Five Eyes Nations Release Notable Guidance on Agentic AI Security

On May 1, 2026, the United States Cybersecurity and Infrastructure Security Agency (CISA) and the National Security Agency (NSA) released a 30-page guidance document titled Careful Adoption of Agentic AI Services. This marks the first time cybersecurity agencies from the Five Eyes alliance—Australia, Canada, New Zealand, the United Kingdom, and the United States—have formally addressed the unique security challenges posed by agentic AI systems. These systems use one or more agents powered by large language models (LLMs) that can autonomously interpret information, make decisions, and take actions.

The guidance outlines a set of security risks associated with agentic AI, offering over 100 actionable recommendations for organizations involved in the design, development, deployment, and operation of such systems. This is particularly relevant for sectors handling critical infrastructure and defense, which face heightened security demands.

Cautious Approach to Adoption

In a time of rapid technological advancement, the Five Eyes agencies advocate for a careful and incremental approach to adopting agentic AI. The guidance stresses that security should be a primary focus, recommending that organizations begin with clearly defined, low-risk tasks. Continuous reassessment of risks as threats evolve is also emphasized. Essential prerequisites for implementing AI agents include strong governance structures, clear accountability, rigorous monitoring, and human oversight. The document notably advises against granting broad or unrestricted access to sensitive data or critical systems.

Security Risks and Considerations

As organizations explore integrating agentic AI, they must address a complex array of security risks. The guidance outlines several critical vulnerabilities:

1. Inherited Risks of LLMs: Agentic AI systems are fundamentally built on large language models, which carry existing vulnerabilities. Threats such as prompt injection and adversarial manipulation are major concerns, as malicious actors can exploit these weaknesses through established AI attack vectors.

2. Increased Attack Surface: The reliance on external data sources, third-party tools, and memory systems expands the attack surface. This exposes agentic AI systems to new exploitation avenues, including indirect prompt injection via web-connected services.

3. Complexity of Architectures: The continuous flow of information between AI and non-AI systems complicates traditional defensive strategies. This interconnectedness raises the risks of cascading failures and complicates isolating AI-specific threats from broader cybersecurity challenges.

4. Evolving Security Landscape: As agentic AI technology matures, the security landscape will likely shift. Governance mechanisms that work for human actors may not translate effectively to autonomous agents, leading to unpredictable behavior and persistent gaps in security tooling and standards.

Implications for Organizations

The guidance serves as a vital resource for organizations seeking to implement agentic AI responsibly. By prioritizing the recommendations outlined in the document, companies can better navigate the complexities of these systems while aligning their security practices with evolving technological realities. The emphasis on security as a core priority aligns with broader business imperatives, ensuring that organizations can innovate while safeguarding their critical assets.

As agentic AI continues to evolve, careful, informed adoption will be essential. Organizations are urged to integrate these guidelines into their strategic frameworks, balancing innovation with security to mitigate potential risks. The Five Eyes agencies offer a critical perspective on the priorities for risk identification, assessment, and mitigation, which will be vital as the landscape of AI technology transforms.