Incident Response

Vault Agentics maintains a written Incident Response Plan owned by the Managing Member. The plan is reviewed at least annually and after every material incident.

Severity model

• SEV-1 — Confirmed compromise of customer data, AI systems, or production access. Continuous response; executive oversight; customer notification per contract and law.
• SEV-2 — Material risk of compromise; service degradation affecting multiple engagements.
• SEV-3 — Localized issues with no customer data exposure.

Lifecycle

1. Detect — Continuous logging and alerting on identity, infrastructure, application, and AI activity.
2. Triage & contain — On-call assigns severity, isolates affected systems, preserves evidence, rotates credentials.
3. Investigate — Root-cause analysis with documented timeline and chain-of-custody for evidence.
4. Eradicate & recover — Remove cause, restore from clean state, validate integrity before returning to service.
5. Communicate — Customer notifications per contract and applicable law; regulatory notifications when required.
6. Learn — Post-incident review with action items tracked to closure.

Customer notification

For incidents that affect customer data, we notify designated security contacts without undue delay and consistent with engagement contracts and applicable law (including breach notification statutes such as Cal. Civ. Code §1798.82, GDPR Art. 33–34, and HIPAA where applicable).

Reporting an issue to us

Customers can email security@vaultagentics.com. Researchers should use our coordinated disclosure program. For confirmed active incidents, mark the email subject line "URGENT — Security".