Risk Management Series โ€” Vol. 2

AI Incident Response Playbook

Step-by-step response procedures for the most likely AI-related incidents at an MSP. Covers containment, notification, documentation, and post-incident review.

๐Ÿ”ด
If you are actively responding to an incident right now: Jump directly to the relevant scenario tab below. Complete all steps in order. Do not skip documentation steps โ€” they are required for SOC 2 CC7.3 and client notification obligations.
01Incident Scenarios
Data Leakage
Bad Output Sent
Shadow AI Tool
AI-Assisted Phishing
๐Ÿ”‘
Sensitive Data Pasted into Public AI Tool
Client PII, credentials, or confidential data sent to an unapproved AI service
1
Immediate โ€” Within 15 Minutes
Contain & Identify
Stop any ongoing data entry. Identify exactly what was pasted โ€” take a screenshot or written note of the prompt content before the session is closed.
Document the AI tool used (URL, service name)
Record what data was included (type, volume, specific fields)
Identify which client(s) or individuals are affected
If credentials were exposed โ€” rotate them immediately
Reporting Staff Member0โ€“15 min
2
Escalate โ€” Within 1 Hour
Notify Risk Manager & IT / Security
Report to the Risk Manager and IT / Security immediately. Do not notify the client yet โ€” get internal assessment first.
Send written summary via email or Slack (not the AI tool)
IT / Security to check AI vendor's data retention and breach notification policies
Determine if the tool has an opt-out or data deletion request process
IT / Security + Risk OwnerWithin 1hrCC7.3
3
Assess โ€” Within 4 Hours
Determine Notification Obligation
Assess whether client or regulatory notification is required. This depends on data type and applicable regulations.
PII of 500+ individuals โ†’ may trigger state breach notification laws
HIPAA-covered data โ†’ mandatory 60-day notification to HHS
Client contractual obligations โ†’ review MSA/DPA for notification SLAs
Engage legal counsel if any of the above apply
Risk Owner + Legal CounselWithin 4hrsCC2.3
4
Remediate โ€” Within 24 Hours
Submit Deletion Request & Notify if Required
Submit data deletion request to the AI vendor. Draft client notification if required. Complete incident record.
Submit deletion/opt-out request via vendor's privacy portal
Draft and send client notification if legally or contractually required
Log the incident in the AI Risk Register (AR-001)
IT / Security + Risk OwnerWithin 24hrs
5
Post-Incident โ€” Within 2 Weeks
Review & Prevent Recurrence
Conduct a brief post-incident review. Update training, controls, or tooling to prevent recurrence.
Brief team on what happened without naming the individual
Consider deploying PII Sanitizer as a required pre-step before AI use
Update AI AUP if gaps were identified
Close the incident record with root cause and remediation notes
Risk OwnerWithin 2 weeksCC7.4 CC4.2
๐Ÿ“ค
Incorrect AI Output Sent to Client
Unverified or hallucinated AI content delivered as fact in client communications or deliverables
1
Immediate
Identify & Recall
Determine what was sent, to whom, and whether the client has acted on it.
Locate the original email/document and identify incorrect content
Assess whether client could have made a decision based on the bad info
Do not send a correction yet โ€” escalate first
Reporting Staff Member0โ€“30 min
2
Escalate
Notify Manager & Draft Correction
Notify the account manager or team lead. Prepare a correction with accurate information verified from authoritative sources.
Get correct information from official documentation, not AI
Draft correction email โ€” keep it simple, professional, no blame on AI
Have manager review before sending
Account OwnerWithin 2hrs
3
Notify Client
Send Correction Promptly
Send the correction quickly and directly. If the client acted on the bad information and experienced harm, escalate to leadership immediately.
Send correction โ€” reference the original message and clearly state the corrected information
If client incurred cost or made decisions based on bad info โ†’ escalate to leadership and possibly legal
Account OwnerSame business dayCC2.2
4
Post-Incident
Document & Update Review Process
Log incident โ€” what was sent, what was wrong, how it was corrected
Identify whether the review step was skipped or insufficient
Update team guidance on required review before sending AI output externally
Risk OwnerWithin 1 weekCC4.2
โš ๏ธ
Unapproved AI Tool Discovered in Use
Staff member found using an AI tool that has not been reviewed or approved by IT/Risk
1
Identify
Determine Scope of Use
Which tool was used? (name, URL)
How long has it been in use?
What data was entered โ€” generic prompts or client/sensitive data?
Is anyone else using it?
IT / SecurityWithin 4hrs
2
Assess the Tool
Run Vendor Risk Assessment
Use the AI Vendor Assessment Checklist to evaluate the tool. It may be approvable โ€” this isn't automatically a punitive situation.
Check: Does the vendor have a SOC 2 report?
Check: Does it opt users into training by default?
Check: Is there a DPA available?
Check: What is the data retention policy?
IT / Security + Risk OwnerWithin 2 daysCC9.2
3
Decide & Act
Approve, Restrict, or Block
Approve: Tool passes checklist โ†’ add to approved list, document, brief the team
Conditional: Tool is approvable with restrictions (no client data, no PII) โ†’ add conditions to AUP
Block: Tool fails checklist โ†’ request IT to block domain, notify staff, document reason
IT / Security + Risk OwnerWithin 3 daysCC6.7 CC8.1
4
Post-Incident
Update Approved Tool List & Training
Update the approved AI tools list regardless of outcome
Remind staff of the process for requesting new AI tools before use
Update Risk Register (AR-002) with outcome
Risk OwnerWithin 1 week
๐ŸŽฃ
AI-Enhanced Phishing / Social Engineering Attack
Suspected AI-generated phishing email, voice deepfake, or impersonation attempt targeting staff or clients
1
Immediate
Do Not Engage โ€” Isolate
If you suspect you're being targeted: stop all interaction with the suspected message or caller. Do not click links, transfer funds, or provide credentials.
Do not reply to the email, callback the number, or click any link
If credentials were provided โ†’ change them immediately and notify IT
If a wire transfer or payment was initiated โ†’ call your bank immediately
Preserve the original message โ€” do not delete
Any StaffImmediately
2
Escalate
Report to IT and Security Lead
Forward suspicious email to IT with original headers intact
If voice/video: document what was said, when, and from what number/platform
Security Lead to check email gateway logs for campaign scope โ€” was this one target or many?
Check if any clients received the same or similar messages
Security Lead + IT / SecurityWithin 1hrCC6.8
3
Contain
Block & Assess Damage
Block the sending domain/IP in email gateway
Determine if any credentials, MFA codes, or payment info was shared
Review affected accounts for unauthorized access (login history, sent items)
If client impersonation: notify the client that an attack is in progress
Security LeadWithin 4hrsCC7.3
4
Post-Incident
Brief Staff & Update Defenses
Send a sanitized alert to all staff describing the attack pattern (not the victim)
Update security awareness training with this specific example
Review and tighten verification procedures for financial requests and credential resets
Log in Risk Register (AR-004)
Risk Owner + Security LeadWithin 1 weekCC1.4 CC4.2
02Required Documentation โ€” Every Incident
[ ]
Date and time incident was discovered
[ ]
Who discovered it and how
[ ]
AI tool or service involved
[ ]
Data types and volume affected
[ ]
Clients or individuals impacted
[ ]
Actions taken and timeline
[ ]
Notifications sent (internal + external)
[ ]
Root cause determination
[ ]
Remediation steps completed
[ ]
Risk Register entry updated
[ ]
Incident closed with sign-off date
[ ]
Follow-up actions assigned with owners
MSP AI Resource Hub
Risk Management Series ยท Vol. 2
Version 1.0 ยท 2026
Owner: Designated Risk Owner ยท Review: Annually or post-incident