Consolidated executive view of the security posture: incident volume, priority distribution P0βP3, evidence quality of reports, weekly trend and the queue of cases requiring a human decision (human-in-the-loop). This view is intended for CISO / SOC leadership / compliance.
Figures as of a demonstration date. Green = under control, amber = requires attention within SLA, red = response threshold exceeded or active compromise.
Breakdown of 142 reports by urgency level. P0 = within 4h, P1 = within 24h, P2 = within 72h, P3 = 7β30 days.
Evidence-first doctrine: every claim carries an evidence status. A high share of GAP indicates a backlog in completing evidence, not the scale of the threat.
Report volume broken down by day over the last week of the operational window.
The ThursdayβFriday peak correlates with a demonstration phishing campaign. Weekend = a drop in user-submitted reports, not a drop in exposure.
| ID | Type | Priority | Evidence status | Legal flag | State |
|---|---|---|---|---|---|
INC-4821 | Ransomware β share encryption | P0 | CONFIRMED | NIS2_RELEVANT | In progress |
INC-4820 | Customer data leak | P0 | MEDIA | GDPR_BREACH | DPO escalation |
INC-4817 | Prompt injection in assistant | P1 | CONFIRMED | AI_ACT_RELEVANT | Playbook |
INC-4815 | Phishing campaign (BEC) | P1 | CONFIRMED | β | In progress |
INC-4812 | Agent hijack β privilege abuse | P1 | PUBLIC | AI_SERIOUS_INCIDENT | Human decision |
INC-4809 | Exploited CVE (RCE) | P1 | CONFIRMED | CRITICAL_INFRA | Patch |
INC-4803 | Volumetric DDoS | P2 | CONFIRMED | β | Mitigation |
INC-4798 | Voice deepfake β fraud attempt | P2 | GAP | AI_ACT_RELEVANT | Evidence? |
INC-4791 | Bucket misconfiguration | P2 | CONFIRMED | GDPR_PERSONAL_DATA | Remediation |
INC-4785 | Suspected supply chain | P3 | DISPUTED | β | Analysis |
Cases where the classification system halts automated action and requires approval by an authorized role (Operator / Analyst / Legal-DPO / AI Safety Officer). Aligned with the human-oversight principle (AI Act art. 14 β human oversight).
Question: Does the breach qualify for notification to the supervisory authority within 72h (GDPR art. 33) and notification of data subjects (art. 34)?
Role: Legal/DPO Β· Deadline: β€24h to decision
Question: Is the agent hijack a "serious AI incident" requiring a report under AI Act art. 73? Cut the agent off from production?
Role: AI Safety Officer Β· Deadline: β€24h
Question: Isolate the network segment and start recovery from backup (Zero Point), or negotiate time for forensics?
Role: Operator Β· Deadline: β€4h
Question: GAP status β no evidence for the deepfake. Close as unconfirmed or escalate to obtain the recording?
Role: Analyst Β· Deadline: β€72h
Classic cyber incidents across dimensions: geography, sector, type, actor, impact.
AI/agent risks, AI Act flags, human-oversight status, high-risk test.
Report queue by evidence status β priority for GAP and DISPUTED.
Cases flagged NIS2 / GDPR / NCSA (KSC) / AI Act and reporting-deadline clocks.
Active playbooks, response step state, validation and incident closure.
An aggregate threat map joining the cyber and AI layers with priorities.