// first 10 minutes

AI agent runaway action — quick-start

AI agent runaway — first 10 minutes. halt the agent before it takes more actions. print this, check boxes, then run the primary tools.

checklist

halt the agent process or revoke its API key immediately — stopping further actions takes priority over preserving the action log.
preserve the agent's action log before it is overwritten — every tool call, API request, and decision node in the runaway window.
preserve the original system prompt and any user instructions that were active at the time of the runaway.
list every external system the agent had access to: APIs, databases, file systems, email, messaging — these are all potential blast-radius surfaces.
identify what the agent actually did during the runaway: tool calls made, data read, data written, messages sent, payments initiated.
identify what the agent was trying to do based on its reasoning trace if available — intent and action may diverge.
pull logs from every external system the agent touched — the agent's action log is one view; the target system's log is the ground truth.
notify operators of any external services that received requests from the agent during the runaway window.
audit any irreversible actions: sent emails, posted messages, initiated financial transactions, deleted files.
begin the primary tool path below — AI agent action accountability tracer.

// first 10 minutes

AI agent runaway — first 10 minutes. halt the agent before it takes more actions. print this, check boxes, then run the primary tools.

halt the agent process or revoke its API key immediately — stopping further actions takes priority over preserving the action log.
preserve the agent's action log before it is overwritten — every tool call, API request, and decision node in the runaway window.
preserve the original system prompt and any user instructions that were active at the time of the runaway.
list every external system the agent had access to: APIs, databases, file systems, email, messaging — these are all potential blast-radius surfaces.
identify what the agent actually did during the runaway: tool calls made, data read, data written, messages sent, payments initiated.
identify what the agent was trying to do based on its reasoning trace if available — intent and action may diverge.
pull logs from every external system the agent touched — the agent's action log is one view; the target system's log is the ground truth.
notify operators of any external services that received requests from the agent during the runaway window.
audit any irreversible actions: sent emails, posted messages, initiated financial transactions, deleted files.
begin the primary tool path below — AI agent action accountability tracer.