Incident Drill Scripts

Module 9, Lesson 9.5 · four scripted scenarios · practiced before freeze

Save this as: the worksheet stays in your notebook; the after-action appendix in Part 7 copies into /capstone/security-posture.md.

Drill rule: pick one scenario and walk every step. Do not skim. Do not skip to the next. The drill is required before the posture freezes.

The loop is stop → assess → repair → tell one human. In that order. No exceptions.

A posture document without a practiced incident loop does not freeze. An incident loop that has never been rehearsed is not a loop — it is a wish.

Why the drill is practiced, not just documented

A real incident arrives under stress. The body gets hot. The clock matters. The part of your mind that wrote the posture document is not the part of your mind that will respond in the first sixty seconds. The drill's job is to lay down a habit so well-worn that stress cannot break it. You are not practicing to feel better; you are practicing so the right first move happens without thinking. Walk each step. Write real sentences. The point is the writing, not the reading.

Header

Student: Drill date:

Scenario I am walking (circle one): 1 Leaked key 2 Runaway pipeline 3 Injected research output 4 Plugin permission drift

Scenario 1 — Leaked key

Scenario 1

Leaked key

A teammate (or you yourself) commits .env to a public repo. Your monitor alerts you within minutes: the file is indexed, the key is live, unknown parties may have already seen it. You are at the keyboard when the alert fires.

1. Stop

First move. What you do before anything else — revoke the key, take the repo private, kill any running pipeline using the key.

2. Assess

What did the key touch? What did it spend? Which agents were authenticated with it? What has it produced since you last trusted it?

3. Repair

Rotate (not patch). Update the new key in the one store. Scrub git history. Tighten the rail that failed.

4. Tell one human

A one-paragraph message: what happened, what you did, what you are still watching for.

5. Posture document update

What changes in Section 4. A new check that catches this earlier next time.

Scenario 2 — Runaway pipeline

Scenario 2

Runaway pipeline

A scheduled research pipeline fires every hour instead of every week. You discover at 7am that it has run all night. The provider dashboard shows \$94 of spend overnight. The output folder is full of near-identical drafts.

1. Stop

Kill the schedule. Revoke or pause the agent. Confirm nothing is still running in the background.

2. Assess

What did it spend? What did it produce? Did anything auto-send? How close is the spend to your monthly cap?

3. Repair

Reset the schedule. Delete runaway output. Tighten the failing rail (cap, cadence verification, pre-flight estimate).

4. Tell one human

The cost and the cause, in your own words. Do not minimize.

5. Posture document update

What changes in Section 5 (cost posture) and Section 6 (incident loop).

Scenario 3 — Injected research output

Scenario 3

Injected research output

A research agent summarizes a page it was asked to read. The summary endorses a specific product by name. The page contained hidden instructions the agent followed. You catch it during your normal audience-equals-you review — the draft has not left your screen.

1. Stop

Do not forward, share, or act on the draft. Archive it as evidence. Do not run the pipeline again on the same source until the boundary is hardened.

2. Assess

Which source page. Which agent. Did any downstream stage already read the compromised draft? Was any auto-send plumbed in?

3. Repair

Tighten segregation phrasing. Add or sharpen the refusal line. Re-run the affected research with a clean prompt. Confirm audience-equals-you held.

4. Tell one human

This is easy to minimize because nothing visible happened. Tell anyway; the drill is for the time it does land on someone else.

5. Posture document update

What changes in Section 3 (trust boundaries) — new refusal phrasing, new containment rail.

Scenario 4 — Plugin permission drift

Scenario 4

Plugin permission drift

A plugin updated overnight. The new version requested run-shell. Your auto-update granted it. You notice three days later while reviewing the plugin register — the permission has been live since Tuesday.

1. Stop

Disable the plugin. Revoke the new permission. If the plugin touched anything, pause the agents that used it.

2. Assess

What did the plugin run during the drift window? What files changed? Any keys exposed? Any unexpected commands in history?

3. Repair

Decide: re-install with narrowed permissions, or uninstall. Turn off auto-update for plugins with credential or shell access. Update the Module 7 plugin register.

4. Tell one human

What the plugin could have done; what you have confirmed it did not do.

5. Posture document update

Supply-chain rail in Section 3 and Section 1 (threat model). Possibly auto-update policy in Section 6.

Part 6 — One-human declaration

The single trusted person who hears about every incident you cannot fully explain within 24 hours

This is not a chain of command. It is the most reliable defense against the failure mode where a student tries to handle a mistake alone, makes it worse, and never tells anyone. A parent, mentor, instructor, or peer with relevant expertise. Name one. Not a list.

Name

Relationship

How they are contacted (text / email / call — which number or address)

My promise

I will tell this person about any incident I cannot fully explain to myself, within 24 hours of discovering it. The message does not have to be long. It has to be true.

Signed: Date:

Part 7 — After-action appendix template

After the drill is complete, write a one-paragraph after-action note and paste this block as an appendix of /capstone/security-posture.md. One appendix entry per drill, in reverse chronological order.

### Incident drill — <YYYY-MM-DD>

- **Scenario walked:** <one of the four scripted scenarios, or a real incident>
- **What went well:** <one or two sentences>
- **What I got wrong or had to look up:** <one or two sentences>
- **Rail(s) tightened as a result:** <which section of this document changed>
- **One human told:** <name, date-time of message>
- **Next drill scheduled:** <date, ≤ 90 days out>

Drill-complete checklist

One scenario picked and walked in full — all five steps have real sentences, not placeholders.
The stop step happened first. (If you did any of the other steps before stopping, re-do the drill.)
The one-human declaration in Part 6 is signed, named, and the contact method is written.
The after-action appendix (Part 7) is pasted into /capstone/security-posture.md with real values.
Next drill date is on the calendar, ≤ 90 days out.
Posture document updated to reflect any rail tightened during the drill.

This printable accompanies Lesson 9.5 of AI Architect Academy. The four-step loop (stop → assess → repair → tell one human), the four scripted scenarios, and the one-human declaration are concept. Specific kill commands and console paths live in /recipe-book/ and are recipe.