What does an AI agent incident response plan look like?

Answer

An agent-specific IRP extends your existing incident response with:

1. Detection — automated monitoring triggers (drift alerts, bias flags, anomaly detection, content safety blocks).
2. Containment — immediate kill switch activation, scope assessment.
3. Investigation — audit trail reconstruction of what the agent did and why.
4. Remediation — rule updates, model rollback, access restriction, affected-party notification.
5. Recovery — staged re-enablement with enhanced monitoring.
6. Post-mortem — root cause analysis, governance gap identification, control updates. The key difference: agent incidents happen at machine speed, so detection and containment must be automated.