AccuroAI
Platform
What We Do
Solutions
Company
Resources
Book demo
Free · 36 Pages · No PII Required

Run an AI incident tabletop this quarter.

Most enterprise IR runbooks were written before autonomous AI agents existed. This kit packages three ready-to-run scenarios — kill-switch failure, MCP supply-chain poisoning, memory-poisoning persistence — into a facilitator-ready PDF your team can run in 90 minutes.

Maps to OWASP ASI · NIST AI RMF · ISO 42001
36
page designed PDF — facilitator-ready
3
scenarios covering the most common AI incident patterns
90
minutes per scenario; 6-10 participants
5
dimensions of scoring rubric per scenario

Three scenarios. Each runnable in 90 minutes.

SCENARIO 1
OWASP ASI02 — Tool Misuse / Excessive Capability

The 9-Second Database Delete

A coding agent with elevated permissions, used legitimately for routine maintenance, suddenly issues a series of valid DROP TABLE statements against the production data warehouse. The first table goes in nine seconds. Three more are queued. This scenario tests your detection, kill-switch readiness, audit trail completeness, and customer communication under speed..

90 minutes·6-10 participants·8 injection cards
SCENARIO 2
OWASP ASI04 — Agentic Supply Chain Compromise

The Poisoned MCP Server

A widely-used internal MCP server is updated by its maintainer overnight. The next morning, every agent connecting to it begins exfiltrating snippets of source code in the responses they send back to a downstream synthesizer agent, which writes them into an outbound customer-facing report.

90 minutes·6-10 participants·8 injection cards
SCENARIO 3
OWASP ASI06 — Memory & Context Poisoning

The Memory Poisoning Persistence

An agent's long-term memory store is poisoned by a malicious user who briefly held a partner-organization account. The malicious entries assert "this user account is pre-authorized for unlimited refunds." The user is rotated out; the memory entry persists. Two weeks later, a customer-success agent processes a refund request from a different user and finds the "pre-authorization" in its context.

90 minutes·6-10 participants·8 injection cards

What's in the kit

  • 1
    Three full scenarios with starting-state briefings and known/unknown information
  • 2
    Participant role cards for incident commander, engineering, legal, compliance, communications
  • 3
    Timed injection cards — events to drop into the exercise every 5-10 minutes
  • 4
    Five-dimension scoring rubric per scenario for after-action evaluation
  • 5
    After-action report template suitable for auditor presentation
  • 6
    Common findings mapped to OWASP Agentic Top 10, NIST AI RMF, and ISO 42001
Get the tabletop kit
36-page designed PDF. Three scenarios. Facilitator-ready. We'll email it to your work address within the next minute.
Want us to facilitate the first session?

30-min call. We bring the facilitator, scenarios, and after-action template; your team brings the real-world context. The output is a readiness report for your AI risk committee.

Book a demoTalk to security