Dated record of every change to the MTTD-for-Agents tripwire set, phase definitions, and measurement conventions. Prior versions are reconstructible via this log and the git history of the YAML source at content/frameworks/changelog.yaml.
Every rubric change, weight adjustment, anchor rewrite, and rename is logged here with date, author, and rationale. Newest version first. The methodology page at /mttd/ always reflects the current version. Previous versions are reconstructible via this log and git history.
v1.0.1
24 April 2026·Peter Walda
Surface additions — no threshold, phase, or target changes.
Clarification
Launched /mttd/methodology/amendments/ (this page). Every future change to tripwire thresholds, detection-chain SLAs, published targets, or phase definitions will be dated here with rationale.
RationaleThresholds, targets, and SLAs are expected to move as the enterprise-agent threat surface evolves (the Q1 2026 exploit data already argues for tighter cross-agent delegation thresholds than the v1 `2σ` level). Dating every change is the discipline that lets security teams reference a specific version in their own runbooks.
Next scheduled review: 19 April 2027.
v1.0
19 April 2026·Peter Walda
Initial publication as MTTD-for-Agents.
Initial publication
Published four tripwires (scope drift, permission creep, data exfiltration pattern, cross-agent privilege echo) and a five-phase detection chain (signal, correlate, confirm, contain, review).
RationaleTraditional MTTD (Mean Time To Detect) frameworks target SOC incident detection and don't translate cleanly to agentic AI behavior. MTTD-for-Agents adapts the discipline: what tripwires fire on an agent operating outside its original charter, and how many minutes/hours elapse before a human sees the signal.