AI Incident Database

China's 2025 expansion of its AI-powered social credit system to comprehensively monitor online behavior affects 1.4 billion people. The system scores citizens based on digital activities, creating unprecedented mass surveillance and chilling effects on digital expression.

Italy's data protection authority blocked Chinese AI company DeepSeek from processing Italian user data over GDPR violations, citing lack of transparency and proper legal basis for data processing.

Security researcher discovered DeepSeek AI's publicly accessible ClickHouse database containing over 1 million records of user chat histories, API keys, and system logs, highlighting critical security gaps in AI startup infrastructure.

Transport for London's 2025 expansion of AI surveillance including emotion detection triggered legal challenges from privacy groups and ICO investigation over GDPR compliance.

Microsoft 365 Copilot inherited SharePoint permission flaws that could expose confidential corporate documents across organizational boundaries, prompting Microsoft to release patches and updated guidance on AI data governance.

Microsoft's Recall feature for Copilot+ PCs stored unencrypted screenshots of user activity in accessible databases, creating massive privacy risks. Security researchers' findings led to public backlash and Microsoft delaying the feature.

Microsoft's AI Recall feature stored unencrypted screenshots of all user activity including passwords and sensitive data, forcing the company to delay launch after major security backlash.

Venice deployed AI surveillance cameras to track tourist movements and enforce a €5 day-tripper fee, raising significant privacy concerns under GDPR and setting precedent for AI-powered urban crowd control.

Microsoft Copilot for 365 exposed confidential documents by leveraging overpermissioned SharePoint and OneDrive access, allowing users to discover sensitive information through AI-powered search that they shouldn't have been able to access.

Zoom faced major backlash after updating terms of service in March 2023 to allow AI training on user content including video calls without explicit consent, affecting hundreds of millions of users before partially reversing the policy in August 2023.

Worldcoin's global iris-scanning project collected biometric data from 4.5 million people, triggering investigations and bans across multiple countries due to inadequate privacy protections and targeting of vulnerable populations in developing nations.

A 2023 class action lawsuit alleged OpenAI trained its language models on private medical records and therapy notes scraped from the internet without patient consent. The case highlights significant privacy risks in AI training data practices within healthcare contexts.

Mozilla Foundation security audit revealed that popular AI companion apps including Replika and Character.AI exposed intimate user conversations through inadequate encryption and unauthorized third-party data sharing, affecting over 11 million users.

Samsung semiconductor division employees leaked confidential source code, meeting recordings, and test data through ChatGPT prompts in March 2023. Samsung banned ChatGPT usage and implemented new AI policies after discovering at least three separate incidents within 20 days.

Samsung semiconductor division engineers submitted proprietary source code, internal meeting notes, and hardware test data to ChatGPT on at least three separate occasions within 20 days. Samsung subsequently restricted employee use of generative AI tools and began developing an internal alternative.

Italy's data protection authority temporarily banned ChatGPT in March 2023 for GDPR violations including unlawful data collection, lack of age verification, and generating inaccurate personal information.

In March 2023, a Redis cache bug in ChatGPT exposed chat histories and payment information to unauthorized users. The incident affected approximately 100,000 users and led to temporary service suspension and regulatory scrutiny.

The FTC fined BetterHelp $7.8 million for sharing sensitive mental health data from over 7 million users with Facebook, Snapchat, and other advertisers for targeted marketing between 2017-2020, violating privacy promises.

Mozilla research revealed that major AI-powered mental health apps including BetterHelp shared sensitive user therapy data with advertising platforms. The FTC fined BetterHelp $7.8M for violating user privacy.

AI surveillance cameras in Serbian schools monitored student emotions and behavior without proper consent from students or parents. Digital rights groups successfully challenged the practice, leading to removal of the surveillance system.