fatcousin
// case comparison

agent runaway vs insider threat

SOC sees a burst of file reads and cloud API calls tied to one identity. the split is whether a human exfiltrated or an autonomous agent executed tool calls the user never intended — wrong call sends you to UEBA scoring when you need MCP trace reconstruction.

primary tools · side by side

ordered entry points from the case-type taxonomy. highlighted rows appear in both case types' editorial tool lists.

case a

AI agent runaway action

an autonomous agent (Claude · GPT · Gemini · Copilot · custom MCP) takes actions outside its prompt scope — reads credentials it shouldn't, exfils data, installs persistence, calls an MCP tool a human wouldn't have approved. evidence is the tool-call trace, the prompt-action divergence, and the OAuth grant ledger — not the prompt itself. distinct from llm-prompt-injection (malicious input) and insider-threat (human actor).

  1. 01ai agent tool call execution trace reconstructordrop agent run log · reconstruct tool-call sequence + state mutations · runs locally
  2. 02ai agent prompt vs action divergence detectordrop agent run log · detect actions taken inconsistent with prompt · runs locally
  3. 03ai agent autonomous action accountability tracerdrop agent run log · trace responsibility for each autonomous action · runs locally
  4. 04ai agent credential handling auditdrop agent run log · audit credential usage + leakage risk · runs locally
  5. 05mcp tool call graph reconstructordrop mcp client + server log set · reconstruct tool-call dependency graph · runs locally
  6. 06ai agent persistence mechanism detectordrop agent + system state · detect persistence implanted by agent · runs locally
  7. 07ai agent network exfiltration pattern detectordrop agent network log · detect data exfiltration via agent · runs locally
case b

insider threat / data exfiltration

departing employee, IP theft, USB exfil, cloud-share leak. evidence patterns: access-anomaly + peer-comparison + after-hours activity.

  1. 01insider threat behavioral indicator scorerdrop multiple forensic artifact csvs for a specific user · score against published insider threat behavioral indicators · data staging · unusual access · policy violations · communication patterns · produce risk profile · runs locally
  2. 02data access pattern anomaly detectordrop file access logs or security evtx with object access events · compute per-user access baselines · detect bulk access · off-hours access · cross-department access · unusual file type access · statistical outlier sessions · runs locally
  3. 03peer group statistical outlier analyzerdrop artifact sets for multiple users · compute per-user feature vectors · identify statistical outliers · surface the user whose behavior differs most from their peers · peer comparison charts · runs locally
  4. 04time-of-day activity fingerprinterdrop logon evtx csv or activity logs for a user · build 24-hour activity fingerprint · compare two time periods · chi-squared test for pattern change · detect when a different person used the account · account sharing detection · runs locally
  5. 05user behavior baseline profilerdrop months of logon evtx csvs or auth log exports · build statistical baseline per user · active hours · session duration · machine affinity · flag any session that deviates significantly from that user's normal pattern · runs locally
  6. 06copy-paste behavior and data lineage tracerdrop clipboard history exports · lnk file access times · recently opened files csvs · correlate what was copied from where and pasted where · trace data lineage across applications · build evidence of deliberate data extraction · runs locally
  7. 07user workstation affinity mapperdrop months of 4624 logon evtx csv · build statistical profile of which user uses which machine · compute affinity scores · flag when a user logs into an unusual machine · detect account takeover by changed workstation usage · runs locally
  8. 08credential to lateral movement tracerdrop credential dumping evidence csvs · logon event csvs · admin share access · service install events · trace a specific credential from dump through use and propagation across systems · reconstruct the attack chain · runs locally

editorial overlap

2 tools mapped to both case types in the editorial taxonomy — useful when the investigation spans both surfaces.
fatcousin cross export ioc hash correlatorfatcousin multi tool super timeline correlator

lean toward…

disambiguation signals derived from case-type descriptions and common practitioner confusion points.

lean toward agent runaway if you see…

  • tool-call execution traces or MCP server call graphs with no matching human keyboard session in the same window
  • prompt-vs-action divergence: stated agent intent diverges from the actual tool call invoked
  • session token reuse by an agent runtime — not a human SSO chain — across credential access events

lean toward insider threat if you see…

  • peer-group access outliers or after-hours workstation affinity on a human identity without agent tool-call artifacts
  • DLP USB exfil blocks, copy-paste bursts on sensitive repos, or shellbags on a departing employee's workstation
  • longitudinal UEBA score elevation over weeks — not an 8-minute autonomous tool-call window
ready