Incident Response for LLM Agents

title: Incident Response for LLM Agents

description: Runbooks for misfires—containment, rollback, evidence capture, and post-incident improvements.

date: 2026-01-24

tags: [security, reliability, operations, governance]

What counts as an “agent incident”?

• Unauthorized tool call
• Data exfiltration attempt
• Incorrect action taken in an external system
• Budget runaway (cost spike)

The 4-phase runbook

1) Detect

• anomaly alerts: cost / tool error spikes / policy denies
• user reported issue (support channel)

2) Contain

• disable workflow or tool at policy layer
• rotate tenant-scoped keys if needed
• quarantine run logs and evidence

3) Eradicate

• patch policy rules, tool schema, or prompt template
• add regression tests for the failing case
• verify with eval harness

4) Recover

• re-enable under tighter budgets
• add monitoring and alerts
• communicate to stakeholders

Evidence capture (non-negotiable)

• run envelope (policy hash, route decision)
• tool call ledger
• output diff vs expected
• human approvals (if any)