Incident response lab for AI tooling supply chain

SupplyChain Sentinel

Simulate a real-world package compromise (like the LiteLLM 1.82.7–1.82.8 incident) and practice the workflow: detection, blast radius estimation, containment, secret rotation, and postmortem generation.

Ready

Tabletop Simulator

difficulty: medium mode: ai-proxy

Scenario preset

You can change the preset before you click Start scenario.

Team context

Controls affect how quickly you detect compromise and how costly containment is.

Package name

Used for logs, alerts, and the postmortem. This app does not fetch anything.

Installed version

Try a safe version like 1.82.6 and see your risk score change.

Deployment footprint

Footprint influences blast radius and urgency.

EDR telemetry

Improves detection timing; adds some false positives.

Network egress logs

Helps spot credential exfil domains and unexpected archives.

Version pinning

Reduces exposure; may slow patching and increase toil.

Risk score0

Estimated secrets exposed0

Time to detection—

Containment cost—

Response Console

Actions

Each action has tradeoffs: speed vs correctness, alert fatigue vs risk reduction.

Detection signals

Signal	Status	Confidence

Incident timeline

The timeline visualizes what happened (top) vs what your team noticed (bottom).

Event log

Secret Rotation Planner

Rotation completeness 0% Residual risk —

Secrets inventory (toggle what existed in the environment)

Real incidents often require rotating everything accessible to the compromised process.

Rotation workflow

Edit this checklist; it exports with your report.

Postmortem Generator

Executive summary prompt

This is a local text generator (no API). It uses a small rule-based template engine.

Draft postmortem (editable)

Export to JSON or copy to clipboard. The report includes citations to the original trend source.