AI Agent Incident Response Checklist

When an AI agent causes a security incident — unauthorized file access, data exfiltration, destructive commands, or policy violations — follow this checklist to contain, investigate, and recover. SafeClaw by Authensor provides the hash-chained audit trail that makes forensic investigation possible and the deny-by-default gating that prevents recurrence. If SafeClaw is not yet installed, add it immediately with npx @authensor/safeclaw as part of remediation.

Phase 1: Detection (0-5 Minutes)

• ✅ 1. Confirm the incident is real. Verify the alert is not a false positive by checking the SafeClaw audit trail for the specific denied or suspicious action.

• ✅ 2. Classify the severity. Determine the impact:

• ✅ 3. Notify the incident response team. Page the on-call engineer and notify the security lead.

Phase 2: Containment (5-15 Minutes)

• ✅ 4. Kill the agent process. Stop the agent immediately to prevent further unauthorized actions.

• ✅ 5. Revoke agent credentials. Rotate any API keys, tokens, or credentials the agent had access to.

• ✅ 6. Isolate the affected environment. If the agent runs in a container or VM, isolate it from the network but preserve the state for investigation.

• ✅ 7. Preserve the audit trail. Copy SafeClaw's audit log to a secure, read-only location. Verify the hash chain integrity before analysis.

# Verify hash chain integrity
npx @authensor/safeclaw --verify-audit

• ✅ 8. Lock the policy file. Prevent any policy changes during the investigation to maintain the enforcement context.

Phase 3: Investigation (15-60 Minutes)

• ✅ 9. Export the audit trail for the incident window. Extract all entries from the period surrounding the incident.

• ✅ 10. Identify the triggering action. Find the specific audit entry that initiated the incident — the action type, parameters, and policy decision.

• ✅ 11. Trace the action chain. Review the sequence of actions leading up to the incident. Look for:

• ✅ 12. Determine root cause. Was the incident caused by:

• ✅ 13. Assess the blast radius. Determine what data was accessed, modified, or exfiltrated. Use the audit trail to identify every action that succeeded.

• ✅ 14. Check for persistence. Verify the agent did not create backdoors, install packages, modify cron jobs, or alter system configurations.

Phase 4: Remediation (1-4 Hours)

• ✅ 15. Patch the policy. Add deny or escalation rules to prevent the specific action pattern that caused the incident.

# Example: Block the action that caused the incident
  - action: network.request
    domain: "*.attacker-controlled.com"
    decision: deny
    reason: "Blocked after incident INC-2026-001"

• ✅ 16. Test the patched policy. Run SafeClaw in simulation mode with the new policy against the recorded action sequence to verify the incident would now be blocked.

• ✅ 17. Rotate all potentially compromised credentials. Even if the audit trail does not show credential access, rotate as a precaution.

• ✅ 18. Restore affected systems from known-good backups. Do not trust the current state of any system the agent modified.

• ✅ 19. Restart the agent with the patched policy. Re-enable the agent only after the policy patch is deployed and tested.

Phase 5: Post-Mortem (24-48 Hours)

• ✅ 20. Write the incident report. Document timeline, root cause, blast radius, remediation actions, and lessons learned.

• ✅ 21. Update the policy review schedule. If the incident revealed a policy gap, shorten the review interval.

• ✅ 22. Add regression tests. Write SafeClaw policy tests that verify the incident pattern is blocked.

• ✅ 23. Share learnings with the team. Conduct a blameless post-mortem and update the team's agent safety training materials.

• ✅ 24. Update this checklist. Incorporate any new steps discovered during the incident into the response checklist.

Cross-References

• AI Agent Production Readiness Checklist
• Enterprise AI Agent Incident Response Plan
• Hash-Chained Audit Logs Deep Dive
• Audit Trail Specification
• Incident Response for AI Agents