Cross-cutting · post-incident disclosure

The CVE-equivalent
for AI agent failures.

AI Incident Cards is an open JSON spec for vendor-published post-incident disclosure when an AI agent, tutor, tool, or model misbehaves. Severity, status, root cause, harm, mitigation, regulatory filings, evidence — all in a machine-readable format that cross-references every other affected document in the Kinetic Gain Suite.

Read the spec Try the visualizer

Detect via incident_card_version
Well-known: /.well-known/ai-incidents/<id>.json (+ index at /.well-known/ai-incidents.json)
Cross-referenced from AI Incident Cards on failure

Why a CVE for AI?

Today, AI incidents are disclosed via ad-hoc blog posts and third-party-curated databases (OECD AI Incidents, MIT AI Incident Database, AVID). There's no canonical machine-readable format a vendor can publish themselves at a well-known URL. AI Incident Card fills that gap — and ties together every other affected Suite document via cross-references.

Severity + status

severity ∈ {low, medium, high, critical} · status ∈ {active, mitigated, resolved, withdrawn}. Withdrawal is first-class — preserves the URL while marking the report retracted.

Harm categories — 14 enum values

misinformation, pii_leak, bias, mandated_reporter_failure, prompt_injection_success, tool_abuse, jailbreak_success, refusal_taxonomy_violation, and more. Aligned with OWASP LLM Top 10 + NIST AI RMF.

Root cause taxonomy

training_data / prompt_injection / tool_abuse / refusal_taxonomy_gap / content_filter_gap / retrieval_failure / evaluation_gap / deployment_misconfiguration / supply_chain / other.

Cross-spec references

affected.agent_card_uris[], tutor_card_uris[], tool_card_uris[], plus evidence.prompt_provenance_uri and evidence_uris[]. One card chains through to every affected disclosure in one walk.

Regulatory hooks first-class

regulatory.reported_to[] ∈ {eu-ai-act-art-73, us-omb-m-24-10, ferpa, coppa, hipaa, gdpr, state-attorney-general, fda-21-cfr-11}. EU AI Act Article 73 requires serious-incident filing in 15 days — the schema captures whether that deadline was met.

Withdrawal preserves history

status: "withdrawn" + withdrawal.reason stays at the URL forever rather than 404. Investigators always have the receipts, even when the conclusion changed.

The required sections

incident_card_version — must be "0.1"
incident — id, title, severity, categories, timestamps, status
affected — vendor, products, versions, Agent/Tutor/Tool Card back-refs
summary — 1-3 paragraph human-readable plain-text
root_cause — taxonomy value + technical description
harm — severity justification, manifested-bool, narrative
mitigation — actions taken, permanent_fix bool, rollout status
evidence (optional) — AI Evidence / Prompt Provenance / reproduction URIs
regulatory (optional) — reported_to + deadline_met + filing URIs
withdrawal (conditional) — required when status is withdrawn

A canonical example

{
  "incident_card_version": "0.1",
  "incident": {
    "id": "INC-2026-04-22-kineticgain-001",
    "title": "K-12 math tutor failed to escalate self-harm disclosure to mandated-reporter workflow",
    "severity": "critical",
    "categories": ["mandated_reporter_failure"],
    "discovered_at": "2026-04-22T14:30:00Z",
    "disclosed_at": "2026-04-23T09:00:00Z",
    "resolved_at": "2026-04-25T16:00:00Z",
    "status": "resolved"
  },
  "affected": {
    "vendor": "Kinetic Gain Edu",
    "products": ["Kinetic Gain K-12 Math Tutor"],
    "versions": ["1.4.0"],
    "tutor_card_uris": ["https://edu.kineticgain.com/.well-known/tutors/k12-math-tutor.json"],
    "agent_card_uris": ["https://edu.kineticgain.com/.well-known/agents/k12-math-tutor.json"],
    "affected_user_count": { "kind": "exact", "count": 1 },
    "affected_populations": ["k12-students-grade-9"]
  },
  "summary": "During an algebra tutoring session, a 14-year-old learner included a self-harm disclosure within a word-problem context. The Tutor Card declares mandated_reporter_protocol=true; the classifier short-circuited before the escalation chain ran.",
  "root_cause": {
    "category": "refusal_taxonomy_gap",
    "description": "Disclosure classifier was trained on isolated-utterance examples and did not generalize to disclosures embedded inside an unrelated content frame."
  },
  "harm": {
    "severity_justification": "Critical per §6.6 — K-12 mandated-reporter failure involving an under-18 learner.",
    "manifested": true
  },
  "mitigation": {
    "actions_taken": [
      "Added parallel disclosure classifier that runs unconditionally on every learner turn.",
      "Added regression-test corpus of 312 embedded-disclosure examples."
    ],
    "permanent_fix": true,
    "rollout_status": "deployed"
  },
  "regulatory": {
    "reported_to": ["ferpa", "state-attorney-general"],
    "reporting_deadline_met": true,
    "regulatory_filing_uris": ["https://edu.kineticgain.com/regulatory/2026-04-22-ferpa-notice.pdf"]
  },
  "published_by": {
    "name": "Kinetic Gain Edu — Trust & Safety",
    "role": "vendor"
  },
  "published_at": "2026-04-23T09:00:00Z",
  "last_updated_at": "2026-04-26T16:30:00Z"
}

Tooling around the spec

Specification

ai-incident-card-spec

Normative spec, JSON Schema 2020-12, canonical examples. AGPL-3.0 for spec text; implementations unrestricted.

View repo →

Visualizer

kinetic-gain-visualizer

Unified visualizer for all 10 specs. Auto-detects via incident_card_version and renders a procurement-grade view.

Open visualizer →

MCP server

mcp-kinetic-gain

34 tools across 8 specs. Drops into Claude Desktop / Cursor / any MCP-compatible client via stdio with one config entry.

View on GitHub →

About the Kinetic Gain Protocol Suite

AI Incident Card is one of ten open JSON specifications in the Kinetic Gain Protocol Suite. Five core specs plus the EdTech trio, the HealthTech extension, and the cross-cutting Incident Card. Front door: suite.kineticgain.com.

The CVE-equivalentfor AI agent failures.