Events
Notable AI safety events, incidents, and milestones.
Events
10
With Description
10
Unique Tags
43
Loading...
Notable AI safety events, incidents, and milestones.
| Description | Tags | Coverage | Wiki | |||
|---|---|---|---|---|---|---|
| NotPetya (2017) | 2026-04 | NotPetya was a destructive malware attack disguised as ransomware, deployed June 27, 2017 via a compromised update to M.E.Doc, a Ukrainian tax accounting software. Although it targeted Ukraine, it propagated globally via SMB and credential-theft mechanisms, causing the most destructive cyberattack in history by total economic damage. The U.S., UK, Australia, and Canada attributed the attack to GRU's Unit 74455 (Sandworm). It is the canonical reference point for catastrophic single-event cyber damage and the basis for the Merck v. Ace insurance war-exclusion litigation. | cyber-incidentdestructive-malwaresupply-chain+3 | wiki | ||
| WannaCry (2017) | 2026-04 | WannaCry was a worm-propagating ransomware attack on May 12, 2017, exploiting the EternalBlue SMB vulnerability leaked from the NSA by the Shadow Brokers. It infected over 200,000 computers across 150 countries within hours and was attributed by the U.S., UK, Australia, Canada, New Zealand, and Japan to North Korea's Lazarus Group. Although the kill switch discovered by Marcus Hutchins limited propagation, the attack severely disrupted the UK's NHS (cancellation of ~19,000 appointments), affecting healthcare delivery for several days. | cyber-incidentransomwareworm+3 | wiki | ||
| SolarWinds (2020) | 2026-04 | SolarWinds was a supply-chain compromise discovered in December 2020 in which Russian SVR operators inserted the SUNBURST backdoor into the Orion network management software, which was then distributed to ~18,000 customer organizations including multiple U.S. federal agencies (Treasury, DHS, Commerce, State, Energy/NNSA), and technology companies including Microsoft and FireEye. The compromise was undetected for at least 9 months. Total recovery costs across affected organizations are estimated at $100B+ but precise figures remain disputed; the incident reshaped U.S. federal cybersecurity policy (Executive Order 14028, May 2021). | cyber-incidentsupply-chainespionage+3 | wiki | ||
| Colonial Pipeline (2021) | 2026-04 | On May 7, 2021, Colonial Pipeline — operator of the largest refined-petroleum pipeline on the U.S. East Coast — was hit with ransomware by DarkSide affiliates. Colonial proactively shut down operations, triggering fuel shortages, panic buying, and price spikes across the eastern seaboard. The shutdown lasted six days. The incident drove binding cybersecurity directives for U.S. pipeline operators (TSA Security Directives Pipeline-2021-01 and -02) and remains the canonical example of cyber-induced critical-infrastructure cascade in the U.S. | cyber-incidentransomwarecritical-infrastructure+2 | wiki | ||
| CDK Global (2024) | 2026-04 | On June 18, 2024, CDK Global — the dealer-management-system provider for ~15,000 North American auto dealerships — was attacked by BlackSuit ransomware. A second attack on June 19 disrupted recovery efforts. Most dealerships reverted to paper processes for two weeks. Anderson Economic Group estimated total dealer losses at $1.02B; CDK reportedly paid ~$25M in ransom. The incident is a benchmark for indirect cascade damage from sector-concentrated SaaS compromise. | cyber-incidentransomwareautomotive+2 | wiki | ||
| Change Healthcare (2024) | 2026-04 | On February 21, 2024, Change Healthcare — a UnitedHealth subsidiary processing roughly one-third of US healthcare payment claims — was attacked by BlackCat/ALPHV ransomware. The shutdown crippled pharmacy fulfillment, claims processing, and revenue cycle management nationwide for weeks. UnitedHealth disclosed the breach affected approximately 190M Americans, making it the largest US healthcare breach on record. UnitedHealth has reported $2.87B in direct costs as of FY2024 reports; sector-wide downstream costs (pharmacy cash-flow disruption, hospital revenue gaps, delayed care) are not consolidated. The incident demonstrates the systemic-risk profile of healthcare clearinghouses. | cyber-incidentransomwarehealthcare+3 | wiki | ||
| Anthropic-Disclosed AI-Orchestrated Campaign (Sept 2025) | 2026-04 | In mid-September 2025, Anthropic detected and disrupted a cyber-espionage campaign by threat actor GTG-1002 (assessed high confidence as Chinese state-sponsored) using Claude Code as the primary execution agent. The attackers jailbroke Claude by decomposing attacks into compartmentalized small tasks, allowing the AI to execute reconnaissance, exploitation, credential harvesting, lateral movement, and data exfiltration without recognizing their malicious aggregate purpose. Approximately 30 organizations were targeted; 4 successful breaches were confirmed. This is considered the first publicly documented case of a large-scale cyberattack in which an AI agent — not human operators — executed the majority of tactical operations. Although direct damages were limited by Anthropic's intervention, the incident is the canonical reference for AI-orchestrated attack capability and a pivotal data point for capability-trajectory and offense-defense analyses. | cyber-incidentai-orchestratedchina+4 | wiki | ||
| AI Military Deployment in the 2026 Iran War | 2026-03 | Active — war ongoing, AI deployment expanding | The 2026 Iran war, which began February 28, marks the first large-scale deployment of frontier AI models in active armed conflict. Claude AI (via Palantir's Maven Smart System) was used for intelligence assessments, target identification, and battle simulations — even as Anthropic was being blacklisted by the Pentagon for refusing to allow unrestricted military use. The conflict also closed the Strait of Hormuz, disrupting 20% of global oil supply. A King's College London wargaming study found AI models chose nuclear escalation in 95% of simulated crises, and a strike on a girls' school killing ~175 people raised acute questions about AI-enabled targeting. ChinaTalk published satirical fiction imagining Claude autonomously negotiating to reopen the Strait — a scenario that crystallizes the tension between AI autonomy and human control in warfare. | military-aiautonomous-weaponsai-safety+5 | wiki | |
| Anthropic-Pentagon Standoff (2026) | 2026-02 | Active — legal challenge pending | In February 2026, the Trump administration ordered all federal agencies to cease using Anthropic's technology and designated the company a "supply chain risk to national security" — a category normally reserved for foreign adversaries — after Anthropic refused to remove restrictions on autonomous weapons and mass domestic surveillance from its Pentagon contract. The standoff, triggered by the use of Claude AI in the January 2026 Venezuela raid, represents the first major confrontation between a frontier AI lab and the US government over ethical red lines in military AI deployment. | ai-policymilitary-aigovernment+3 | wiki | |
| International AI Safety Summit Series | 2025-12 | Active | The International AI Safety Summit series represents the first sustained effort at global coordination on AI safety, bringing together governments, AI companies, civil society, and researchers to address the risks from advanced AI. | internationalgovernancemultilateral-diplomacy+4 | wiki |