CYGNVS launches AI incident command centre for firms

CYGNVS has launched an AI Incident Command Centre for organisations dealing with crises linked to their own AI systems, as reported AI incidents rise.

The product is designed as an out-of-band environment for handling AI-related operational problems, keeping response activity separate from the corporate network and the AI system under investigation. CYGNVS said the approach mirrors the isolation security teams use during ransomware incidents.

The launch comes as businesses face a broader range of risks from AI deployment, including model bias, hallucinations, data leakage and autonomous agents acting in unintended ways. Citing figures from the OECD AI Incidents and Hazards Monitor, CYGNVS said 596 AI incidents were recorded in one month, up 200% from a year earlier.

Research from Gartner cited by the company found that 61% of senior professionals had observed AI agent automation deployed through approved software, while 59% had seen evidence of, or strongly suspected, unsanctioned employee-driven AI agents operating outside governed channels. Together, those trends have increased pressure on companies to build formal response processes for failures involving internal AI tools.

Response model

CYGNVS said its platform provides a single environment for AI teams, executives and outside advisers to prepare for incidents, run exercises, manage live events and produce reports. The system integrates with AI deployments to detect signs of failure across applications, models and agents, matches those signals to an incident playbook and shifts the response into a separate environment.

According to CYGNVS, the product covers four stages: prepare, practice, respond and report. It includes incident playbooks tailored by industry, geography and incident type; tabletop exercises with after-action reports; a secure shared workspace for internal and external stakeholders during live incidents; and regulatory reporting templates covering 56 laws and 47 frameworks.

Those frameworks include the EU AI Act, California AI Act, New York Law 144, Colourado AI Act and FDA AI and machine learning guidance, the company said. The goal is to give organisations a structure for handling events that may require simultaneous technology, legal, compliance and executive decision-making.

CYGNVS also highlighted a common problem: companies often default to email and internal messaging when an AI agent malfunctions. It argues those tools may be accessible to, or influenced by, the AI under investigation, making them unsuitable for sensitive response activity.

"a16z has been seeing the entire gamut of AI technologies and the increasing trend of AI incidents. AI incident response needs to be run out-of-band from the corporate network and out of reach of the AI itself," said Patti Degnan, Operating Partner at a16z.

"If AI has access to the playbooks or communications of the response, it could obfuscate, evade, or manipulate. This is no different from isolating cyber incident response from ransomware or threat actors," Degnan said.

Insurance data

CYGNVS said the AI Incident Command Centre draws on a dataset of more than 20,000 major incidents from the insurance industry. According to the company, that information is not publicly or commercially available and is intended to provide more specific response guidance than generic advisory tools.

CYGNVS already sells an out-of-band platform for cyber incident management and said more than 3,000 customer organisations use it. It added that customers handle more than 50 major incidents a week on the broader CYGNVS platform.

That installed base may give CYGNVS an entry point into AI response, particularly among businesses that already use separate environments to manage cyber crises and outages. It also reflects a growing overlap between cybersecurity operations and AI governance, as companies try to create processes for risks that do not fit neatly into one department.

"The time to deploy AI incident response is alongside the AI project rollout - not afterwards and playing catchup," said Matt Honea, Chief Information Security Officer at Hippocratic AI.

"AI incident readiness requires playbooks, tabletop exercises, coordinated response and incident reporting, mirroring exactly what cybersecurity teams have built over the last decade. CYGNVS gives organizations an end-to-end platform for managing AI incidents," Honea said.

Chief Executive Officer Arvind Parthasarathi said the product was built in response to customer demand as AI-related incidents began to emerge alongside more established cyber events.

"Customers have been running over 50 major incidents per week on CYGNVS," said Arvind Parthasarathi, Founder and Chief Executive Officer of CYGNVS.

"When they started facing AI incidents, their teams, executives, and external providers were already on the platform. The AI Incident Command Centre is a natural extension of that trust, with purpose-built playbooks, scenarios, and regulatory reporting for a class of incident that didn't exist a few years ago," Parthasarathi said.