| 🏠 Back to Exam Syllabus | 📺 RooCloud on YouTube | 🌐 RooCloud Practice Exams |
AI Incident Response — Respond: Containment, Eradication, and Recovery
This episode of the ISACA Advanced in AI Audit (AAIA) exam prep series covers Phase 4 — Respond, the action step in the five-phase incident-response lifecycle that follows assessment and precedes the post-incident review. You’ll see the three pillars that guide active response, why standard IT playbooks fall short for machine learning, and how the work changes depending on the specific attack vector that hit the system. The discussion equips auditors to be the level-headed voice when business leaders panic during an AI crisis.
What this episode covers
- Why traditional playbooks fall short — AI’s probabilistic, interconnected nature breaks conventional response strategies.
- Containment — stopping the incident from spreading, with tactics that vary by attack type.
- Containing prompt injection, data poisoning, and adversarial inference — the specific tools and shutdowns each one requires.
- Eradication — completely removing the threat, where retraining, selective data cleanup, and model modification all play a role.
- Recovery — accepting that some attacks leave permanent marks and rebuilding around a reduced attack surface.
- Stricter access controls and guardrails — the new layers added before any system comes back online.
- Post-incident validation and stakeholder approval — the mandatory checks before reactivating a recovered AI system.
Watch the full episode above for the worked examples and detailed explanations of each concept.
Frequently Asked Questions
What are the three pillars of the respond phase?
The three pillars are containment, eradication, and recovery. Containment stops the incident from spreading further, eradication is the complete removal of the threat from the environment, and recovery returns the automated solution to a safe, fully operational state. Because AI models operate on probabilities and are deeply interconnected, conventional IT strategies for each pillar are much less effective.
How do you contain prompt injection, data poisoning, and adversarial inference?
For prompt injection, deploy data input and output validation plus prompt templates to screen and sanitize abusive prompts. For data poisoning, instantly revoke access to the datasets across all systems in the pipeline and block the scripts that prepare the data. For adversarial inference, which uses legitimate channels you cannot simply shut off, contain it through throttling, which limits how many questions a user can ask per minute while running heavy sanitization checks.
Why is eradicating an AI threat harder than patching traditional software?
You cannot just apply a standard software patch, so the eradication technique depends on how the attacker got in. Prompt injection ideally requires retraining or fine-tuning, but starting from scratch on large language models is financially impractical, so teams fall back on rigid validations and prompt templates. Data poisoning requires hunting down and removing poisoned data and selective retraining, while adversarial inference is eradicated by modifying the model with regularization and defensive distillation.
What must happen before reactivating a recovered AI system?
Because some AI attacks leave permanent marks that cannot be fully erased, recovery focuses on reducing the attack surface, adding active monitoring for residual threats, and implementing stricter access controls and new input and output guardrails. You must then conduct a rigorous post-incident validation that exhaustively tests all new security measures, and only after it succeeds and you obtain explicit approval from all relevant business stakeholders may you reactivate the system.
📚 Master the ISACA AAIA Exam!
Ready to test your knowledge? Access chapter-specific Multiple Choice Questions (MCQs) and full-length practice exams for the ISACA AAIA certification at RooCloud.com. Solve the chapter-wise questions to reinforce this lesson before moving to the next episode.
Reference: This article is based on concepts discussed in AI Incident Response — Respond: Containment, Eradication, Recovery.