Skip to content

v0.4.0 — Playbook 18: Post-Incident Hardening (IR Arc Complete)

Choose a tag to compare

View all tags
@jacobideji jacobideji released this 19 Jun 15:04
· 76 commits to main since this release
v0.4.0
d7ff1cd
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.

v0.4.0 — Playbook 18: Post-Incident Hardening (IR Arc Complete)

Milestone release. With Playbook 18, the AI IR Overlay framework now ships the complete incident-response temporal arc — preparation, response, AND closure — as three sequenced, executable playbooks. The framework moves from "comprehensive reference + execution-ready runbook" to a closed-loop operational system.

What's new

  • playbooks/18-post-incident-hardening.md (18.7KB · 2,561 words · ~10 min read) — The closure playbook. Converts incident lessons into permanent guardrails within a five-business-day SLA. Operationalizes the Tiered Hardening Framework across four boundary categories (Tool · Retrieval · Evidence · Human) and introduces the B/E/R/V classification (Blast radius · Evidence · Recurrence · Validation) for the post-incident Fix List.

  • README reading order #9 — Playbooks — Now lists all THREE playbooks (PB01 + PB04 + PB18) with descriptive one-liners.

Playbook 18 — sections shipped (CONTRIBUTING template compliant)

  • Premise — Why prompt-only hardening fails; the 5-business-day SLA; Mental Model clause "if it can change, manage it as software"
  • First-Hour Actions — The 60-minute Fix List build (open → classify B/E/R/V → select 3-5 → assign owner + deadline + acceptance criteria)
  • Containment Options — The hardening dividend per Kill-Switch Mode (each mode becomes faster, more surgical, more reliable after hardening)
  • Evidence Priorities — How hardening shapes future evidence captures (target: 45-minute export, 25% faster than baseline) + retrieval-specific hardening (the gap that surprises most teams)
  • Recovery Sequence — Hardening as the M5 → M0 validation gate; the replay test as the acceptance criterion
  • Post-Incident Hardening — The Tiered Hardening Framework across four boundaries:
    • Tool Controls (Containment) — tiering, approvals, allowlists, caps, reversibility
    • Retrieval Controls (Provenance) — dominance alerting (>40% threshold), corpus isolation, KB-as-production
    • Evidence Controls (Provability) — structured logging, versioning, export procedure testing
    • Human Controls (Training) — micro drills (TTSM, TTE), templates, decision logging
    • What does NOT count as hardening — prompt-only changes, vendor tickets, untemplated tabletops
  • Common Pitfalls — 10 highest-frequency failure modes (quick-fix dependence · prompt-only changes · no SLA · owner-as-agent-owner · fix list >5 items · no measurable acceptance · no replay test · retrieval boundary skipped · evidence gaps unaddressed · no metric tracking)
  • Iterating the Hardening Practice — quarterly metric review for Maturity Level 4 (Resilient): on-time shipping rate · efficacy under subsequent incidents · zero-hardening incident count · TTSM and TTE trend
  • Related — 12 framework cross-references
  • The Question to Carry Forward"Would a recurrence of the triggering prompt be contained by the controls you shipped in the five business days after the incident?"

Crosswalk coverage

Playbook 18 supports the following industry-standard subcategories — referenced citation chain:

  • NIST AI RMF 1.0: MANAGE 4.2 (continual improvements), MANAGE 4.3 (incidents/errors communicated; processes followed and documented)
  • NIST CSF 2.0: ID.IM-01 (improvements from evaluations), ID.IM-02 (improvements from tests and exercises), RC.RP-04 (post-incident operational norms), RC.CO-03 (recovery communication), GV.OV-01 (strategy outcomes reviewed)
  • OWASP Agentic Top 10 2026: ASI02 Tool Misuse & Exploitation (addressed via tool hardening), ASI06 Memory & Context Poisoning (addressed via retrieval hardening), ASI08 Cascading Failures (addressed via the improvement loop)

The IR Temporal Arc is now COMPLETE

            ┌──────────────────────────────┐
            │  PB 04 (Proactive)            │  Design tools BEFORE  →  v0.3.0
            │  Tool Design Is Containment   │
            └──────────────▲────────────────┘
                           │ informs
            ┌──────────────────────────────┐
            │  PB 01 (Reactive)             │  Respond DURING  →  v0.2.0
            │  Agent Is Privileged Identity │
            └──────────────▲────────────────┘
                           │ produces lessons for
            ┌──────────────────────────────┐
            │  PB 18 (Post-Incident)        │  Harden AFTER  →  v0.4.0
            │  Post-Incident Hardening      │
            └──────────────────────────────┘
                           │ feeds back into
                          ▼
                      [Next PB 04 cycle]

A reader downloading v0.4.0.zip gets — for the first time — the complete closed-loop incident-response system for AI agents. Each playbook references the others; the arc reinforces itself.

What did NOT change

  • The four MVO controls
  • The Six Triage Questions
  • The Kill-Switch Modes M0–M5
  • The Minimum Evidence Set A–F
  • The four-level Maturity Model
  • All 3 crosswalks (NIST AI RMF + NIST CSF 2.0 + OWASP Agentic)
  • All templates (AI-BOM, Privilege Matrix)
  • All 4 OSS-convention files
  • All 5 .github/ templates
  • Apache 2.0 + Trademark Notice in LICENSE
  • Playbook 01 (byte-identical to v0.2.0)
  • Playbook 04 (byte-identical to v0.3.0)
  • Branch protection on main (enforced from v0.2.0 onward)
  • 100/100 GitHub Community Standards

CITATION.cff

  • Top-level version: "0.4.0"
  • preferred-citation.version: "0.4.0"
  • date-released: "2026-06-19"

Cite this release

Ideji, J. (2026). The AI IR Overlay Framework (v0.4.0). https://github.com/jacobideji/aiiroverlay

Forward references — playbook roadmap

Remaining load-bearing forward references:

  • playbook-24 Board-Ready Scorecard — v0.5.0 candidate (referenced from framework/01-minimum-viable-overlay.md + framework/03-maturity-roadmap.md). Translates the framework's operational state into board-level posture reporting.

Single-reference forward refs (lower priority but available): playbook-03 (RAG Forensics), playbook-12 (Insider Threat 3.0), playbook-13 (Six Metrics), playbook-14 (Testing for Agent Failure Modes), playbook-15 (Records and Retention), playbook-20 (Operating Cadence), playbook-23 (Multi-Stakeholder Logging).

Acknowledgments

The "transforming lessons learned into guardrails" thesis — that post-incident hardening is the difference between incidents that recur and incidents that strengthen the system — comes from Issue #18 of the AI IR Overlay LinkedIn newsletter. v0.4.0 makes that thesis enforceable through the five-business-day SLA, the Tiered Hardening Framework, and the recurrence-containment acceptance test.

The framework now has the complete temporal coverage to claim:

Any AI incident can be prepared for (PB04), responded to (PB01), and closed defensively (PB18) — using framework artifacts that exist in the repository, with industry-standard citations and measurable acceptance criteria at every stage.

Assets 2
Loading