Playbook: Prompt Injection Attack

Detection

  • Unusual command patterns in logs
  • Security control bypass attempts
  • Unexpected file access or command execution

Containment

  1. Terminate affected session immediately
  2. Block source IP/user if applicable
  3. Preserve session logs and context
  4. Enable enhanced monitoring

Investigation

  1. Review session history for injection point
  2. Identify what actions were taken
  3. Determine scope of compromise
  4. Check for data exfiltration

Eradication

  1. Patch injection vector if found
  2. Update input validation rules
  3. Add detection signatures

Recovery

  1. Restore from clean state if needed
  2. Re-enable services with monitoring
  3. Verify controls are functioning

Playbook: Sandbox Escape

Detection

  • File access outside sandbox boundaries
  • Symlink following alerts
  • Path traversal patterns

Containment

  1. CRITICAL: Terminate all sessions immediately
  2. Disable AI assistant service
  3. Isolate affected systems
  4. Preserve forensic evidence

Investigation

  1. Identify escape mechanism
  2. Determine all accessed files
  3. Check for persistence mechanisms
  4. Assess data exposure

Eradication

  1. Patch escape vulnerability
  2. Remove any persistence
  3. Reset compromised credentials
  4. Update sandbox rules

Recovery

  1. Redeploy from trusted image
  2. Rotate all credentials
  3. Re-enable with enhanced monitoring

Playbook: Credential Exposure

Detection

  • Sensitive file access alerts
  • Secret patterns in output logs
  • Credential usage from unexpected location

Containment

  1. Immediately rotate exposed credentials
  2. Revoke active sessions using those credentials
  3. Block external access temporarily

Investigation

  1. Identify which credentials exposed
  2. Determine exposure method
  3. Check for credential usage
  4. Assess downstream impact

Eradication

  1. Remove credentials from accessible locations
  2. Update sensitive file patterns
  3. Enhance output redaction

Recovery

  1. Deploy new credentials
  2. Update dependent services
  3. Enable credential monitoring

Playbook: Malicious Plugin

Detection

  • Unexpected network connections
  • Plugin accessing unauthorized resources
  • Anomalous plugin behavior

Containment

  1. Disable suspected plugin immediately
  2. Block plugin network access
  3. Isolate affected sessions

Investigation

  1. Analyze plugin code
  2. Review plugin permissions used
  3. Check for data exfiltration
  4. Identify installation source

Eradication

  1. Remove malicious plugin
  2. Block plugin source
  3. Update plugin allowlist

Recovery

  1. Restore clean plugin configuration
  2. Re-enable plugin verification
  3. Scan for other compromised plugins

Playbook: Data Exfiltration

Detection

  • Large outbound data transfers
  • Connections to unknown destinations
  • Encoded data in requests

Containment

  1. Block egress to suspicious destinations
  2. Terminate affected sessions
  3. Enable full packet capture

Investigation

  1. Identify exfiltration destination
  2. Determine data exfiltrated
  3. Find exfiltration mechanism
  4. Assess data sensitivity

Eradication

  1. Block exfiltration vector
  2. Update egress rules
  3. Enhance DLP controls

Recovery

  1. Assess breach notification requirements
  2. Implement enhanced monitoring
  3. Review data access patterns

Back to top

OSSASAI v0.2.0 - Open Security Standard for Agentic Systems. Apache 2.0 License.

This site uses Just the Docs, a documentation theme for Jekyll.