Alerts
—| Severity | Rule | Agent | Summary | Created | ID |
|---|---|---|---|---|---|
| Loading… | |||||
Incidents
—| Severity | Kind | Agent | Summary | Opened | ID |
|---|---|---|---|---|---|
| Loading… | |||||
Overview (last 24 h) static demo
Protected actions
128
Blocked (deny)
7
Pending approvals
3
Open incidents
1
Detections / alerts
12
Receipt chain
✓ verified
Mean time to contain
8 s
Incident detail — provable timeline demo content
inc_01J — Prompt injection → high-risk GitHub action
agent
coding-agent-prod · run run_991 · severity critical · status: contained (frozen)
ATLAS AML.T0051
OWASP LLM01
✓ timeline verified (receipt chain)
10:02:31
Allowed
rcpt …a1b2github.read_issue — public issue #39110:02:31
context labelled
rcpt …a1b2untrusted_external (deterministic)10:03:04
Detection AEG-1002 confused-deputy-mutation (level 12)
AML.T005110:05:10
Blocked
rcpt …c3d4github.merge_pull_request → main · policy forbid-untrusted-mutation10:05:11
approve-then-swap attempt → SDK fail-closed (action_hash mismatch · T-A1)
rcpt …c3d410:05:12
Active Response — agent
containedfrozen; Slack alert → #agent-security10:06:00
RCA drafted (sandboxed narrator) — root cause: untrusted issue carried hijack instructions
RCAEvidence: receipt chain …a1b2 → …c3d4 (one-click verify) · approver: rejected · executed: nothing
Live decision feed demo content
12:04:11
Blocked
action …9af1github.merge_pull_request after untrusted issue context · trust: untrusted_external12:03:58
Approval created
group: platform-leadsgithub.merge_pull_request → main · bound to action_hash12:03:40
Allowed
risk: lowgithub.read_issue from public repository12:03:22
Drift MCP
AML.T0010github-mcp-demo manifest hash ≠ pinned (AEG-4002)12:03:01
MCP discovered
status: pendinggithub-mcp-demo.create_issue