Reconstruct timeline
User input → LLM call chain → tool actions. Distributed trace shows entire flow.
Advertisement
Identify entry point
Which input contained injection. May be user or tool output (indirect). Provenance tag helps.
Advertisement
Blast radius
What actions taken. What data accessed. What sent externally. Query trace + audit log.
Attacker attribution
Source of injection. IP + auth. Similar patterns across users → coordinated attack.