Five Eyes agencies publish guidance on securing agentic AI deployments

Cybersecurity agencies from the United States, Australia, Canada, New Zealand and the United Kingdom jointly published guidance Friday urging organizations to treat autonomous artificial-intelligence systems as a core cybersecurity concern, warning that the technology is already being deployed in critical infrastructure and defense sectors with insufficient safeguards. The document focuses on agentic AI, software built on large language models that can plan, make decisions and take actions autonomously. Co- The agencies identify five broad categories of risk. The first is privilege: agents granted too much access can cause far more damage than a typical software vulnerability if compromised. The second covers design and configuration flaws that create security gaps before systems go live. The third is behavioral risk, where an agent pursues a goal in ways its designers never intended. The fourth is structural risk, in which interconnected networks of agents trigger failures that spread across systems. The fifth is accountability, because agentic systems make decisions through processes that are difficult to inspect and generate logs that are hard to parse. The guidance also flags prompt injection, a technique in which malicious instructions embedded inside data hijack an agent's behavior. The document devotes significant attention to identity management, recommending that each agent carry a cryptographically secured identity, use short-lived credentials and encrypt all communications. For high-impact actions, a human should approve the decision, and the guidance is explicit that determining which actions require that approval is a task for system designers, not the agent itself. The agencies acknowledge that the security field has not fully caught up with agentic AI. Some risks unique to these systems are not yet covered