Skip to content

Illustration by iStock

Security Agencies Issue Guidance on Safely Implementing Agentic AI Capabilities

By Claire Meyer
4 May 2026

Today in Security

So, you want to implement agentic artificial intelligence (AI) into your business? Do so carefully, warns a group of government cybersecurity agencies.

New guidance from the Australian Signals Directorate’s Australian Cyber Security Centre (ACSC), the U.S. Cybersecurity and Infrastructure Security Agency (CISA), the U.S. National Security Agency (NSA), the Canadian Centre for Cyber Security, the New Zealand National Cyber Security Centre (NCSC-NZ), and the UK National Cyber Security Centre (NCSC-UK) discussed key cybersecurity challenges and risks associated with introducing agentic AI into IT environments, plus best practices for securing agentic AI systems.

The guidance strongly recommended aligning agentic AI risks and mitigation strategies with the organization’s existing security and risk postures and restricting agentic AI systems’ access to key data—especially sensitive data or critical systems.

Agentic AI systems are composed of agents that interpret and reason about a particular issue, make decisions, and take actions. “Compared with traditional (large language model, or LLM) systems, agentic AI systems distinguish themselves by accomplishing underspecified objectives, acting autonomously, following goal-directed behaviors, and creating long-term plans,” typically without continuous human intervention, the guidance said.

Agentic AI is vulnerable, though, to many of the same risks that affect other LLM-based systems, such as prompt injection attacks. Malicious actors do not need to learn a new set of skills or invent new attack types to target agentic AI systems. But the complexity inherent to AI systems makes securing them more challenging than traditional digital systems.

“Agentic AI cybersecurity spans both AI-specific security and traditional cybersecurity,” the guidance said. “Information continuously flows between AI and non-AI systems, increasingly blurring defensive boundaries and making it difficult to isolate AI-related risks from broader cyber threats. Agentic AI systems are also inherently complex, often involving multiple interconnected components that plan, reason, and act across sequential steps. This complexity introduces new systemic risks, including cascading failures and multi-step attacks, where unexpected or compromised behavior in one component can propagate across subsequent steps and affect the entire system.”

The guidance recommended addressing AI security within established cybersecurity frameworks rather than trying to reinvent the wheel. This methodology includes proven strategies like security by design, defense in depth, identity and access management, continuous monitoring, and incident response across the full system life cycle.

Agentic AI does carry some unique risks, though, including muddy accountability. Agentic systems can obscure what caused a particular action, making accountability hard to trace. This could also put organizations in a tough position when determining what—or who—is liable for poor decisions from agents.

The guidance recommended implementing high-impact security controls at the point of deployment so organizations can proactively manage new risks. These controls include threat modeling, effective governance, progressive applications of tools, and other guardrails and constraints.

“Agentic AI systems offer powerful automation benefits, but their ability to act autonomously across interconnected tools, data, and environments introduces security risks that extend beyond those associated with traditional software or GenAI,” the guidance concluded. “As outlined in this guidance, privilege escalation, emergent behaviors, structural dependencies, and accountability gaps can interact in unpredictable ways. As organizations grant agentic AI systems greater authority and operational scope, these combined risks become increasingly difficult to predict, observe, and contain.

“Organizations should therefore approach adoption with security in mind, recognizing that increased autonomy amplifies the impact of design flaws, misconfigurations, and incomplete oversight,” it continued. “Deploy agentic AI incrementally, beginning with clearly defined low‑risk tasks and continuously assess it against evolving threat models. Strong governance, explicit accountability, rigorous monitoring, and human oversight are not optional safeguards but essential prerequisites. Until security practices, evaluation methods, and standards mature, organizations should assume that agentic AI systems may behave unexpectedly and plan deployments accordingly, prioritizing resilience, reversibility, and risk containment over efficiency gains.”

 

For more about agentic AI risks and opportunities in corporate security, check out the May 2026 issue of Security Technology.

 

Focus on Agentic AI

What is Agentic AI?

Risk vs. Reward: What Security Leaders Need to Know When Using Agentic AI

Defending Against Online Fraud in the Age of Agentic AI

3 Non-Negotiables for CISOs in the Agentic Era

How to Use AI Responsibly to Prevent SOC Analyst Burnout

Best of Security Management

A Cascading Crisis: U.S. Federal Prisons Grapple with Decades of Unsafe Understaffing

The Other Side of the Looking Glass: Providing Security for Marches and Rallies

Is Your Workplace Toxic? Here's What You Need to Do

Preventing Workplace Violence: Holistic Support Starts with Listening to Nurses

What to Add to a Rules of Engagement Document

What is Agentic AI?
arrow_upward