Cybersecurity Authorities Issue Joint Guidance on the Adoption of Agentic AI Systems
Cybersecurity Authorities Issue Joint Guidance on the Adoption of Agentic AI Systems
Publish Date: 2026-05-28 13:40:00
Source Domain: www.hunton.com
Cybersecurity Authorities Issue Joint Guidance on the Adoption of Agentic AI Systems
On May 1, 2026, the cybersecurity authorities of Australia, Canada, New Zealand, the United States and the United Kingdom published joint guidance on the secure adoption of agentic artificial intelligence (“AI”) systems (the “Guidance”). The Guidance is intended to assist organizations that design, develop, deploy or operate agentic AI systems.
The Guidance focuses primarily on large language model-based agentic AI systems. Unlike more conventional generative AI tools which produce content or predictions for human use, agentic AI systems may be able to interpret objectives, retain context, access external data, use tools, make decisions, and take actions with limited ongoing human involvement. In some cases, such systems may also create sub-agents to carry out specific tasks. While the Guidance acknowledges that these capabilities may offer clear benefits, it emphasizes that they also create a broader and more complex security risk profile than non-agentic AI tools.
The Guidance identifies the following key security risks associated with agentic AI, accompanied by example scenarios:
- Privilege risks: Granting AI agents broad access to systems, data, tools and services may expand the attack surface and increase the potential impact of a compromise.
- Design and configuration risks: Unvetted third-party components may introduce excessive, unintended, or poorly understood privileges, thereby increasing security and operational risks.
- Behavior risks: AI agents may pursue objectives in unintended ways, resulting in unpredictable, misaligned, or otherwise undesirable behavior.
- Structural risks: Where tasks are delegated autonomously or actions are not validated in advance, visibility and control may be reduced. Similar concerns may arise where actions occur too quickly or across too many interconnected systems for meaningful human review.
- Accountability risks: Agentic AI…
