    "classification",
    "agent"
   ],
   "attention": "immediate",
   "name": "錯誤分類造成高影響路由",
   "signal": "案件被分到錯誤資格、風險、優先度或處理隊列，並可能影響權益。",
   "first_actions": "停止自動採用或路由；圈定類別、門檻、時間與受影響案件。",
   "preserve": "輸入、預期／實際標籤、分數、規則、人工覆核、下游處理與版本。",
   "contain": "切人工或回復核准規則；高影響類別 fail closed。",
   "recovery": "更正正式案件、通知負責單位，補邊界與申訴案例後再開自動化。",
   "people": "業務 Owner、資料／ML、法務／合規、客服"
  },
  {
   "slug": "extraction-field-corruption",
   "category": "output",
   "systems": [
    "extraction",
    "agent"
   ],
   "attention": "prompt",
   "name": "擷取欄位錯置、漏值或數字損壞",
   "signal": "文件中的姓名、日期、金額、單位或代碼被放錯欄位或靜默改值。",
   "first_actions": "停止下游批次寫入；確認 schema、解析器、文件類型與受影響批次。",
   "preserve": "原文件、OCR／解析中間結果、欄位輸出、驗證錯誤、下游寫入與版本。",
   "contain": "退回人工複核或上一版解析器；凍結未確認批次。",
   "recovery": "修正錯誤資料、補格式與邊界 golden cases，再以抽樣及欄位規則驗收。",
   "people": "資料 Owner、工程、業務使用者、品質"
  },
  {
   "slug": "stale-or-conflicting-answer",
   "category": "output",
   "systems": [
    "rag",
    "generation",
    "agent"
   ],
   "attention": "prompt",
   "name": "使用過期或互相衝突的規則",
   "signal": "回答引用舊版文件、混合不同生效日，或沒有揭露來源衝突。",
   "first_actions": "標示受影響答案不可再用；確認文件版本、生效日與索引批次。",
   "preserve": "新舊來源、metadata、檢索排名、回答、引用、文件與索引版本。",
   "contain": "下架舊文件、限縮日期範圍或切回核准索引；衝突時轉人工。",
   "recovery": "以新舊版本衝突案例重測，修正已傳遞的錯誤資訊並更新 owner 流程。",
   "people": "內容 Owner、資料／ML、法務／合規、客服"
  },
  {
   "slug": "sensitive-data-output",
   "category": "data",
   "systems": [
    "generation",
    "rag",
    "extraction",
    "classification",
    "agent"
   ],
   "attention": "immediate",
   "name": "輸出敏感資料、個資或秘密",
   "signal": "回應、下載、工具參數或畫面出現不應揭露的個資、商業機密或憑證。",
   "first_actions": "立即停止相關功能與分享；啟動既有資安／隱私事件流程，由有權者判斷通知義務。",
   "preserve": "最小必要的輸入輸出、存取身分、時間、版本、資料來源與外傳範圍；避免在事故群組重貼秘密。",
   "contain": "撤權、停用連結／憑證、隔離快取與日誌、阻止持續外傳。",
   "recovery": "確認清除與輪替、修正權限／遮罩、重測後由隱私與資安角色決定恢復。",
   "people": "事件指揮、資安、隱私／法務、資料 Owner"
  },
  {
   "slug": "cross-tenant-access",
   "category": "data",
   "systems": [
    "rag",
    "agent"
   ],
   "attention": "immediate",
   "name": "跨角色、部門或租戶資料存取",
   "signal": "未授權身分看到另一角色、客戶或租戶的內容、文件名稱或存在性。",
   "first_actions": "停止受影響檢索／工具並撤回新權限；圈定身分、資源與時間窗。",
   "preserve": "身分與角色、ACL、查詢、候選文件、引用、快取、日誌與設定版本。",
   "contain": "在檢索前強制權限、隔離租戶快取，必要時全面停用相關索引。",
   "recovery": "測跨角色、撤權後存取與錯誤訊息；由資安／隱私確認影響與恢復。",
   "people": "IAM、資安、資料 Owner、平台、隱私"
  },
  {
   "slug": "sensitive-trace-or-log",
   "category": "data",
   "systems": [
    "generation",
    "rag",
    "extraction",
    "classification",
    "agent"
   ],
   "attention": "immediate",
   "name": "Trace、日誌或評測資料保存敏感內容",
   "signal": "監控、除錯、評測或供應商 trace 保存了超出必要範圍的輸入、秘密或個資。",
   "first_actions": "停止新增不必要紀錄；限制存取並確認複本、轉送與保存位置。",
   "preserve": "欄位設定、樣本、保存期間、存取／轉送紀錄、供應商設定與資料流。",
   "contain": "遮罩、刪除或隔離受影響資料，停用不必要 trace 欄位與外部傳送。",
   "recovery": "驗證新資料不再寫入、既有資料依程序處理，更新最小必要與保存規則。",
   "people": "平台、資安、隱私、供應商 Owner"
  },
  {
   "slug": "retention-or-purpose-mismatch",
   "category": "data",
   "systems": [
    "generation",
    "rag",
    "extraction",
    "classification",
    "agent"
   ],
   "attention": "prompt",
   "name": "保存、訓練使用或處理目的不符核准",
   "signal": "供應商或內部設定讓資料保存更久、用於不同目的或進入未核准區域。",
   "first_actions": "停止新增資料流；取得實際設定與契約，由隱私／法務判定影響。",
   "preserve": "資料類型、目的、設定快照、契約、子處理者、區域、時間與受影響範圍。",
   "contain": "回復核准設定、切換不留存端點或停用該供應商流程。",
   "recovery": "確認供應商處理與刪除結果，更新資料流、審查與定期設定驗證。",
   "people": "隱私／法務、採購、資安、平台"
  },
  {
   "slug": "direct-prompt-injection",
   "category": "security",
   "systems": [
    "generation",
    "rag",
    "agent"
   ],
   "attention": "immediate",
   "name": "直接提示注入造成規則繞過",
   "signal": "使用者輸入讓系統忽略政策、透露內部內容或執行未允許任務。",
   "first_actions": "停止受影響用途或工具；保存測試字串與完整軌跡，不公開可重現秘密。",
   "preserve": "原始輸入、系統輸出、政策與 prompt 版本、攔截結果、工具呼叫與外部狀態。",
   "contain": "停用高風險工具、降低權限、增加確定性阻斷並限制來源。",
   "recovery": "補同類與變體案例，驗證不是只擋單一字串，再逐步恢復。",
   "people": "資安、Agent／ML 工程、工具 Owner"
  },
  {
   "slug": "indirect-injection",
   "category": "security",
   "systems": [
    "rag",
    "agent"
   ],
   "attention": "immediate",
   "name": "文件、網頁或郵件中的間接注入",
   "signal": "AI 將外部內容中的惡意文字當成指令，改變任務、收件人、工具或資料流。",
   "first_actions": "停止讀取該來源與外部動作；隔離惡意內容並確認已處理的其他文件。",
   "preserve": "原內容、取得方式、檢索結果、工具軌跡、目的地、權限與外部狀態。",
   "contain": "將不可信內容視為資料、限制工具與目的地、要求人工批准。",
   "recovery": "對不同載體與編碼重測，檢查同來源歷史內容及已執行副作用。",
   "people": "資安、資料／內容 Owner、Agent 工程、工具 Owner"
  },
  {
   "slug": "secret-or-system-prompt-exposure",
   "category": "security",
   "systems": [
    "generation",
    "rag",
    "agent"
   ],
   "attention": "immediate",
   "name": "秘密、內部提示或安全設定外洩",
   "signal": "輸出出現 API key、憑證、內部 prompt、連線字串或可利用的安全設定。",
   "first_actions": "撤銷／輪替真正秘密並停止洩漏路徑；不要只刪除畫面或對話。",
   "preserve": "最小必要輸出、秘密類型、可存取範圍、使用紀錄、版本與外傳位置。",
   "contain": "移除 prompt／知識庫中的秘密，改用受管秘密參照並收斂日誌。",
   "recovery": "驗證舊秘密失效、搜尋其他複本、重測輸出與存取控制。",
   "people": "資安、平台、秘密 Owner、工程"
  },
  {
   "slug": "model-or-tool-misuse",
   "category": "security",
   "systems": [
    "generation",
    "agent"
   ],
   "attention": "prompt",
   "name": "模型或工具被大量濫用",
   "signal": "出現自動化攻擊、異常大量請求、規避限制、帳號接管或高成本濫用。",
   "first_actions": "套用限流、停用受影響帳號／工具並保留可疑時間線；確認是否仍在進行。",
   "preserve": "請求 metadata、身分、速率、模型／工具、成本、拒絕與外部狀態；依政策最小化保存。",
   "contain": "收斂權限、配額、用途與目的地，阻擋重複模式但避免只靠單一特徵。",
   "recovery": "驗證正常使用不被過度阻擋，追蹤新變體並更新監控與 runbook。",
   "people": "資安、平台、產品、成本 Owner"
  },
  {
   "slug": "unauthorized-external-action",
   "category": "actions",
   "systems": [
    "agent"
   ],
   "attention": "immediate",
   "name": "Agent 未經批准寄送、寫入、刪除或付款",
   "signal": "外部系統出現使用者未確認或超出政策的真實動作。",
   "first_actions": "立即停用動作能力與憑證；確認哪些動作已完成、可取消或需人工補償。",
   "preserve": "批准狀態、逐次工具呼叫、參數、idempotency key、外部狀態與身分。",
   "contain": "降為 dry-run／read-only、撤權，所有高影響動作改成人工明確批准。",
   "recovery": "取消／回復／補償已執行動作，重測未批准、拒絕、逾時與撤回。",
   "people": "事件指揮、工具 Owner、資安、業務／財務"
  },
  {
   "slug": "duplicate-side-effect",
   "category": "actions",
   "systems": [
    "agent"
   ],
   "attention": "immediate",
   "name": "逾時或重試造成重複副作用",
   "signal": "同一任務重複寄送、建立、扣款、寫入或刪除，常發生在回應遺失後。",
   "first_actions": "停止重試與相關 queue；依唯一業務鍵盤點重複項目。",
   "preserve": "idempotency key、請求／回應、重試、queue、外部紀錄、時間與版本。",
   "contain": "啟用冪等鍵、去重與交易／補償控制，不能確認狀態時先轉人工。",
   "recovery": "修正重複資料或款項，測逾時、回應遺失、重送與並發。",
   "people": "工具 Owner、平台、業務／財務、客服"
  },
  {
   "slug": "partial-action-state",
   "category": "actions",
   "systems": [
    "agent"
   ],
   "attention": "immediate",
   "name": "多步驟流程部分成功且狀態不一致",
   "signal": "前幾步已寫入，後續失敗，但系統回報整體成功或無法判斷。",
   "first_actions": "停止繼續流程；逐步確認外部狀態，不用模型文字推測是否成功。",
   "preserve": "工作流步驟、每次呼叫、回應、外部前後狀態、補償與人工決定。",
   "contain": "凍結案件、禁止自動重跑，依核准補償或完成剩餘步驟。",
   "recovery": "建立狀態機與可重入點，測部分成功、補償失敗與人工接管。",
   "people": "工作流 Owner、平台、業務、資安"
  },
  {
   "slug": "runaway-loop-cost",
   "category": "actions",
   "systems": [
    "agent"
   ],
   "attention": "immediate",
   "name": "Agent 迴圈、工具風暴或成本失控",
   "signal": "Agent 重複規劃／呼叫、超出步數、配額或預算，且沒有安全停止。",
   "first_actions": "終止執行、撤回工具權限或功能旗標；確認外部副作用與成本。",
   "preserve": "完整 trace、步數、token／呼叫、工具結果、停止原因、外部狀態與成本。",
   "contain": "設定步數、時間、成本與工具次數上限；重複狀態觸發人工接管。",
   "recovery": "用循環、空結果、錯誤重試與停止案例重測，確認監控可及時告警。",
   "people": "平台、Agent 工程、成本 Owner、工具 Owner"
  },
  {
   "slug": "availability-latency",
   "category": "operations",
   "systems": [
    "generation",
    "rag",
    "extraction",
    "classification",
    "agent"
   ],
   "attention": "prompt",
   "name": "服務中斷、延遲或有效成功率下降",
   "signal": "錯誤率、P95／P99、queue 或 timeout 上升，使用者無法完成正式工作。",
   "first_actions": "確認是否仍在進行、受影響路由與依賴；啟用核准降級或人工流程。",
   "preserve": "時間線、請求量、狀態碼、延遲、重試、依賴、版本與使用者影響。",
   "contain": "限流、降級、切備援或暫停非必要流量，避免重試放大。",
   "recovery": "恢復後驗證有效成果而非只有 HTTP 200，追蹤尾端延遲與積壓。",
   "people": "SRE／平台、產品、供應商 Owner"
  },
  {
   "slug": "performance-drift",
   "category": "operations",
   "systems": [
    "generation",
    "rag",
    "extraction",
    "classification",
    "agent"
   ],
   "attention": "review",
   "name": "品質、分布或行為逐步漂移",
   "signal": "成功率、人工修正、拒答、引用或特定族群表現持續偏離基準。",
   "first_actions": "確認指標定義與資料是否變更；按版本、族群、工作與時間分群。",
   "preserve": "基準、逐期指標、樣本、分母、輸入分布、模型／資料／提示版本與人工回饋。",
   "contain": "限縮受影響用途、回前一核准版本或提高人工覆核。",
   "recovery": "補代表案例、找出驅動因子並驗證修復，不能只調整告警門檻。",
   "people": "產品、資料分析、ML、業務 Owner"
  },
  {
   "slug": "vendor-dependency-change",
   "category": "operations",
   "systems": [
    "generation",
    "rag",
    "extraction",
    "classification",
    "agent"
   ],
   "attention": "prompt",
   "name": "供應商、模型或相依服務未預期變更",
   "signal": "端點、模型別名、限制、資料處理、錯誤碼或輸出行為未經內部發布即改變。",
   "first_actions": "固定實際版本與時間線；停止假定別名或狀態頁等於正式相容保證。",
   "preserve": "供應商公告、契約／設定、請求回應、模型身分、測試差異與依賴鏈。",
   "contain": "切到核准固定版本／備援，或限縮功能並對使用者顯示降級。",
   "recovery": "重跑供應商變更集與契約測試，更新監控、清冊與採購風險。",
   "people": "供應商 Owner、平台、採購／法務、產品"
  },
  {
   "slug": "monitoring-blind-spot",
   "category": "operations",
   "systems": [
    "generation",
    "rag",
    "extraction",
    "classification",
    "agent"
   ],
   "attention": "review",
   "name": "監控、告警或追蹤缺口延誤發現",
   "signal": "事故由使用者先發現、告警沒送達、trace 缺欄或儀表板平均掩蓋少數重大錯誤。",
   "first_actions": "不要先刪除缺陷證據；確認缺口期間、受影響範圍與可替代資料。",
   "preserve": "告警規則、路由、trace 欄位、儀表板、使用者回報與時間線。",
   "contain": "補最小必要偵測與人工回報入口，對重大條件建立確定性告警。",
   "recovery": "用合成事故驗證端到端送達、接手、停止與記錄，追蹤誤報／漏報。",
   "people": "SRE／平台、品質、風險 Owner、客服"
  },
  {
   "slug": "automation-bias-harm",
   "category": "people",
   "systems": [
    "generation",
    "classification",
    "agent"
   ],
   "attention": "immediate",
   "name": "人員錯誤採納 AI 建議造成影響",
   "signal": "使用者把 AI 結果當正式決定，沒有查證、覆核或理解限制。",
   "first_actions": "停止同類自動採用；確認受影響人、案件、決定與可否更正／申訴。",
   "preserve": "輸入輸出、介面提示、人工操作、決定時間線、訓練與申訴結果。",
   "contain": "改為明確人工決定、增加來源／不確定性與高風險阻斷。",
   "recovery": "更正結果、提供救濟，測人員是否能發現置入錯誤與理解 AI 角色。",
   "people": "業務 Owner、受影響者窗口、法務／合規、產品"
  },
  {
   "slug": "missing-notice-explanation",
   "category": "people",
   "systems": [
    "generation",
    "classification",
    "agent"
   ],
   "attention": "prompt",
   "name": "未告知 AI 角色、限制或決定依據",
   "signal": "使用者不知道正在與 AI 互動、結果如何使用，或無法取得必要說明。",
   "first_actions": "確認哪些流程、畫面與對象缺少告知，暫停高影響自動決定。",
   "preserve": "介面版本、告知文字、流程、實際結果、使用者回饋與適用政策。",
   "contain": "補清楚角色、限制、資料來源、人工聯絡與申訴入口。",
   "recovery": "以使用者測試確認看得見且看得懂，不能只檢查頁面有一行文字。",
   "people": "產品、服務設計、法務／合規、客服"
  },
  {
   "slug": "failed-escalation-or-appeal",
   "category": "people",
   "systems": [
    "classification",
    "agent",
    "generation",
    "rag"
   ],
   "attention": "immediate",
   "name": "應轉人工或申訴卻失敗",
   "signal": "高風險、低信心或使用者申訴沒有送到適任人，結果也沒有真正更正。",
   "first_actions": "改走人工通道並圈定漏轉案件；保留申訴時間線與狀態。",
   "preserve": "觸發條件、路由、收件、處理人、前後結果、通知與版本。",
   "contain": "高風險情境 fail closed，無人接手時停止自動結果生效。",
   "recovery": "完成更正與通知，測拒絕、逾時、代理、重開及結果同步。",
   "people": "業務 Owner、客服、法務／合規、產品"
  },
  {
   "slug": "disproportionate-group-impact",
   "category": "people",
   "systems": [
    "generation",
    "classification",
    "agent"
   ],
   "attention": "immediate",
   "name": "特定族群或情境出現不成比例負面影響",
   "signal": "整體指標正常，但特定語言、地區、角色或群體的錯誤、拒絕或負擔明顯增加。",
   "first_actions": "按分群停止或限縮受影響用途；確認是否有正在發生的權益影響。",
   "preserve": "分群定義、樣本、結果、基準、人工覆核、使用者回饋與限制。",
   "contain": "提高人工保障、改用非 AI 替代流程，避免用整體平均繼續放量。",
   "recovery": "與相關專家／受影響者檢視，修正並分群重測，持續追蹤工作負荷與救濟。",
   "people": "風險 Owner、領域專家、法務／合規、產品"
  }
 ]
}