AI-Driven Risk: Why Data Incidents Are About to Surge and What Leaders Must Do Now

By Zach Burnett, CEO at RadarFirst & Edna Conway, Board Chair, Global Chief Security & Risk Officer, and Strategic Advisor for RadarFirst

Artificial intelligence is no longer a future risk; it is an active force reshaping the data incident landscape in real time. As organizations accelerate AI adoption, they are also inheriting a new class of threats: faster, more scalable, and increasingly autonomous. The implications are clear: AI is not just a tool for productivity; it is a catalyst for data incidents.

AI Is Driving a New Wave of Data Incidents

Recent findings underscore the shift. IBM’s 2025 Cost of a Data Breach Report indicates that approximately 1 in 6 breaches now involve attackers using AI-enabled techniques, including AI-generated phishing, deepfakes, and automated social engineering. What was once emerging is now operational. And – we are just at the precipice of widespread use.

What makes this moment different is the capability. The emergence of autonomous vulnerability discovery marks a turning point. Anthropic’s Claude Mythos Preview represents a qualitative leap: AI capable of identifying and exploiting software vulnerabilities at machine scale, surfacing thousands of previously unknown zero-day flaws. As Cobun Zweifel-Keegan notes in “Claude Mythos: Rethinking Cybersecurity and AI Governance” (IAPP, April 2026), this class of frontier AI systems must increasingly be treated as high-risk technologies that require governance, oversight, and operational controls before broad deployment. Moreover, governance must be continuously orchestrated at runtime.

Project Glasswing further underscores the risk: Anthropic’s decision to test these capabilities with only a limited set of trusted partners surfaces both the power and the potential for misuse. As Cobun Zweifel-Keegan expands on this, this controlled release signals that AI systems capable of autonomous vulnerability discovery could significantly increase both the likelihood and scale of data incidents, compressing the traditional vulnerability lifecycle from months to hours.

Government response emphasizes the urgency. The U.S. Department of Defense, through DARPA’s AI Cyber Challenge, has acknowledged that AI-driven vulnerability discovery is already reshaping the threat landscape. The initiative explicitly aims to help defenders keep pace with adversaries leveraging AI in their campaigns. Addressing the new parameters of digital warfare and the unprecedented scale of critical infrastructure disruption is an imperative.

At the same time, Anthropic’s Mythos is driving real policy discussions. In The Wall Street Journal (May 7, 2026), Berber Jin and Dustin Volz report that White House officials are considering new oversight for high-risk AI models, including pre-release reviews and mandatory security evaluations. Earlier reporting (April 7, 2026) also noted restricted access to Mythos due to its ability to identify and exploit vulnerabilities at scale.

Together, these developments mark a shift in AI governance toward national security and critical infrastructure risk.

More Incidents, Greater Operational Burden

The Organization for Economic Co-operation and Development (OECD) defines an AI Incident as “an event or circumstance in which an AI system causes or contributes to harm.” In practice, this includes data exposure, security vulnerabilities, or harmful outputs that are driven or amplified by AI systems, all of which require structured detection and response.

As AI accelerates vulnerability discovery, it also compresses the timeline between exposure and exploitation. This creates a dual challenge.

First, pre-event vigilance must evolve. Traditional vulnerability management approaches cannot keep pace with AI-driven discovery. Organizations must prioritize protecting critical vulnerabilities and adopt continuous, AI-driven monitoring strategies that align with machine-speed threat dynamics.

Second, post-event management becomes exponentially more complex. The sheer volume of potential incidents, alerts, anomalies, and confirmed breaches places significant strain on observability and security operations teams. Without clear definitions of what constitutes an “incident,” organizations risk drowning in noise while missing material events.

This is where operational discipline becomes critical. Defining incident thresholds, standardizing workflows, and integrating cross-functional response mechanisms are no longer optional; they are foundational to resilience in an AI-driven environment.

The Imperative: AI Incident Response Planning

Forward-looking organizations are already responding. The Commonwealth of Virginia has introduced structured templates for AI incident response, signaling a shift toward formalized governance and repeatable processes for AI-related risk. At the same time, MIT’s AI Risk Initiative is advancing frameworks to help organizations identify, categorize, and respond to AI-specific risks throughout the AI lifecycle, from development through deployment and operation.

These efforts share a common theme: AI risk requires AI-specific response strategies. Traditional incident response plans are insufficient to address the unique characteristics of AI-driven events, namely, speed, scale, and ambiguity.

Call to Action

The path forward is clear. Organizations must:

• Build and operationalize an AI Incident Response Plan tailored to the realities of AI-driven risk,
• Invest in technology that can manage volume and complexity, transforming fragmented signals into actionable incidents, and
• Align governance, security, and privacy functions around a shared incident framework.

AI is not just increasing the likelihood of data incidents; it is redefining their nature. The organizations that succeed will be those that move beyond reactive postures and embrace an incident-first approach to their data management.

Because in the age of AI, the question is no longer if an incident will occur, but how prepared you are when it does.