GenAI Value Safety Incident Repository

• GVSIR is a structured, lifecycle-aware repository cataloging real-world and near-miss GenAI safety incidents with standardized annotations across multiple modalities.
• It supports evaluation benchmarks and regulatory governance by providing detailed risk taxonomies and severity scoring mechanisms.
• The repository integrates insights from safety-critical domains like aviation and cybersecurity to drive safety learning and policy innovation.

A GenAI Value Safety Incident Repository (GVSIR) is a structured, lifecycle-aware database and analytic infrastructure for cataloging real-world and near-miss incidents involving value safety failures of generative AI systems. GVSIRs serve as empirical backbones for risk taxonomies, evaluation benchmarks, and safety governance mechanisms by providing standardized, annotated, and extensible incident data cross-referenced by taxonomy, severity, lifecycle stage, and model/deployment context. The GVSIR paradigm synthesizes concepts from safety-critical domains—such as aviation, pharmaceuticals, and cybersecurity—with generative AI-specific developments in risk taxonomy, harm detection, and governance instrumentation (He et al., 14 Jan 2026, McGregor, 2020, Wei et al., 8 Nov 2025).

1. Scope, Purpose, and Conceptual Role

GVSIR functions as a curated corpus of empirical value-safety incidents tied to generative AI (GenAI) across all major modalities (text, image, audio, video, and mixed). Its central goals are:

• Empirical grounding of a data-driven, inclusive risk taxonomy
• Raw material for grounded-theory coding yielding an internationally unified scale for GenAI value safety (GVS-Scale)
• Operational support for safety learning, regulatory accountability, benchmarking, and real-world impact assessment

In the framework described by (He et al., 14 Jan 2026), GVSIR is not itself a benchmarking tool but provides the evidentiary foundation for both a hierarchical risk taxonomy and the operational GenAI Value Safety Benchmark (GVS-Bench). Its population—1,126 annotated incidents in the reference corpus—enables rigorous, regionally diverse analysis of model failures and value-misalignment.

2. Taxonomy of Catalogued Risk Types

The GVSIR taxonomy is lifecycle-oriented, covering four generative AI system phases:

• Data & Input
• Model Building & Validation
• Task & Output
• Impact & Integration

Within and across these stages, risk types include, but are not limited to: disinformation, harmful instructions, bias/discrimination, cybercrime enablement, copyright infringement, and identity manipulation. Each incident is tagged with (stage, type) tuples reflecting its origin and harm vector. Grounded-theory coding yields a multi-layer hierarchy:

$\begin{array}{ll} \textbf{Layer 1: Baseline Human Safety} & \begin{cases} \mathrm{Life\ Safety\ %%%%3%%%%\ Physical\ Harm} \ \mathrm{Minor\ Exploitation\ %%%%3%%%%\ Illegal\ Sexual\ Content} \ \mathrm{Violence,\ Hate,\ Extremism} \ \mathrm{Cybercrime\ Assistance\ %%%%3%%%%\ Illegal\ Info} \end{cases} \[1ex] \textbf{Layer 2: Universal Alignment %%%%3%%%% Integrity} & \begin{cases} \mathrm{Bias,\ Discrimination,\ Unfairness} \ \mathrm{Disinformation,\ Fraud,\ Identity\ Manipulation} \ \mathrm{Misinformation\ %%%%3%%%%\ Factual\ Hallucinations} \ \mathrm{Copyright\ Infringement,\ Data\ Leakage} \ \mathrm{Social\ Appropriateness,\ Low\text{-}Value\ Output} \ \mathrm{Identity\ Hallucinations,\ Improper\ Interaction} \end{cases} \[1ex] \textbf{Layer 3: Contextual %%%%3%%%% Pluralistic Values} & \begin{cases} \mathrm{Cultural,\ Historical,\ Religious\ Sensitivities} \ \mathrm{Political\ Leanings,\ Ideology,\ Biased\ Guidance} \end{cases} \end{array}$

Taxonomy membership is assigned via manual annotation and grounded theory, not by scoring functions (He et al., 14 Jan 2026). Multiple taxonomies (e.g., ValueSafety, Fairness, Security) may be maintained in namespaced form for extensibility and cross-cutting queries (McGregor, 2020).

3. Data Model, Schema, and Metadata Standards

GVSIR data schema must support detailed incident logging, lifecycle and risk taxonomy, provenance, multi-modal fields, and alignment with existing safety governance instruments. Fields include:

Field	Type/Values	Note
incident_id	String/int/UUID	Globally unique identifier
description	Text	Free-form summary
source_url	String (URL or citation)	Original report or evidence
date_reported	Date	Incident/report/discovery date
country	String	Jurisdictional context
lifecycle_stages	List<Enum>	Data & Input, etc. (see above)
risk_types	List<Enum>	Granular (e.g., “Disinformation”)
modality	Enum	text, image, audio, video, mixed
initial_concept	String	31 grounded theory codes
subcategory	String	12 GVS-Scale categories
core_category	String	One of three GVS-Scale layers
severity_score	Float or ordinal	Where scored (e.g., 0–10, 1–5)
model_metadata	Dict (model, version, provider)	GenAI system context
annotation_metadata	Dict	Annotator, timestamp, curation notes

Additional fields for specialized pipelines may include detected entities (NER output), incident_type (e.g., “off_label_promotion”), tool/chain-of-thought traces, and human-in-the-loop correction logs (Lopez-Martinez, 2024). Namespaced tagging and linked tables enable multi-dimensional search and reporting (McGregor, 2020).

4. Submission, Annotation, and Governance Workflows

GVSIR is designed as a hybrid, multi-channel, multi-tiered system with both voluntary and mandatory reporting pathways, inspired by governance models in safety-critical domains (Wei et al., 8 Nov 2025). Key design dimensions:

• Policy Goal: Learning (non-punitive, cross-industry safety learning) vs. Accountability (regulatory enforcement)
• Actors: Submitters (users, third parties, companies, employees) and receivers (regulators, non-regulatory bodies, public databases)
• Incident Type and Level: Taxonomized per risk and granularity (hazard, near-miss, harm event, etc.)
• Enforcement: Voluntary vs. mandatory thresholds (e.g., mandatory reporting for major harm events)
• Anonymity: Open, confidential, or anonymous submitter options
• Post-reporting Actions: Information sharing, disclosure, audit, or regulatory action, mapped to record fields

Submission is typically via web/API portals, with front-end taxonomy pre-tagging and curator review to ensure data quality, de-duplication, and consensus labeling. All record changes are versioned, and role-based access controls ensure regulatory compliance as well as openness for research/learning purposes (McGregor, 2020, Wei et al., 8 Nov 2025).

5. Analytic, Retrieval, and Reporting Infrastructure

Search, analytics, and reporting leverage denormalized data stores (e.g., Elasticsearch clusters) for efficient faceted and full-text retrieval, supporting:

• Querying by lifecycle stage, risk type, model, severity, region, and date
• Generation of severity distributions, risk frequency time series, heatmaps, and tag trend analysis
• Automated dashboards for safety bulletins, compliance, regulatory review, and public transparency

Incident-level and system-level severity/risk ratings follow formulas such as:

$$\mathrm{Severity} = w_I I + w_L L + w_D D,\quad w_I + w_L + w_D = 1$$

$$\mathrm{Risk} = P(\mathrm{occurrence}) \times \mathrm{Severity},\quad P(\mathrm{occurrence}) = \frac{L}{5}$$

where $I$ = Impact, $L$ = Likelihood, $D$ = Detectability (McGregor, 2020). Alignment risk indices and model performance benchmarks are constructed atop GVSIR (e.g., GVS-Bench’s 0–10 scoring, averaged over replicates) (He et al., 14 Jan 2026).

6. Specialized Pipelines: Domain-Specific Extensions and Integration

GVSIR can be extended to accommodate domain-specific workflows, such as:

• Medical context (detection of off-label or unsafe recommendations): Inclusion of fields such as detected_entities, detailed pipeline logs, and reference to regulatory databases (Lopez-Martinez, 2024).
• Security exploits (PromptWare, adversarial attacks): Storage of adversarial prompts, chain-of-thought traces, privilege escalation evidence, and kill chain step logs (Cohen et al., 2024).

Logging schemas must capture incident inputs/outputs, submodel versions, preprocessing metadata, and—where applicable—auditable ground truth or human-in-the-loop corrections. All fields must be version-controlled for replicability and audit.

7. Best Practices, Open Questions, and Evolution

Best practices for GVSIR include dual-track mandatory/voluntary reporting with clear thresholds, rigorous taxonomy maintenance, non-regulatory administration of learning-oriented channels, and protection for anonymous/confidential reporters. Pitfalls include vague thresholds generating high-noise records, over-anonymization impeding follow-up, and fragmented governance leading to poor data integration (Wei et al., 8 Nov 2025).

Succinct open research questions include:

• What is the optimal algorithm for switching from voluntary to mandatory reporting along the severity–risk axis?
• How should AI system explanations and logs be integrated at scale into incident records?
• Can automated triage (e.g., LLM pipelines) reduce annotation burden while maintaining reliability?
• How does repository coverage impact the downstream reduction in real-world GenAI harms?
• Which privacy-preserving mechanisms best enable cross-jurisdictional and cross-sector information sharing?

GVSIR thus represents a principled, extensible, and empirically grounded repository architecture, central to technical and policy work on generative AI safety and value alignment (He et al., 14 Jan 2026, McGregor, 2020, Wei et al., 8 Nov 2025).