About & Safety Model
What this lab is, what it deliberately is not, and the safety reasoning behind a tool that explores agentic containment without ever touching a real system.
Simulated containment actions only. No production systems are modified. This is a public lab for demonstration and is not production incident-response advice.
What this is
- A public, portfolio-grade demonstration of a human-approved containment workflow.
- An exploration of how agentic AI can assist an Incident Commander without taking unilateral action.
- A UI/UX and architecture reference for evidence-aware, business-aware containment decisions.
- Fully self-contained: runs on mock data with deterministic AI and no API keys.
What this is not
- A production incident-response platform or a source of real IR advice.
- Connected to any EDR, SIEM, identity provider, cloud or email system.
- Capable of executing containment against any real asset — every action is simulated.
- An offensive-security tool. It contains no exploit logic of any kind.
Safety model
There is no integration layer and no outbound action capability. The “containment engine” only appends descriptive steps to local state.
Nothing advances without an explicit, simulated approval. Approval chains scale from IR Lead to Executive based on the option’s blast radius.
Volatile evidence is flagged for preservation before any containment step, mirroring sound forensic practice.
Every state change is written to an append-only, hash-chained ledger so the full decision history is reconstructable.
Human approval model
The lab's central principle is a clean separation of duties: agents advise, humans approve, and the ledger attests. The agentic layer can triage, map blast radius and propose a containment strategy, but it cannot authorise or run anything on its own.
A minimal containment option may need only an IR Lead and Incident Commander; an aggressive, business-disrupting one routes all the way to Legal and the Executive. The required approvers are attached to each option, not chosen after the fact.
A single guardrail (canSimulateExecute) is consulted by both the UI and the store. Even a simulated execution is refused until every required approval has been explicitly recorded — and an attempt to bypass it is itself written to the ledger as a blocked event.
Threat-model note
Because the lab has no connectors and no execution path, the realistic risk surface is that of any static front-end: it renders mock data and mutates local browser state. The hash-chained ledger demonstrates tamper-evidence as a concept; it is intentionally a non-cryptographic, illustrative hash rather than a real integrity control.
The deliberate design choice throughout is that agentic AI proposes and explains, while a human approves and a system of record attests. That separation is what makes agentic containment safe to reason about.
Roadmap
- Deterministic mock AI triage, blast-radius mapping and option scoring
- Bounded eight-agent reasoning layer (advisory, human-approved)
- Five seed scenarios spanning endpoint, identity, ransomware, OAuth and BEC
- Simulated approval routing, execution guardrail and hash-chained ledger
- Pluggable LLM provider behind the existing provider interfaces
- Configurable approval policies and role-based views
- Richer scenario authoring and shareable incident snapshots
- Read-only connectors for EDR/SIEM/identity with strict policy guardrails
- Governed, reversible containment playbooks with real approvals and full attestation
- Resilience metrics, post-incident learning loops and exec reporting
Containment Command Lab is a public demonstration by RedCon1 Response. RecoverIQ Containment Command is a separate, proprietary product direction. Mock data only.