CISA · 2026-05-01 · major
CISA and Five-Eyes Allies Publish Joint Guidance on Securely Deploying Agentic AI
CISA, NSA, ASD ACSC, CCCS, NCSC-NZ, and NCSC-UK released a joint guide on agentic AI deployment that treats agent identities as zero-trust endpoints and names prompt injection as the top threat.
Five governments tell their critical-infrastructure operators to treat AI agents like zero-trust endpoints, not pet projects.
What is it?
A coordinated joint publication from the cybersecurity agencies of the United States (CISA, NSA), Australia (ASD ACSC), Canada (CCCS), New Zealand (NCSC-NZ), and the United Kingdom (NCSC-UK) on how organisations should risk-assess and govern autonomous AI agents.
How does it work?
The guide enumerates five risk classes — privilege, design, behavior, structural, and accountability — and recommends defense-in-depth, mandatory risk assessments before deployment, cryptographically-secured agent identities with short-lived credentials, encrypted agent communications, human-in-the-loop approval for high-impact actions, and an explicit prompt-injection threat model. Agencies tell operators to assume agents will behave unexpectedly and prioritise reversibility over efficiency.
Why does it matter?
This is the first multi-government baseline for agentic AI deployment in critical infrastructure. Vendors selling agents into regulated buyers will be measured against it, and procurement teams now have a concrete checklist of controls — agent identity, blast radius, audit trails — that they can require contractually.
Who is it for?
CISO and security leadership, AI agent vendors, regulated-industry buyers.