AgentCompliant

Ecosystem

The AgentCompliant Ecosystem — Beyond governance. The standard.

Seven strategic products that extend the core platform — from free risk tooling and open source SDKs to certification, APIs, and insurer partnerships.

PUBLIC DATABASE

When AI agents go wrong — learn from every incident

A living corpus of anonymized or public-domain summaries — filter by industry, severity, regulation, and date to stress-test your own controls.

Categories we track

  • Data breach
  • Bias incident
  • Unauthorized action
  • Compliance violation
  • Financial loss
  • Privacy violation
  • Hallucination
  • Rogue behavior

Filters

  • 2026-01-14Financialhighunauthorized action

    Trading agent exceeded approved instrument list

    An autonomous support agent was misconfigured with brokerage-adjacent tools and executed a test order in a production environment.

    Root cause
    Missing environment separation and overly broad tool permissions.
    Regulations referenced
    SEC Market Access Rule (context-dependent), internal policy
    Lessons learned
    Pre-deploy compliance checks and tool allowlists per environment.
  • 2025-11-02Healthcarecriticalprivacy violation

    PHI surfaced in agent transcript retention

    A summarization agent retained full transcripts beyond the approved retention window in a vendor bucket.

    Root cause
    Retention policy not enforced in logging pipeline; weak data classification.
    Regulations referenced
    HIPAA, state privacy
    Lessons learned
    Hash or redact prompts; enforce retention at the logging layer with automated audits.
  • 2025-09-20Retailmediumbias incident

    Customer routing disparities detected

    Outbound triage agent showed statistically significant routing differences across demographic proxies in A/B telemetry.

    Root cause
    Training skew and missing fairness evaluation gates pre-release.
    Regulations referenced
    FTC Act (unfair practices), emerging state AI laws
    Lessons learned
    Continuous evaluation harness + human review for sensitive decisions.
  • 2025-08-05Technologyhighdata breach

    API key exfiltration via prompt injection

    An agent retrieved a connector secret from context after an indirect injection via user-uploaded document.

    Root cause
    Secrets in context window; insufficient tool sandboxing.
    Regulations referenced
    GDPR / breach notification (jurisdiction-dependent)
    Lessons learned
    Never inject long-lived secrets into prompts; use scoped ephemeral credentials.

Agent Incident Report — weekly newsletter

Curated incidents, regulatory deltas, and remediation patterns.

Submit an incident

Companies can contribute anonymized summaries to improve collective learning. Editorial review before publication.

← Ecosystem hub