Reconstruct timeline

User input → LLM call chain → tool actions. Distributed trace shows entire flow.

Advertisement

Identify entry point

Which input contained injection. May be user or tool output (indirect). Provenance tag helps.

Advertisement

Blast radius

What actions taken. What data accessed. What sent externally. Query trace + audit log.

Attacker attribution

Source of injection. IP + auth. Similar patterns across users → coordinated attack.