As of mid-2026, most 1-15 person teams running AI agents and automations on paid client work cannot revoke a misbehaving agent's access quickly because they share a small number of credentials across multiple tools and have no written pause-and-revoke runbook with rehearsed timings per tool. The runbook discipline (per-tool documentation of the pause path, the revoke path, the time-to-effect, and the OAuth third-party revocation step where applicable) is a 30-minute Friday investment using only the tools already in use, and is the small-team analogue of the four-primitive enterprise containment architecture covered in AM-171.

Claim is scoped to the runbook capability of a 1-15 person team to execute pause and revoke actions through existing tool UIs (Anthropic Console, OpenAI Platform, GitHub Settings, Zapier My Apps, Make Connections, n8n Credentials) in a documented and rehearsed way. Does not assert the runbook substitutes for the four-primitive enterprise architecture; asserts it is the operationally tractable small-team equivalent. 30-day review cadence calibrated to the security-adjacent landscape and the pace at which tool UIs and revocation primitives change. Trigger conditions: (1) major SMB-targeted AI tools ship per-agent revoke as a documented one-click action with a published time-to-effect SLA — would move toward Partial because the tooling gap is closing; (2) a published small-business or small-agency incident specifically traceable to a credential that could not be revoked in time — would confirm operational exposure and strengthen case for the drill; (3) a change in small-business cyber insurance terms requiring documented pause-and-revoke runbooks and rehearsed drills — would change incentive map from discretionary to required; (4) the OpenAI, Anthropic, or GitHub API surface adds workspace-level revoke that propagates to every key minted under the workspace within a defined window — would shift operational answer from per-credential revocation to workspace-level containment. Sibling: AM-171.