WarRoom

WarRoom — Track 3: Regulated & High-Stakes Workflows Security incidents rarely fail for lack of tools. They fail in the coordination — between the analyst who sees the threat, the lawyer who knows the rules, and the commander who must act, all under a regulatory clock. WarRoom puts that whole team in one Band room. The team is AI agents. Four autonomous agents handle a live incident together, entirely through one Band chat room via @mentions: • Triage (LangGraph) classifies the alert and recruits the specialists. • Threat Intel (LangGraph) attributes the malware and assesses lateral-movement spread. • Compliance (Pydantic AI) runs on a SEPARATE company's Band account as external counsel — owning a live regulatory clock (GDPR Art. 33, 72h) and veto power. • Incident Commander (Anthropic) drives the response and executes actions only after explicit sign-offs. Built on different agent frameworks and spanning two organizations' accounts, WarRoom is a real test of Band as an interoperability layer — not four clones of one agent, but genuinely different systems negotiating in shared context. The demo incident is a true dilemma. Ransomware hits the primary customer database. Threat Intel: isolate and wipe before it reaches the domain controllers. Compliance: that host is forensic evidence under a legal hold — you can't destroy it. Neither is wrong. So the Commander does the only correct thing — it escalates to a human CISO, who rules in one message. Evidence is preserved first, the wipe is authorized, and every destructive action stays gated behind a sign-off or a human ruling. The payoff: the audit trail isn't written after the incident — it IS the incident. One command turns the room into a structured report: the decision timeline, the human's ruling, the live regulatory countdown, and every action with its reason. Humans in the loop for the calls that matter. Perfect provenance by default.