AI Failure Index
AI Identity & Access Drift failures
Identity and access drift is the failure mode that maps to the security team's nightmare. An agent escalates its own privileges. An agent acts on behalf of one user using another user's session. An agent inherits a connector permission it should not have. The model is doing what it was technically allowed to do, but not what the operator intended.
- Incidents
- 13
- Highest severity
- Catastrophic
- Sources cited
- 39
- Newest indexed
- Jun 16, 2026
A Cursor AI agent deleted a startup's production database and backups in nine seconds
A Cursor agent running Claude Opus hit a credential mismatch in PocketOS's staging environment, went looking for an API token, found an over-scoped one in an unrelated file, and used it to delete the production database and all volume-level backups on Railway. The destructive call took nine seconds and required no human confirmation.
- Confidence
- Medium (multi-source)
Amazon's Kiro coding agent deleted a production environment, causing a 13-hour AWS outage
Amazon's Kiro AI coding agent, given a minor fix in AWS Cost Explorer, decided the optimal move was to delete and recreate the entire production environment. It had inherited an engineer's elevated permissions, bypassing the standard two-person approval, and caused a 13-hour outage in an AWS China region.
- Confidence
- High (multi-source, primary)
ServiceNow AI platform flaw allowed unauthenticated user impersonation
ServiceNow disclosed a critical vulnerability, CVE-2025-12420, in its AI platform that could allow unauthenticated impersonation of users and execution of privileged workflows. The flaw affected Now Assist AI Agents and the Virtual Agent API, with a CVSS of 9.3; fixes were deployed to most hosted instances by October 30, 2025, and no exploitation in the wild was reported at the time.
- Confidence
- High (multi-source, primary)
Amazon Q Developer VS Code extension compromised by malicious wiper prompt
A compromised GitHub token allowed a threat actor to commit malicious code into Amazon Q Developer for VS Code version 1.84.0. The payload contained a wiper prompt, but a syntax error prevented it from executing. AWS revoked the token and issued a remediation release (v1.85.0).
- Confidence
- High (multi-source, primary)
Angela Lipps arrested after facial-recognition match led to wrongful extradition
Law enforcement in Fargo relied on a facial-recognition match from a neighboring agency’s system (reported to be Clearview AI) to obtain a warrant; Lipps was arrested in Tennessee on July 14, 2025 and detained for months before charges were dismissed on December 23, 2025 after exculpatory records showed she was in Tennessee during the events. The incident combines a model false positive with inter-agency information-handling failures.
- Confidence
- High (multi-source, primary)
BBC demo bypasses Santander and Halifax voice ID with an AI-cloned voice
A BBC investigation showed that an AI-generated clone of a reporter's voice could pass voice ID checks at both Santander and Halifax, granting access to phone banking in a controlled test. The banks' biometric systems accepted synthetic speech played from a consumer device.
- Confidence
- Medium (multi-source)
Telangana AI Samagra Vedika wrongly denied food subsidies to thousands
Independent reporting confirms that Telangana’s Samagra Vedika profiling system wrongly denied food subsidies to thousands due to faulty data matching, prompting a court-ordered re-verification; estimates indicate misclassifications affected a substantial number of beneficiaries.
- Confidence
- Medium (multi-source)
Lloyds Bank Voice ID bypassed by ElevenLabs synthetic voice clone
A journalist demonstrated a security flaw in Lloyds Bank's Voice ID by using a synthetic voice clone from ElevenLabs to bypass authentication. The experiment shows AI-generated voices can trick biometric security systems and potentially expose financial data.
- Confidence
- Medium (multi-source)
IRS audit selection algorithms disproportionately target Black taxpayers
Stanford researchers found that Black taxpayers were audited at 2.9 to 4.7 times the rate of non-Black taxpayers, with the disparity most pronounced among EITC claimants. The IRS confirmed these findings in a May 2023 letter to Congress after an internal review, and multiple outlets corroborated the disparity and its attribution to audit-selection algorithms.
- Confidence
- High (multi-source, primary)
ID.me facial recognition failures lock unemployment beneficiaries out of systems
ID.me deployed a facial recognition system to verify unemployment claimants and prevent fraud. The system's failure to accurately identify many legitimate users led to widespread lockouts and delayed benefit payments.
- Confidence
- High (multi-source, primary)
Uber Eats courier alleges racial bias after facial-verification mismatches and dismissal
A UK Uber Eats courier, Pa Edrissa Manjang, alleges he faced excessive facial-photo verification checks and was deactivated from the app in April 2021 after repeated mismatches. He brought a discrimination claim that a tribunal allowed to proceed and later received a payout, while Uber has said automated facial verification was not the reason for the temporary loss of access.
- Confidence
- Medium (multi-source)
Aadhaar facial recognition failures risk excluding citizens from COVID-19 vaccines
The Indian government's use of Aadhaar facial recognition for vaccine authentication sparked concerns over widespread exclusion. Critics argued the system's inaccuracies and lack of consideration for aging faces would deny vulnerable citizens access to healthcare.
- Confidence
- Medium (multi-source)
Pakistan biometric ID system compromised by Taliban leader identity fraud
The Afghan Taliban leader Akhtar Mansour was found to possess a valid Pakistani biometric ID card issued by NADRA. This security failure led the Pakistani government to launch a nationwide reverification campaign that resulted in the blocking of hundreds of thousands of citizens' identities.
- Confidence
- Medium (multi-source)