Inferensys

Glossary

Incident Severity Level

A classification taxonomy (e.g., SEV-1 to SEV-5) used to prioritize AI incident response based on the magnitude of business or societal harm.
Incident responder handling AI system issue on laptop, logs and alerts visible, late night on-call session.
CLASSIFICATION TAXONOMY

What is Incident Severity Level?

A structured ranking system used to categorize AI incidents by the magnitude of harm, dictating response urgency and resource allocation.

An Incident Severity Level is a classification taxonomy, typically ranging from SEV-1 (critical) to SEV-5 (cosmetic), used to prioritize AI incident response based on the magnitude of business or societal harm. It provides a standardized framework for quantifying the impact of model degradation, safety violations, or system outages, ensuring that the most damaging events receive immediate engineering attention.

Severity is determined by assessing the blast radius of the failure, including factors like financial loss, user safety risk, and regulatory non-compliance. This classification directly triggers specific escalation policies and Recovery Time Objectives (RTOs), linking operational response to predefined error budgets and service level objectives.

INCIDENT SEVERITY FRAMEWORKS

Core Characteristics of Severity Taxonomies

A robust severity taxonomy is the backbone of effective AI incident response, translating technical failures into business impact. These core characteristics define how incidents are classified, prioritized, and escalated.

01

Business Impact Alignment

Severity levels must be defined by business or societal harm, not the underlying technical cause. A SEV-1 incident is not a 'database outage'; it is a 'complete halt of customer transactions' or a 'safety-critical model outputting dangerous instructions.' This alignment ensures that response efforts are proportional to the actual damage, preventing engineering teams from over-prioritizing technically interesting but low-impact bugs. Effective taxonomies map directly to Service Level Objectives (SLOs) and revenue impact.

  • SEV-1: Critical business function down, safety incident, or massive data breach.
  • SEV-2: Major feature impaired with no workaround, significant user impact.
  • SEV-3: Partial, non-critical feature loss with a viable workaround.
02

Clear, Actionable Definitions

Each severity level requires an unambiguous, binary-tested definition to eliminate subjective debate during an incident. A common framework uses a decision tree based on user impact scope and functional degradation. For example, a SEV-1 might be defined as '>50% of users receiving errors on a core transaction flow.' This prevents 'severity creep' where every issue is declared a top-priority emergency. The definition should be a simple checklist that an on-call engineer can apply in seconds.

  • Scope: What percentage of users or requests are affected?
  • Functionality: Is the system completely down, severely degraded, or slightly slow?
  • Workaround: Does a manual bypass exist for the affected users?
03

Strict Response Triggers

A severity taxonomy is useless without automated and manual triggers that enforce it. Each level must be bound to specific response Service Level Agreements (SLAs) for acknowledgment and resolution. A SEV-1 incident typically triggers immediate paging of the on-call Incident Commander, a dedicated war room, and executive stakeholder notification within 15 minutes. These triggers are often linked to error budgets and burn rate alerts, automatically escalating an incident if the Mean Time To Acknowledge (MTTA) is breached.

  • SEV-1: Page immediately, war room in 5 minutes, status update every 30 minutes.
  • SEV-2: Page immediately, acknowledge in 30 minutes, status update every 2 hours.
  • SEV-3: Auto-create ticket, triage during business hours.
04

Model-Specific Harm Criteria

AI systems introduce novel failure modes that traditional software taxonomies miss. A dedicated AI severity taxonomy must include criteria for algorithmic harm, such as biased outputs, model hallucination rates, or toxic content generation. A SEV-1 could be triggered by a model exhibiting a sudden spike in racial bias or generating dangerous medical advice, even if the API itself is technically 'healthy.' This requires integrating guardrail violation metrics and drift detection outputs directly into the severity classification logic.

  • Safety Violation: Model outputs violating content safety policies.
  • Fairness Degradation: A statistically significant increase in a bias metric.
  • Factual Grounding Loss: Hallucination rate exceeding a critical threshold.
05

Escalation Path Clarity

The taxonomy must define not just the severity but the exact escalation path. A SEV-1 incident automatically pulls in a designated Incident Commander, a Scribe, and a Communications Lead. It also specifies which external stakeholders (e.g., legal, PR, customer support) must be engaged based on the incident's nature. For AI incidents, this often includes a dedicated AI Ethics Officer or a compliance lead if the failure involves a regulated decision. The policy removes ambiguity about who has the authority to declare an incident resolved.

06

Post-Incident Review Linkage

The final severity level assigned to an incident directly dictates the depth of the required post-mortem analysis. A SEV-1 incident mandates a formal, blameless post-mortem document with a rigorous root cause analysis and tracked remediation items within 5 business days. A SEV-3 might only require a lightweight retrospective note. This linkage ensures that the organization's learning and preventive investment are proportional to the incident's impact, creating a closed feedback loop from detection to systemic improvement.

INCIDENT CLASSIFICATION TAXONOMY

Common Severity Level Definitions

Standardized severity tiers used to prioritize AI incident response based on business impact, user harm, and regulatory exposure.

SeverityDesignationBusiness ImpactResponse SLAExample AI Incident

SEV-1

Critical

Complete service outage, severe user harm, or regulatory breach in progress

< 15 min acknowledge, < 1 hr resolve

Model serving bias causing discriminatory loan denials at scale

SEV-2

High

Major feature degradation affecting >25% of users or significant revenue loss

< 30 min acknowledge, < 4 hr resolve

Hallucination rate spike to 12% in customer-facing chatbot

SEV-3

Medium

Partial degradation affecting <25% of users, no revenue impact

< 2 hr acknowledge, < 24 hr resolve

Drift detection alert on non-critical inference pipeline

SEV-4

Low

Minor cosmetic issue or single-user impact, no SLA breach

< 8 hr acknowledge, < 72 hr resolve

Model output formatting inconsistency in internal dashboard

SEV-5

Informational

No user impact, preemptive observation or improvement opportunity

Next business day acknowledge, no resolve SLA

Gradient anomaly detected during shadow mode evaluation

INCIDENT SEVERITY CLASSIFICATION

Frequently Asked Questions

Clear answers to common questions about defining, assigning, and operationalizing severity levels for AI system failures.

An incident severity level is a classification taxonomy (typically ranging from SEV-1 to SEV-5) used to prioritize AI incident response based on the magnitude of business or societal harm. It provides a shared, objective framework for Site Reliability Engineers (SREs) and Risk Managers to triage failures. The level dictates the urgency of response, the escalation policy triggered, and the resources allocated. Unlike traditional software severity, AI severity incorporates unique dimensions such as hallucination rate, bias amplification, and safety policy violations. For example, a SEV-1 might be declared when a medical diagnostic model exhibits a statistically significant false-negative rate, while a SEV-5 might cover minor latency degradation in a non-critical recommendation engine.

Prasad Kumkar

About the author

Prasad Kumkar

CEO & MD, Inference Systems

Prasad Kumkar is the CEO & MD of Inference Systems and writes about AI systems architecture, LLM infrastructure, model serving, evaluation, and production deployment. Over 5+ years, he has worked across computer vision models, L5 autonomous vehicle systems, and LLM research, with a focus on taking complex AI ideas into real-world engineering systems.

His work and writing cover AI systems, large language models, AI agents, multimodal systems, autonomous systems, inference optimization, RAG, evaluation, and production AI engineering.