Incident Response
Prepare AI-specific incident detection, containment, recovery, and communication.
Key takeaways
- AI incident response must combine security and product context to handle data leakage, unsafe outputs, prompt injection, tool misuse, and vendor issues.
- Follow a flow from detect, triage, contain, investigate, recover, communicate, to improving controls.
- Match first response to incident class: disable the path for data exposure, revoke tokens for tool misuse, isolate the source for injection, and switch fallback for vendor issues.
- The runbook needs AI-specific severity definitions, on-call contacts across security, product, legal, and communications, plus a kill switch or feature flag path.
- Preserve evidence and log retention, then close every incident with a postmortem and control improvement.
AI incidents can involve data leakage, unsafe outputs, prompt injection, tool misuse, model vendor issues, or failed automation. Response needs both security and product context.
Incident Flow
AI Incident Classes
| Class | Example | First response |
|---|---|---|
| Data exposure | Sensitive data appears in output or logs | Disable path and preserve evidence |
| Tool misuse | Agent takes unauthorized action | Revoke token and stop workflow |
| Injection | Untrusted content changes behavior | Isolate source and patch guardrail |
| Vendor issue | Provider outage or policy incident | Switch fallback and notify owners |
| Harmful output | Output creates customer or legal risk | Stop feature and start review |
Runbook Requirements
- Severity definitions for AI-specific events.
- On-call contacts for security, product, legal, and communications.
- Kill switch or feature flag path.
- Evidence preservation and log retention instructions.
- Postmortem and control improvement workflow.