Skip to content

Suggestion: Automated playbook template for AI agent anomaly response #14565

Description

@TatarinBlack

As organizations deploy AI agents across Defender/Entra/Purview workflows, there's currently no community playbook template for automated incident response specific to agent misbehavior (e.g., an agent making excessive API calls, accessing out-of-scope resources, or exhibiting prompt injection symptoms). A starter Logic Apps playbook that isolates an agent's identity/service principal upon detecting anomalous BehaviorInfo patterns would help SOC teams respond faster to AI-specific incidents, similar to existing playbooks for compromised user accounts.

Metadata

Metadata

Labels

PlaybookPlaybook specialty review neededenhancementNew feature or requestfeature requestquestionFurther information is requested

Type

No type

Fields

No fields configured for issues without a type.

Projects

No projects

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions