Skip to main content
Version: v0.9.0a2
Operator

R-WORM-DETECTED

3 min readOn-call operatorRunbook ยท critical

When to use

Writes appear to propagate automatically through agents or peers in a pattern that resembles a worm. Trigger alert: worm_pattern_detected.

Supporting signals:

Mirror graphs

Agent-read and agent-write graphs mirror each other beyond baseline.

Unusual instruction-like facts

Sudden instruction-like facts from peers that do not normally write them.

Rapid cross-peer growth

Rapid growth in facts across multiple peer sources.

Repeated quarantine

Repeated quarantine admissions for similar payloads.

Identifyโ€‹

Preserve the graph shape and affected payloads:

curl -s "https://your-node.example.com/v1/federation/audit?limit=500" \
  -H "Authorization: Bearer $STIGMEM_ADMIN_KEY" | jq .

curl -s "https://your-node.example.com/v1/facts?limit=500" \
  -H "Authorization: Bearer $STIGMEM_ADMIN_KEY" | jq .

Record the first suspicious fact, the relation names involved, the peers that sent or received related facts, and whether any agent-control or instruction relations are present.

Containโ€‹

Containment is intentionally broad.

Restore access only after the propagation path is understood.

  1. Disable federation pulls from affected peers.
  2. Stop or isolate agents that read from the affected scopes.
  3. Disable automated quarantine promotion.
  4. Tighten read/write quotas for affected principals.
  5. If a connector or adapter is involved, disable that connector until payloads are reviewed.

Investigateโ€‹

Trace the propagation path:

Read-before-write chain

Which fact was read before each suspicious write?

Next writer

Which agent or peer wrote the next copy?

Mutation

Did the payload change as it moved?

Self-propagation directive

Did any fact ask an agent to fetch, write, or forward additional facts?

Cross-org spread

Did the pattern cross organization boundaries?

Compare findings against Security Scenarios, especially prompt-injection and federation scenarios.

Recoverโ€‹

  1. Retract or quarantine malicious payloads.
  2. Rotate any API keys used by affected agents.
  3. Re-enable agents one at a time with lower quotas.
  4. Re-enable federation one peer at a time.
  5. Add a regression test or detection rule for the payload pattern if it is new.

Communicateโ€‹

Notify affected peer operators with the payload shape, timestamps, and containment actions. If the incident crossed org boundaries, publish a short public note after containment that states impact, affected versions, and operator actions.