When a traditional system fails, you find a stack trace. When an agent does something wrong, you may not find out until the downstream harm has already happened.
Standard incident response was designed for deterministic failure modes.
Agents fail differently. Before you can build a response playbook, you
need to understand what you are responding to.
Scope violation — the agent accessed data or took an action outside
its defined boundaries. The cause may be a prompt injection attack, a
bug in tool routing, or access controls that were never properly
configured. Whatever the cause, the result is an agent doing something
it was never authorized to do.