Kimi AI Model Leaks User Resume Data, Causing Privacy Breach in China

The event explicitly involves an AI system (Kimi, a large language model) that, during normal use, disclosed another user's private and sensitive personal information without authorization. The harm is realized as personal data leakage and privacy violation, which is a breach of legal obligations protecting personal information and fundamental rights. The AI system's malfunction or engineering failure (e.g., data isolation failure, session contamination) directly caused this harm. The incident is not hypothetical or potential but has already occurred and caused harm, so it is an AI Incident rather than a hazard or complementary information.

The incident involves an AI system (Kimi translation model) whose malfunction or improper data handling directly led to the unauthorized disclosure of personal information, constituting a violation of privacy rights and legal obligations. The harm is actual and significant, as sensitive personal data was exposed to unrelated users. The explanation by the company attributing the issue to 'AI hallucination' is legally insufficient, and experts suggest it is due to engineering failures such as data isolation or session management errors. Therefore, this event qualifies as an AI Incident due to realized harm to individual privacy and legal violations linked to the AI system's use.

The event explicitly involves an AI system (Kimi large language model) whose malfunction (data isolation failure and session contamination) caused the unauthorized disclosure of sensitive personal information. This breach constitutes a violation of personal privacy rights and relevant laws, fulfilling the criteria for harm to individuals (harm category (c): violations of human rights or breach of legal obligations protecting fundamental rights). The harm is realized, not just potential, as the leaked information was confirmed authentic and has led to legal action. The AI system's role is pivotal as the leak occurred through its operation and data handling. Hence, the classification as an AI Incident is appropriate.

The incident involves an AI system (Kimi) that malfunctioned by erroneously outputting another user's private resume data to a different user, directly causing harm through privacy violation. The AI system's 'hallucination' or error in data handling led to the unauthorized disclosure of sensitive personal information, which is a breach of fundamental rights and data protection laws. The harm is realized and not merely potential, fulfilling the criteria for an AI Incident rather than a hazard or complementary information.

The event explicitly involves an AI system (Kimi) used for document processing and resume polishing. The system malfunctioned by sending one user's private information to another user, causing a privacy violation. This is a direct harm resulting from the AI system's malfunction and use, meeting the criteria for an AI Incident. The discussion of 'AI hallucination' and 'hash collision' supports the malfunction aspect. The privacy breach is a clear violation of user rights and confidentiality, which is a recognized harm under the framework.

The event explicitly involves an AI system (the Kimi large language model) whose malfunction or data handling led to the unauthorized disclosure of personal private information, which is a clear violation of privacy rights and a breach of obligations under applicable law protecting fundamental rights. The harm has already occurred as the private data was exposed and verified to be accurate. Therefore, this qualifies as an AI Incident under the framework, as the AI system's use directly led to a violation of human rights (privacy).

The event explicitly involves an AI system (Kimi translation AI) whose malfunction or misuse led to the direct leakage of personal data, constituting harm under the category of violation of human rights and legal obligations (privacy and data protection). The AI system's role is pivotal as it generated and returned the sensitive information. The harm is realized and not hypothetical. Hence, this qualifies as an AI Incident rather than a hazard or complementary information.

The event involves an AI system (Kimi translation AI) whose malfunction or misuse directly led to the unauthorized disclosure of personal data, constituting a violation of personal information protection laws. The harm is realized and significant, involving breach of privacy and legal obligations. Therefore, this qualifies as an AI Incident under the framework, as the AI system's malfunction directly caused harm to individuals' rights and data security.

The event explicitly involves an AI system (Kimi) whose malfunction or misuse has directly led to the unauthorized disclosure of personal information, causing harm to individuals' privacy rights. The presence of an AI system is clear, and the harm (personal data leak) has materialized. The company's explanation of 'AI hallucination' is legally insufficient, and experts confirm the issue stems from engineering failures related to data management. This fits the definition of an AI Incident due to violation of personal rights and privacy, which is a breach of applicable law protecting fundamental rights.

The event explicitly involves an AI system (the Kimi translation AI) malfunctioning by exposing one user's private data to another user, which is a direct violation of privacy rights and data protection laws. The harm is realized and directly linked to the AI system's malfunction (data isolation failure). This fits the definition of an AI Incident as it involves a breach of obligations under applicable law intended to protect fundamental rights (privacy). The article also discusses broader business and market context but the core harmful event is the data leak caused by the AI system's malfunction.