{ "schema": "mvg.safety_ir_descriptor@1", "issued_utc": "2026-02-22T00:00:00Z", "canonical_surface": "https://meridianverity.com/safety/incident-response/", "boundary": { "public_safe": true, "non_binding_unless_incorporated": true, "not_a_certification": true, "no_warranty": true }, "summary": "Public-safe safety incident response: how MVG classifies AI safety incidents (non-cyber), triggers HOLD/STOP, and escalates using role-based channels. Missing evidence yields HOLD (fail-closed).", "classification": { "security_incident": { "label": "Cybersecurity / vulnerability / compromise", "canonical_entry": "https://meridianverity.com/legal/security-disclosure/", "note": "Use the Vulnerability Disclosure Program (VDP) for security issues." }, "safety_incident": { "label": "AI safety / operational harm (non-cyber)", "definition": "An AI-enabled behavior, automation, or release that causes or materially risks harm (e.g., unauthorized real-world actions, systemic misclassification, unsafe outputs, denial of service to entitled users), without requiring a cybersecurity compromise." }, "examples_public_safe": [ "Unauthorized side-effect attempt detected by a gate (permit missing) → HOLD/STOP escalation.", "Material policy violation discovered in receipts after deployment → revoke/roll back, publish advisory receipt.", "Confirmed harmful behavior in a regulated workflow (clinical/finance) → immediate HOLD, human review, and remediation." ] }, "stop_and_hold_triggers": { "principle": "Uncertainty is treated as risk. If proof is missing, ambiguous, or invalid, the correct output is HOLD (fail-closed).", "triggers_public_safe": [ "Missing required signatures or evidence pointers for a release.", "Verifier outputs FAIL or a materially new reason code emerges for the same surface.", "Confirmed unauthorized action attempt, policy bypass attempt, or replay mismatch.", "Credible external report of harm that is reproducible (or plausibly reproducible)." ], "outputs": { "GO": "All required evidence is present, signatures verify, and policy checks PASS.", "HOLD": "Evidence is missing/ambiguous or an incident requires human review before proceeding.", "FAIL": "Evidence is present but invalid/tampered, or verification deterministically fails." } }, "escalation": { "roles_only": true, "path": [ { "step": 1, "role": "On-call reviewer (Safety)", "goal": "Triage, reproduce, and classify within published scope." }, { "step": 2, "role": "Stop authority (per Governance)", "goal": "Issue HOLD/STOP, authorize rollback or mitigation." }, { "step": 3, "role": "Exec escalation (role)", "goal": "External communications, customer coordination, and remediation commitments." } ], "channels": { "primary_contact": "contact@meridianverity.com", "security_contact": "security@meridianverity.com", "notes": "Official channels use @meridianverity.com only. If a message claims to be MVG but is not from this domain, treat as HOLD and report." } }, "communications": { "public_safe_posture": "When a safety incident impacts a release evidence surface, publish an advisory receipt (append-only) and link it from the Trust Center.", "status_surface": "https://meridianverity.com/trust/status/" }, "discovery": { "company_descriptor": "https://meridianverity.com/.well-known/mvg-company.json", "governance_descriptor": "https://meridianverity.com/.well-known/mvg-governance.json", "contact_descriptor": "https://meridianverity.com/.well-known/mvg-contact.json", "security_txt": "https://meridianverity.com/.well-known/security.txt", "advisories_feed": "https://meridianverity.com/security/advisories/" }, "verification": { "detached_signature": { "payload_url": "https://meridianverity.com/.well-known/mvg-safety-ir.json", "signature_url": "https://meridianverity.com/.well-known/mvg-safety-ir.json.asc", "offline_verify_command": "gpg --verify mvg-safety-ir.json.asc mvg-safety-ir.json", "expected_output": "Good signature (pinned fingerprint)" }, "fail_closed_note": "If the detached signature is missing (or placeholder), consumers MUST treat the descriptor as HOLD. If present but invalid, treat as FAIL." } }