A coalition of Five Eyes cybersecurity agencies published joint guidance urging slow, cautious adoption of agentic AI. The guidance, co-authored by the U.S. Cybersecurity and Infrastructure Security Agency (CISA), the United Kingdom National Cyber Security Centre (NCSC), the Australian Signals Directorate/Australian Cyber Security Centre, the Canadian Centre for Cyber Security, and New Zealand’s National Cyber Security Centre, warns that agentic systems expand attack surfaces, can behave unpredictably, and are already being used in critical infrastructure, according to reporting by CyberScoop and The Register. The document lists five broad risk categories, including privilege, design/configuration, behavioral, structural, and supply-chain risks, and recommends folding agentic controls into existing cybersecurity frameworks such as least-privilege and defense-in-depth.
