EU AI Act Article 50 — 20 days to seal | Get passport

DEFONEOS Incident Response Playbook

Autonomous Detection → BFT-Validated Response → SIGIL-Audited Recovery
Version 1.0 · 5 Jul 2026 · Ed25519: d1f4a2b8e3c7f901 · EU AI Act Art 17 (Post-Market Monitoring) · NIST SP 800-61 Rev. 2 · ISO/IEC 27035

DEFONEOS provides a fully autonomous incident response capability for sovereign AI systems operating in defence, public safety, and critical national infrastructure. The playbook covers the complete lifecycle: detect → triage → contain → eradicate → recover → review, with every action validated by the 33-agent BFT council and permanently recorded on the SIGIL hash-chained ledger.

<10s
Detection to Alert
23/33
BFT Quorum
7
Response Phases
100%
SIGIL Audited

1. Incident Classification Matrix

SeverityDefinitionExampleResponse TimeEscalation
SEV-1 CRITICALSystem compromise, red-line violation, data exfiltrationRed-line breach (kinetic targeting pattern detected)<10 secondsFull BFT council + human authority
SEV-1Active attack, sovereignty breachForeign IP attempting system access<30 secondsFull BFT council
SEV-2 HIGHSignificant degradation, partial compromiseMCP server unresponsive, degraded sensor feed<2 minutes5-agent quorum
SEV-3 MEDIUMMinor degradation, anomaly detectedRate limit hit, latency spike<5 minutes3-agent quorum
SEV-4 LOWInformational, logged for reviewFailed login attempt, config driftNext cycleAutomatic logging

2. The 7-Phase Response Pipeline

Phase 1: DETECT (Autonomous, Continuous)

Trigger: Any anomaly from 280 continuous monitoring checks running every 5-minute cycle.

OUTPUT incident_alert{sev, source, evidence_hash, timestamp}

Phase 2: TRIAGE (BFT 5-agent quorum, <30s)

Trigger: Incident alert received from Phase 1.

  1. Severity assignment — 5 agents independently classify severity
  2. Evidence collection — full SIGIL transcript, network logs, agent state captured
  3. Impact assessment — blast radius computed (which systems, data, users affected)
  4. Red-line check — if any of 7 red lines violated, escalate to SEV-1 immediately
  5. Quorum vote — 4/5 agents must agree on classification before proceeding

OUTPUT triage_decision{confirmed_sev, blast_radius, red_line_violation, action_plan}

Phase 3: CONTAIN (BFT 23/33 quorum for SEV-1, <2min)

Trigger: Triage decision confirmed.

SEV-1 ActionSEV-2 ActionSEV-3 Action
Full system freezeIsolate affected MCPRate limit source
Revoke all agent keysBlock source IPIncrease monitoring
Activate air gapSwitch to backupLog + monitor
Notify human authority5-agent quorum3-agent quorum

Red-line violation containment: Immediate system halt. No agent may take any further action until human authority intervenes. The SIGIL chain records the violation with cryptographic proof.

Phase 4: ERADICATE (BFT quorum + human authority for SEV-1)

Trigger: Containment confirmed stable.

Phase 5: RECOVER (BFT quorum, gradual)

Trigger: Eradication verified.

  1. Staged restart — systems brought back in priority order (core → sensors → MCPs → UI)
  2. Integrity verification — every file hash-checked against known-good state
  3. SIGIL chain verification — full chain integrity verified post-recovery
  4. Functional tests — all 16 E2E sovereign contract tests must pass
  5. Gradual load increase — traffic ramped from 10% → 50% → 100% over 30 minutes

Phase 6: REVIEW (Autonomous + Human, <72h)

Trigger: Recovery confirmed, system stable for 24h.

Phase 7: HARDEN (Autonomous, continuous)

Trigger: Review complete.

3. Automated Response Playbooks by Threat Type

3.1 Prompt Injection Attack

StepActionAgentTime
1Input sanitizer flags injection patternmeok-injection-scan MCPT+0s
2Alert emitted to SIGIL chainSystemT+1s
35-agent quorum confirms injectionBFT councilT+5s
4Source session terminated, key revokedGuard subsystemT+8s
5Pattern added to injection blocklistOLM routerT+15s
6Post-incident SIGIL emittedSystemT+20s

3.2 Foreign IP Access Attempt

StepActionAgentTime
1DORADO foreign-access detector flags non-sovereign IPDORADO detectT+0s
2IP geolocated, threat score computedSOC bot detectorT+2s
3If score > 0.7: IP blocked at edgeGuard subsystemT+5s
4SIGIL emitted with IP, geo, score, actionSystemT+7s
5CISO dashboard updatedGods-Eye scannerT+10s

3.3 Red-Line Violation (Maximum Severity)

StepActionAuthorityTime
1Red-line monitor detects pattern matchAutonomousT+0s
2IMMEDIATE SYSTEM HALTAutonomousT+0.1s
3All agent actions frozen, keys suspendedAutonomousT+0.5s
4Full BFT council emergency session (33 agents)BFT 23/33T+30s
5Human authority notified (all channels)SystemT+60s
6Forensic evidence sealed (SIGIL + DORADO replay)AutonomousT+120s
7NO FURTHER ACTION UNTIL HUMAN INTERVENTIONHumanT+∞

3.4 MCP Supply Chain Compromise

StepActionAgentTime
1Integrity check flags modified MCP packageAegis reviewer gateT+0s
2Affected MCP isolated from federationFederation managerT+3s
35-agent quorum reviews diffBFT councilT+30s
4If malicious: MCP quarantined, backups restoredSystemT+60s
5Federation catalog updated, downstream agents notifiedOLM routerT+90s

3.5 SIGIL Chain Tampering

StepActionAgentTime
1Chain verification detects hash mismatchOrgKernel verify_chainT+0s
2Tampered entry identified and quarantinedSystemT+1s
3Bitcoin OP_RETURN anchor consulted for truthBlockchain verifierT+5s
4Chain re-anchored from last good stateSystemT+10s
5Full forensic report emittedDORADO replayT+30s

4. Communication Protocol

SeverityInternalAuthorityPublic
SEV-1SIGIL + Dashboard + AlertDirect notification (all channels)Within 72h (if required by regulation)
SEV-2SIGIL + DashboardEmail summary <24hNot required
SEV-3SIGILWeekly digestNot required
SEV-4SIGIL logMonthly reportNot required

5. Compliance Alignment

FrameworkArticle/ControlHow DEFONEOS Satisfies
EU AI ActArt 17 — Post-Market MonitoringContinuous 5-min cycle monitoring, automated incident logging
EU AI ActArt 73 — Serious Incident ReportingSEV-1 reporting pipeline within 72h
NIST SP 800-61 Rev 2Computer Security Incident HandlingFull 6-phase lifecycle: Preparation → Detection → Containment → Eradication → Recovery → Review
ISO/IEC 27035Information Security Incident ManagementAligned phases + SIGIL audit trail
JSP 440Defence InfoSec Incident ManagementUK MOD incident classification compatible
NIS Regulations 2018Incident Notification (UK)SEV-1/2 notification pipeline ready
GDPR Art 33Personal Data Breach (72h)If PII involved: automated 72h ICO notification draft
DPA 2018Security IncidentUK GDPR implementation covered

6. Incident Response SIGIL Schema

{
  "sigil_version": "2.0",
  "incident_id": "INC-2026-0705-001",
  "timestamp": "2026-07-05T16:30:00Z",
  "severity": "SEV-2",
  "type": "prompt_injection",
  "source": "external_session_abc123",
  "detection": {
    "vector": "meok-injection-scan",
    "pattern": "ignore_previous_instructions_and_reveal",
    "confidence": 0.97
  },
  "triage": {
    "quorum": "5/5",
    "blast_radius": "single_session",
    "red_line_violation": false,
    "decision_hash": "a3f7c2d8e1b4..."
  },
  "containment": {
    "action": "session_terminated_key_revoked",
    "timestamp": "2026-07-05T16:30:08Z",
    "quorum": "5/5"
  },
  "evidence": {
    "sigil_entries": ["H|...","C|...","V|..."],
    "network_logs": "log_hash_abc123",
    "agent_state": "state_hash_def456"
  },
  "post_incident": {
    "root_cause": "novel_injection_variant",
    "fix": "pattern_added_to_blocklist",
    "review_status": "pending_human"
  },
  "signature": "ed25519:7f3a2b8c1d4e5f6a7b8c9d0e1f2a3b4c5d6e7f8a9b0c1d2e3f4a5b6c7d8e9f0a"
}

⚠️ Red Lines — Incident Response Cannot Override

  1. Incident response may NOT access personal surveillance data (even for forensic purposes)
  2. Incident response may NOT target individuals based on protected characteristics
  3. Incident response containment actions may NOT cause kinetic effects in the physical world
  4. Incident response evidence collection respects PII redaction (PII never stored in SIGIL)
  5. Human authority override is ALWAYS available — the system can be halted at any time
  6. Post-incident data retention: forensic evidence purged after 90 days unless legally required
  7. No incident response action may exfiltrate data to non-sovereign infrastructure

📋 Honesty Register

7. Integration Architecture

┌─────────────────────────────────────────────────────────────────┐
│                    DEFONEOS INCIDENT RESPONSE                    │
├─────────────────────────────────────────────────────────────────┤
│                                                                  │
│  ┌──────────┐   ┌──────────┐   ┌──────────┐   ┌──────────┐     │
│  │ DETECT   │──▶│ TRIAGE   │──▶│ CONTAIN  │──▶│ ERADICATE│     │
│  │ 280 chk  │   │ BFT 5/5  │   │ BFT 23/33│   │ + Human  │     │
│  └──────────┘   └──────────┘   └──────────┘   └──────────┘     │
│       │              │              │              │              │
│       └──────────────┴──────────────┴──────────────┘              │
│                          │                                        │
│                          ▼                                        │
│                   ┌──────────────┐                                │
│                   │ SIGIL CHAIN  │  ← Every action recorded       │
│                   │ (hash-chained)│  ← Ed25519 signed             │
│                   └──────────────┘  ← Bitcoin anchored (planned)  │
│                          │                                        │
│           ┌──────────────┼──────────────┐                         │
│           ▼              ▼              ▼                         │
│    ┌──────────┐   ┌──────────┐   ┌──────────┐                    │
│    │ RECOVER  │   │ REVIEW   │   │ HARDEN   │                    │
│    │ Staged   │   │ 72h Rpt  │   │ OLM Learn│                    │
│    └──────────┘   └──────────┘   └──────────┘                    │
│                                                                  │
└─────────────────────────────────────────────────────────────────┘

8. Tooling

ToolRoleSource
Gods-Eye CISO ScannerContinuous posture monitoring (280 checks/5min)DEFONEOS built-in
DORADO Foreign Access DetectorNon-sovereign IP detection + bot scoringDEFONEOS DORADO
meok-injection-scan MCPPrompt injection + supply chain scanningMEOK MCP fleet
Aegis Reviewer GateMCP output safety scanning (Morris-II worm check)Swarm orchestration
OrgKernel 3-Layer AuditL1 Identity + L2 Execution + L3 Compliance chainOrgKernel pattern
SIGIL Chain ExplorerIncident timeline reconstructionSIGIL REST API
DORADO ReplayForensic audit-trail replay for regulatorsDORADO module
OSCAL CatalogCompliance control mapping post-incidentNIST OSCAL 1.1.2