U.S. Cybersecurity Agencies Release First Joint Guidance on Securing AI Agents

Summary

The U.S. Cybersecurity and Infrastructure Security Agency (CISA), the National Security Agency (NSA), and cybersecurity agencies from Australia, Canada, New Zealand, and the United Kingdom have jointly published the first comprehensive government guidance on securing autonomous artificial intelligence (agentic AI) systems. The guidance arrives as organizations have already begun deploying agentic AI—software that can plan, make decisions, and take autonomous actions—across critical infrastructure and defense sectors without sufficient safeguards.

The agencies identify five broad categories of risk in agentic AI systems: excessive privilege that amplifies vulnerability impact, design and configuration flaws, behavioral risks where agents act unexpectedly, structural risks in interconnected agent networks that trigger cascading failures, and accountability challenges in tracing system decisions and failures. Rather than requiring entirely new security disciplines, the guidance recommends folding agentic AI systems into existing cybersecurity frameworks using established principles like zero trust, defense-in-depth, and least-privilege access.

Key recommendations include assigning each agent a verified, cryptographically-secured identity with short-lived credentials, encrypting all agent communications, implementing human approval for high-impact actions, and designing systems with resilience, reversibility, and risk containment prioritized over efficiency gains. The agencies acknowledge that the security field has not fully matured to address some risks unique to agentic AI, with particular concerns about prompt injection attacks and the difficulty of auditing agent decision-making processes.