The Habitat Constellation dataset is a curated collection of real-world incidents in which AI systems have been misused, or where AI capabilities have materially contributed to harmful outcomes. It is maintained by MissionOpsAI in partnership with the University of Bath as part of a Layer 1 threat detection framework for agentic AI misuse.
Each case study links to a publicly available source article and paraphrases — rather than reproduces — the reporting. No source text is copied verbatim.
Incidents are classified into four threat habitat constellations defined by the University of Bath research team:
AI systems used to deceive organisations or individuals for financial gain — including AI-generated phishing, synthetic identity fraud, social engineering at scale, and automated extortion campaigns targeting businesses.
AI-driven discovery and exploitation of software vulnerabilities without meaningful human direction at each step — including automated scanning, proof-of-concept generation, and active exploitation of unpatched systems.
AI systems applied to the design, optimisation, or deployment of weapons or harmful tools — including CBRN research assistance, autonomous targeting, and AI-enabled physical attack planning.
AI used to influence beliefs, emotions, or decisions at scale — including synthetic propaganda, personalised disinformation, AI-generated deepfakes deployed to deceive the public, and automated influence operations targeting democratic processes.
An incident may exhibit characteristics of more than one constellation; it is assigned to the primary threat type based on the dominant mechanism of harm. Where classification is uncertain, the confidence score reflects that uncertainty and the case study is flagged for human review.
Every case study is reviewed and approved by a human analyst before it enters this dataset. AI classification assists triage and surfaces candidate incidents, but no case study reaches the published state without explicit human sign-off.
The review step examines whether the incident is real and the source credible; the classification is accurate; the summary accurately reflects the source without introducing detail not present in the original reporting; and no personally identifiable information is included beyond what was already in the public source.
This gate is enforced in the system — there is no automated path from classification to publication.
Each case study carries a provenance trail recording its origin and handling — when it was identified, which source it came from, which model produced the initial classification and with what confidence, and who reviewed and approved it. This trail is immutable: it cannot be altered after the fact.
If you believe a case study contains an error — incorrect attribution, misclassification, or a factual claim not supported by the source — you can submit a correction using the export API's corrections endpoint. Corrections are reviewed; where a dispute is upheld the case study is revised or removed.
This dataset is produced in partnership with the University of Bath as part of ongoing research into the detection and characterisation of real-world agentic AI misuse. The threat habitat taxonomy is the intellectual product of the Bath research team.
Dataset maintained by MissionOpsAI · University of Bath partnership
Published case studies are available for download in JSON or CSV format. Only approved, human-reviewed entries are included.
⬇ JSON ⬇ CSVThe export endpoint supports cursor-based pagination, constellation filtering, and date range filtering.
Rate limit: 60 requests per minute per IP. Responses include X-RateLimit-Remaining header.
Submit queries against the case study corpus programmatically. Responses include citations and are grounded in published data only.
To report an error in a published case study, POST to the corrections endpoint with the case study ID, correction type, and a description of the error.
Correction types: wrong_attribution · disputed_fact · wrong_constellation · other