AI incident reports are climbing across the board.
What does that actually mean?

SORT — Subject, Opportunity, Risk event, Timeframe — is the paper's structured analogue to PICO in evidence-based medicine. It forces analytical choices to be explicit rather than buried in framing.

Each box on the right holds one piece of the question. They will fill in one at a time as you scroll, using the case study of conversational AI and self-harm.

The subject is the population whose welfare is at stake. The choice has to be narrow enough to be measurable, broad enough to capture the phenomenon actually in question.

For this case: people living in the United States. The choice of country fixes the available denominators downstream — censuses, regulatory filings, survey instruments.

Example subjects: Workers in customer-service roles in California; hospital patients in NHS England trusts; drivers on US interstate highways.

Opportunity isolates the specific mechanism through which the subject is exposed to the harm. Simply “people who use AI” would cast too wide a net. It is the precise interaction pattern that makes the risk event possible.

Here: using conversational AI systems for emotional support. The narrower the opportunity, the tighter the proxy choices available to estimate exposure later.

Example opportunities: Being screened by an automated resume-filtering system during a job application; receiving a diagnosis assisted by a clinical decision-support tool; driving alongside a vehicle operating in autonomous mode.

The risk event is the countable harm itself, phrased so that an incident report can be matched against it. The paper specifies: receiving responses that encourage, or fail to discourage, suicidal ideation or self-harm.

A vaguer phrasing — “AI causes mental health harms” — would inflate the number of partial matches and make the trend signal noisier.

Example risk events: Being rejected from consideration on the basis of a protected characteristic; receiving a missed or delayed diagnosis traceable to the tool's recommendation; being involved in a collision the autonomous system failed to avoid.

Timeframe defines the observation window. Per calendar year is the default chosen here: the underlying databases publish in year-resolution, and year-on-year change is what the framework is trying to surface.

Example timeframes: per quarter, fiscal year, or month.

That single sentence is the unit of analysis. Everything downstream — which databases to search, which proxies to allow, what counts as a full match — flows from its exact phrasing.

With no authoritative single source for this monitoring question, the procedure begins at Tier 2 — combining proxy measures to construct bounds.

An LLM-assisted scan of the AIID returns 2 full matches in 2024 and 17 in 2025. Two matches in 2024 falls below the threshold for a reliable signal, so this database alone cannot resolve the trend. A second source is needed.

The OECD AI Incidents Monitor uses a different sourcing pipeline from the AIID, drawing on a broader set of news and regulatory feeds. Filtered for US-based incidents involving conversational AI and resulting in physical or psychological injury, the same LLM analysis yields 8 full matches in 2024 and 55 in 2025 — a roughly seven-fold increase in the match count.

The associated harm counts — the number of people affected per matched incident — also jump sharply, from a 9–17 range in 2024 to roughly the hundred-thousand range in 2025. This second number is driven by a small number of incidents involving large user populations (a single platform-level event can put hundreds of thousands into the affected count), so it's noisier than the match count and shouldn't be read as a clean signal of per-incident severity. The match count is the load-bearing trend signal here.

For an upper-bound estimate, the paper draws on OpenAI's own disclosure: approximately 0.15% of weekly active users engage in conversations indicating potential suicidal planning or intent — more than one million people per week, globally.

That number is not a lower-bound match count — it's a ceiling derived from a proxy proportion. The two kinds of evidence belong on different scales: the AIID and OECD AIM counts are floors built from confirmed reports, while the OpenAI figure is a roof scaled from a population-level rate.

Pew Research data on ChatGPT use “to learn new things” and “for entertainment” by age group serves as the proxy frontier. The mid-point of those two shares becomes the point estimate; the individual shares form the lower and upper bounds.

To extend from ChatGPT to all conversational AI, the paper applies a market-share scalar: 80% at the point estimate, 90% and 70% for the upper and lower bounds.

Combining the assumption stack with the Pew bucket data and the US census yields a central estimate of 64 million people in 2024 (plausible range 54–73M) and 88 million in 2025 (75–99M). Order of magnitude: 10⁸.

The trend is increasing — approximately 40% year on year. Confidence tier 2 · Medium: the bounds are derived from reasonable sources, the assumptions are explicit, and the directional reading is robust to the moves used to construct it.

Plot the chatbot case. OECD AIM's match count jumped roughly seven-fold between 2024 and 2025. Exposure rose ~40% over the same period. Harm grew faster than exposure, so harm-per-exposure — Ĥ — is rising. Exposure is also rising, so E is up.

Both arrows point up. The dot lands in the top-right quadrant: Escalating.

Both the population at risk and the harm per unit exposure are growing. The framework's recommendation: urgent attention — expanded monitoring, active investigation into causal drivers, and possibly regulatory intervention.

The confidence tier is Low; tightening it would require either mandatory disclosure of conversational-AI use or a dedicated survey instrument. Both fall outside the current data environment.