An AI security incident response follows the same broad shape as any incident — contain, investigate, remediate, communicate — but the first containment step is often different: instead of pulling a server offline, you may need to disable a specific tool integration, roll back a system prompt or fine-tune, or throttle a feature while you figure out the scope. Speed matters because a successful jailbreak or injection technique often gets shared publicly within hours — exactly the pattern seen with DAN-style jailbreaks and Bing Chat prompt leaks in 2023, where a technique disclosed by one researcher was being reproduced by others within the same day.
Investigation leans hard on the logging discussed earlier: reconstructing exactly which prompt or injected content triggered the issue, whether it's a single exploited pattern or a class of vulnerability, and whether other users were exposed to the same technique before it was caught. Remediation should target the architectural gap, not just the specific prompt discovered — and post-incident, a clear public or internal writeup helps the whole field, since AI security is young enough that shared lessons genuinely raise the baseline.