incident-response-trainer
Incident response training · Rule-based scoring
DemoCatalogHistoryDashboard
← Back to catalog
Cybersecurityextremely-hardAI Code-Assistant Secret-Leak CascadeCritical asset
Scenario

AI-assistant-generated snippet committed a live cloud key; CI then ran unexplained jobs and cloud reads with an ambiguous trail

A extremely-hard Cybersecurity scenario on AI Code-Assistant Secret-Leak Cascade.

Practice this scenario

Start a graded attempt against this scenario. Your response is scored by the same deterministic rubric used across the catalog. Email and evidence content stay hidden until you start.

Launches this exact scenario. One of 6 templates in this Track + Difficulty pool.

catalog id · ai-code-assistant-secret-leak-cascade

Training alignment

What this scenario practices, mapped to recognized frameworks.

Educational mapping only. Not a compliance attestation.

What this trains
  • Leaked-credential rotation and blast-radius scoping
  • Secure CI identity and AI-generated-code secret hygiene
MITRE ATT&CKmitre-attack
  • Credentials In Files · Credential AccessT1552.001 · TA0006
    MappedHigh confidence

    Trains response to a live credential committed into code and a ticket.

  • Cloud Accounts · Initial AccessT1078.004 · TA0001
    PartialMedium confidence

    Trains reasoning about possible reuse of the leaked cloud credential.

MITRE D3FENDmitre-d3fend
  • User Account ContainmentD3-UAC
    MappedHigh confidence

    Trains rotating/revoking the compromised CI credential first.

  • User Account PermissionsD3-UAP
    MappedHigh confidence

    Trains least-privilege rebuild of the CI deploy identity.

NIST CSF 2.0nist-csf-2
  • Incident Mitigation · RespondRS.MI · RS
    MappedHigh confidence

    Trains credential rotation and blast-radius containment.

  • Incident Recovery Plan Execution · RecoverRC.RP · RC
    MappedMedium confidence

    Trains sequenced recovery onto a new least-privilege identity.

NIST SP 800-61r3nist-sp-800-61r3
  • IR lifecycle phaseContainment, Eradication & Recovery
    MappedHigh confidence

    Trains rotate-before-scrub sequencing under an ambiguous trail.

  • IR lifecycle phaseDetection & Analysis
    MappedHigh confidence

    Trains bounding the cloud blast radius despite log gaps.

CISA Cybersecurity Performance Goalscisa-cpg
  • Detecting Relevant Threats and TTPs3.A
    MappedMedium confidence

    Trains detection and attribution of anomalous CI/cloud activity.

  • Vendor/Supplier Cybersecurity Requirements2.R
    PartialLow confidence

    Trains governance of AI-assistant tooling and contractor access.

CIS Controls v8cis-controls
  • Application Software SecurityControl 16
    MappedHigh confidence

    Trains secret-scanning and secure handling of AI-generated code.

  • Access Control ManagementControl 6
    MappedHigh confidence

    Trains short-lived, least-privilege CI identity over long-lived keys.