Skip to content

v0.2.0 — Playbook 01: The Agent Is a Privileged Identity

Choose a tag to compare

View all tags
@jacobideji jacobideji released this 18 Jun 00:38
· 80 commits to main since this release
v0.2.0
4378ebc
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.

v0.2.0 — Playbook 01: The Agent Is a Privileged Identity

The first practitioner playbook ships in this release. Per the framework's release model, every playbook is its own MINOR release — v0.2.0 captures Playbook 01.

What's new

  • playbooks/01-agent-as-privileged-identity.md (14.7KB · 1,978 words) — The foundational orchestration playbook. Walks an Incident Commander through the framework's existing pieces in operational sequence for the privileged-identity-class scenario: prompt injection, context poisoning, or excessive agency.

  • README reading order #9 — Playbooks — New section linking to the playbook(s); more playbooks ship as v0.2+ MINOR releases.

Playbook 01 — sections shipped (CONTRIBUTING template compliant)

  • Premise — the privileged-identity mental shift, when to use this playbook, Mental Model clauses engaged
  • First-Hour Actions — Six Triage Questions in operational order with a what-it-scopes column
  • Containment Options — Kill-Switch Modes selected by confidence × impact matrix, plus the critical M4 sequence (snapshot → evidence → rotation)
  • Evidence Priorities — A, B, F load-bearing for this class; C, D, E conditional on attack vector; type A retention concern (24–72h TTL)
  • Recovery Sequence — MVO-4 with two scenario-specific gates: pre-incident AI-BOM scope validation, tool-tier-order re-enablement
  • Post-Incident Hardening — 6 disciplines (PAM, tier classification, AI-BOM update, tabletop, detection thresholds, comms)
  • Common Pitfalls — 10 highest-frequency failure modes specific to this scenario class
  • Related — 10 framework cross-references

Crosswalk coverage

Playbook 01 supports the following industry-standard subcategories — referenced citation chain:

  • NIST AI RMF 1.0: MANAGE 1.3, MANAGE 2.3, MANAGE 2.4, MANAGE 4.1
  • NIST CSF 2.0: RS.MA-01, RS.MA-04, RS.MI-01, RS.MI-02
  • OWASP Agentic Top 10 2026: ASI01 Agent Goal Hijack, ASI02 Tool Misuse & Exploitation, ASI03 Identity & Privilege Abuse, ASI05 Unexpected Code Execution

What this unlocks

A CISO downloading v0.2.0 gets — for the first time — a complete IR workflow for AI agents:

  • The Mental Model says what shift to make (agent = privileged identity)
  • The MVO controls say what to build (inventory, safe modes, evidence set, controlled re-enable)
  • The Six Triage Questions say what to ask first
  • The Kill-Switch Modes say how to contain
  • The Minimum Evidence Set says what to preserve
  • Playbook 01 says how to execute all of the above as a coherent sequence under pressure.

This is the first release where the framework moves from "comprehensive reference" to "execution-ready runbook."

What did NOT change

  • The four MVO controls
  • The Six Triage Questions
  • The Kill-Switch Modes M0–M5
  • The Minimum Evidence Set A–F
  • The four-level Maturity Model
  • All 3 crosswalks (NIST AI RMF + NIST CSF 2.0 + OWASP Agentic)
  • All templates (AI-BOM, Privilege Matrix)
  • All 4 OSS-convention files
  • All 5 .github/ issue + PR templates
  • Apache 2.0 + Trademark Notice in LICENSE
  • 100/100 Community Standards score

CITATION.cff

  • Top-level version: "0.2.0"
  • preferred-citation.version: "0.2.0"
  • date-released: "2026-06-18" (newsletter Issue #1 was published 2025; this is the framework-release date for the corresponding playbook)

Cite this release

Ideji, J. (2026). The AI IR Overlay Framework (v0.2.0). https://github.com/jacobideji/aiiroverlay

Next

v0.3.0+ — additional playbooks. Per the release model, each one ships as its own MINOR release. Load-bearing forward references that are now multi-file load-bearing (high-priority candidates):

  • playbook-04 Tool Design Is Containment (referenced in kill-switches + templates)
  • playbook-18 Post-Incident Hardening (referenced in kill-switches + CSF crosswalk)
  • playbook-24 Board-Ready Scorecard (referenced in framework/01 + maturity roadmap)

Source material: LinkedIn newsletter Issues #4, #18, #24 (already drafted; framework synthesis available).

Acknowledgments

The foundational mental shift this playbook documents — if it can act, govern it as a privileged identity — comes from Issue #1 of the AI IR Overlay LinkedIn newsletter. v0.2.0 makes that shift concrete in an operational runbook other practitioners can execute.

Assets 2
Loading