fatcousin
// case comparison

agent runaway vs key leak

engineering sees cloud abuse tied to automation. case A is ai-agent-runaway: autonomous tool-call chain, MCP graph, and prompt-vs-action divergence outside stated scope. case B is api-key-leak: credential in git history → CloudTrail/GitHub audit abuse without agent runtime. wrong call sends you to ai-agent-tool-call-execution-trace-reconstructor when you need git-repository-forensics — or chases injection patterns while IAM escalation came from a leaked static key.

primary tools · side by side

ordered entry points from the case-type taxonomy. highlighted rows appear in both case types' editorial tool lists.

case a

AI agent runaway action

an autonomous agent (Claude · GPT · Gemini · Copilot · custom MCP) takes actions outside its prompt scope — reads credentials it shouldn't, exfils data, installs persistence, calls an MCP tool a human wouldn't have approved. evidence is the tool-call trace, the prompt-action divergence, and the OAuth grant ledger — not the prompt itself. distinct from llm-prompt-injection (malicious input) and insider-threat (human actor).

  1. 01ai agent tool call execution trace reconstructordrop agent run log · reconstruct tool-call sequence + state mutations · runs locally
  2. 02ai agent prompt vs action divergence detectordrop agent run log · detect actions taken inconsistent with prompt · runs locally
  3. 03ai agent autonomous action accountability tracerdrop agent run log · trace responsibility for each autonomous action · runs locally
  4. 04ai agent credential handling auditdrop agent run log · audit credential usage + leakage risk · runs locally
  5. 05mcp tool call graph reconstructordrop mcp client + server log set · reconstruct tool-call dependency graph · runs locally
  6. 06ai agent persistence mechanism detectordrop agent + system state · detect persistence implanted by agent · runs locally
  7. 07ai agent network exfiltration pattern detectordrop agent network log · detect data exfiltration via agent · runs locally
case b

API key leak / repo compromise

leaked credential in git history → cloud abuse window → cost-spike + lateral movement. correlate VCS + CSP audit logs.

  1. 01git repository forensic analyzerdrop a .git directory or git bundle file · extract full commit history · recover deleted commits via reflog · stash contents · author metadata · file change history · detect secret leaks in history · runs locally
  2. 02github audit log parserjson or jsonl audit export · action actor org repo · repo org hook oauth protected branch secret scanning · suspicious flags · export csv · runs locally
  3. 03github audit log analyzerdrop github enterprise audit log json or csv export · parse repository and organization events · surface suspicious access patterns force pushes secret scanning alerts and member changes · reconstruct git activity timeline · runs locally
  4. 04aws cloudtrail forensic deep analyzerdrop cloudtrail json logs · detect privilege escalation paths · credential theft · data exfiltration · lateral movement between services · unusual api patterns · flag attacker ips · runs locally
  5. 05aws cloudtrail log forensic analyzerdrop aws cloudtrail json log files or csv export · parse api call records across all aws services · surface credential abuse privilege escalation data exfiltration and infrastructure manipulation · reconstruct attacker activity timeline · runs locally
  6. 06aws iam policy analyzerpaste iam policy json · effective permissions · wildcard expansion · risks · escalation hints · plain english · runs locally
  7. 07iam escalation graphiam policy json · wildcard expansion · 15 escalation patterns · attack chains · severity · csv + json export · runs locally
  8. 08kubernetes secrets decoderpaste secret yaml or json · decode base64 · credential hints · redact toggle · runs locally · keys stay in browser

editorial overlap

2 tools mapped to both case types in the editorial taxonomy — useful when the investigation spans both surfaces.
fatcousin cross export ioc hash correlatorfatcousin multi tool super timeline correlator

lean toward…

disambiguation signals derived from case-type descriptions and common practitioner confusion points.

lean toward agent runaway if you see…

  • MCP tool-call graph or agent persistence (cron, webhook) with prompt-vs-action divergence
  • abuse anchored to agent session token — not AKIA/ghp token first appearing in git commit history
  • copilot or custom-agent integration audit shows tool calls without matching human keyboard session

lean toward key leak if you see…

  • AKIA/ghp token in git history or secret scan correlated with CloudTrail IAM escalation
  • GitHub audit clone/push before cloud abuse — no MCP tool-call ledger in agent exports
  • IAM escalation or k8s secrets decode from leaked credential — no agent autonomous replanning trace
ready