Security and Privacy for Local AI

15. Incident Response

Chapter 15 of 16 · 20 min

Incident response defines what happens when security fails. For local AI systems, relevant incidents include: unauthorized access, data exfiltration, prompt injection success, model compromise, and service disruption.

Incident response phases:

Preparation: Define procedures before incidents occur. Assign roles, document contacts, and create runbooks.

Detection: Identify that an incident is happening. Monitoring, alerts, and user reports trigger response.

Containment: Limit damage. Isolate affected systems, revoke compromised credentials, block attack vectors.

Eradication: Remove attacker presence. Clean compromised systems, patch vulnerabilities, verify integrity.

Recovery: Restore normal operations. Rebuild systems from known-good states, restore data from backups.

Post-incident: Document what happened, improve defenses, update procedures.

AI-specific incident playbooks:

# Playbook for suspected prompt injection compromise
INCIDENT_PLAYBOOKS = {
    "prompt_injection_suspected": {
        "severity": "medium",
        "steps": [
            "1. Isolate affected endpoint from network",
            "2. Capture full conversation context to separate logs",
            "3. Identify injection vector (user input, retrieved document, etc.)",
            "4. Determine if model behavior was altered",
            "5. Reset session context and clear conversation history",
            "6. Document injection pattern for detection rule update",
            "7. Notify relevant stakeholders if data exposure occurred"
        ]
    },
    
    "unauthorized_api_access": {
        "severity": "high",
        "steps": [
            "1. Confirm unauthorized access via audit logs",
            "2. Identify compromised credentials",
            "3. Revoke all active sessions for affected user/service",
            "4. Rotate API keys if credentials were exposed",
            "5. Review data accessed during unauthorized period",
            "6. Assess if data was exfiltrated or modified",
            "7. Report to security team per breach notification timeline"
        ]
    },
    
    "model_compromise_suspected": {
        "severity": "critical",
        "steps": [
            "1. Take affected model offline immediately",
            "2. Verify model hash against known-good reference",
            "3. If hash mismatch: do not re-load model",
            "4. Rebuild model from original source with verified hash",
            "5. Review system logs for indicators of compromise timeline",
            "6. Assess if backdoored model was used in production",
            "7. Document compromise vector and notify compliance team"
        ]
    }
}

Communication templates:

## Incident Notification Template

Subject: [INC-{ticket_id}] Security Incident: {brief_description}

Incident ID: INC-{ticket_id}
Severity: {low/medium/high/critical}
Status: {investigating/containing/resolved}
Affected Systems: {list}
Detected: {timestamp}
Reported By: {name}

Summary:
{one paragraph describing what happened}

Impact:
{who/what was affected}

Actions Taken:
{steps already completed}

Next Steps:
{what happens next and when}

Contact: {incident commander contact}
EXERCISE

Draft incident response playbooks for three scenarios relevant to your deployment: unauthorized access, data exfiltration, and service disruption. Schedule a tabletop exercise with your team to walk through one scenario.