Respond to an Agent Gone Wrong With the Record
When an AI agent does something it should not have, the first question is what exactly it did. Respond with a tamper-evident decision history, contain the actor, and feed the confirmed outcome back so it cannot recur.
Why this is hard
AI incidents are hard to investigate because agents act fast, non-deterministically, and often across systems. Without a complete, tamper-evident record of what the agent decided and did, incident response is guesswork. And unlike a one-off breach, an agent incident tends to recur unless the confirmed outcome changes how the agent is trusted going forward.
- Agents act fast and across systems, so the trail is easily lost
- Without a tamper-evident record, reconstruction is guesswork
- Containing an agent in place preserves the signal a hard block destroys
- The incident recurs unless the outcome changes future trust
The approach, step by step
From incident to closed loop
- 1
Reconstruct from the ledger
Pull the tamper-evident decision history for the actor to establish exactly what it attempted and what was allowed.
- 2
Contain the actor
Move the agent to the contained band so its behavior can be observed in place while you decide, rather than hard-blocking and losing the signal.
- 3
Assemble the evidence packet
Open the case as an evidence packet - the hashed events, the decisions, and the timeline - so the investigation has one verifiable source.
- 4
Confirm the outcome
Record the confirmed real-world result - this really was harmful, or it was a false positive - through the outcome path.
- 5
Feed it back
Let the compounding loop apply the confirmed outcome so the next decision for that actor and pattern escalates, preventing recurrence.
How SentriAI does the work
SentriAI turns incident response into a closed loop: the tamper-evident ledger reconstructs what the agent did, the contained band holds a suspicious actor while you observe it, the evidence room assembles the packet, and confirming the outcome feeds the compounding loop so the same pattern escalates next time. Response makes future decisions safer.
What you get out of the box
- A tamper-evident decision history to reconstruct the incident
- Containment that preserves the signal a hard block destroys
- An evidence packet per case for the investigation
- A confirmed outcome fed back so the pattern cannot recur
Avoid the common pitfall
Frequently asked questions
How do I respond to an AI security incident?
Reconstruct what the agent did from the tamper-evident ledger, contain the actor in place to preserve the signal, assemble the evidence packet for the investigation, confirm the real-world outcome, and feed it into the compounding loop so the same pattern escalates next time.
Why contain an agent instead of hard-blocking it?
A hard block stops the action but destroys the signal about intent. Containing the agent in the contained band lets you observe what it tries next in a bounded space, which is often the fastest way to distinguish a false positive from a real attack.
How do I reconstruct what an agent did?
From the tamper-evident ledger, which records every governed action - allowed or blocked - with the actor, target, decision, and policy version, and from the evidence packet the evidence room assembles per case.
How do I stop the incident from recurring?
Confirm the outcome through the outcome path so the compounding loop applies it. The next decision for that actor, counterparty, and pattern then escalates automatically, so the same pattern does not get through again.
Stay in the loop
One practical finance briefing a week - new guides, checklists, and benchmarks.
Close the loop on agent incidents
Reconstruct, contain, and feed back every incident. Start free, no card required.
Talk to us