Skip to content
SOC
--:--:-- UTC
CriticalAssist + approval

Prompt injection triggered a privileged SaaS tool chain.

A retrieved document attempted to override agent policy, enumerate customer records, and send the result through an approved support workflow.

Attack Graph
Customer data workspace, support automation, OAuth grant
UserRAG docLLM agentSaaS toolCustomer data
Telemetry
Prompt/context
High fidelity
99%
Tool calls
Logged
100%
Identity path
Correlated
92%
Data movement
Contained
0 exfil
Response Actions
Summarize incident
AI can generate case summary and timeline.
Done
Disable OAuth grant
Analyst confirms before access change.
Delete retrieved document
AI cannot destroy evidence.
Blocked
Vulnerability Queue
IDAssetRiskAction
LLM01Support RAG corpusPrompt injectionQuarantine source
LLM06CRM export toolExcessive agencyScope permissions
MCP2Automation connectorScope creepRotate token
Event Log
00:00
Context ingestion

Hidden instruction detected in retrieved support article.

00:49
Tool request

Agent requested customer export outside approved task scope.

01:16
Policy gate

High-impact action held for analyst approval.

03:42
Containment

OAuth grant disabled and evidence package attached to case.