SAIL

/

Monitor: AI Activity Tracing & Telemetry

/

Absence of AI-Specific Incident Response Plan

7.6

.

Absence of AI-Specific Incident Response Plan

sail
7.6
Risk

Absence of AI-Specific Incident Response Plan

Description

The organization lacks a documented, role-based, and regularly tested IR playbook for AI incidents, delaying containment and recovery efforts

Example

A prompt-leak alert fires in production; without an AI IR playbook the SOC can’t identify owners and legal review stalls

Assets Affected

AI Policy

AI platform

App Usage log

Model files

Model Response

Mitigation
  • Establish and maintain an AI-specific IR plan aligned with enterprise IR
  • Define AI incident severity levels, owners, and escalation paths
  • Integrate AI attack scenarios into tabletop exercises
  • Automate evidence capture at alert time; ensure tamper-evident storage
  • Review and update the plan after each AI incident or major change
Standards Mapping
  • ISO 42001: A.6.1.3, A.5.3
  • NIST AI RMF: MANAGE 4.1, GOVERN 4.3
  • DAST v2: PLATFORM 12.3