NOTES FROM A SECURITY PRACTITIONER

Incident response
& AI security,
from the field.

Technical notes, response playbooks, and the things I wish were written down before the incident started.

IndependentEvidence-ledBuilt for defenders
WORKING NOTES / 2026-07LAST UPDATED 17 JUL
CURRENT FOCUS

Agent incident
response

Where traditional containment breaks when software can reason, delegate, and act.

01IdentityWho actually acted?
02MemoryWhat context persisted?
03ToolsWhat changed downstream?
04InstructionsWhich input won?
review assumption:
conversation ≠ evidence
NOTE / 005STATUS / PUBLISHEDREAD / 8 MIN

I keep this site for one reason: useful notes should not stay in private notebooks.

Everything here is written for people who detect, investigate, and contain real attacks. The material is opinionated, openly shared, and revised when experience proves it wrong.

Start with the problem,
leave with a method.

Each collection connects principles to observable signals, concrete decisions, and reusable artifacts.

01

Detect

Telemetry architecture, triage logic, hypothesis-driven hunts, and detection-as-code patterns.

SIEMEDRAI telemetry
02

Respond

Roles, evidence standards, containment tradeoffs, recovery gates, and communications.

NIST 800-61Forensics
03

Defend AI

Threat models for agents, RAG, models, data pipelines, tool use, and human approval paths.

OWASP LLMMITRE ATLAS

When the signal is real,
reduce uncertainty.

Prescriptive starting points with explicit assumptions. Adapt them to your environment, then validate them in tabletop exercises.

STANDALONE OPERATIONAL RESOURCE

Incident Detection &
Response Framework

A structured practitioner guide to preparation, detection, triage, containment, eradication, recovery, and lessons learned.

Explore the framework
IR-01

Ransomware

Decision points from first signal through recovery, with evidence-preservation gates.

FIRST ACTION15 min
SEVERITYCritical
AI-02

Prompt injection

Contain an agent or RAG workflow when untrusted content changes system behavior.

FIRST ACTION20 min
SEVERITYHigh
AI-04

Model data exposure

Scope sensitive output, trace retrieval paths, revoke access, and preserve telemetry.

FIRST ACTION30 min
SEVERITYHigh
IR-07

Identity compromise

Revoke sessions, validate persistence, and hunt downstream cloud activity.

FIRST ACTION15 min
SEVERITYCritical
THREAT MODEL / 005
AGENT

LATEST · AI SECURITY · 8 MIN READ

Incident response for autonomous AI agents

Traditional containment assumes a system boundary. Agents blur it. A practical framework for scoping identity, memory, tools, and delegated actions when an AI workflow goes wrong.

Read field note
Articles live as simple content files—easy to draft, review, schedule, and share.
Browse all articles ↗