Skip to content

CISA, US and International Partners Release Guide to Secure Adoption of Agentic AI

Chimera readability score 93 out of 100, Quantum Electrodynamics reading level.

WASHINGTON – Today, the Cybersecurity and Infrastructure Security Agency (CISA), Australian Signals Directorate’s Australian Cyber Security Centre (ASD ACSC), and other U.S. and international partners published, Careful Adoption of Agentic Artificial Intelligence (AI) Services, a joint guide that presents organizations with the cybersecurity challenges and risks associated with introducing agentic AI along with recommended mitigations.

Critical infrastructure and defense sectors are increasingly deploying agentic AI systems to support mission-critical systems and capitalize on significant automation benefits. However, these systems can introduce additional cybersecurity risks, such as an expanded attack surface, privilege creep, behavioral misalignment, and obscure event records. This joint guide provides developers, vendors and operators with best practices for securing agentic AI systems and recommended actions to defend against future risks.

“CISA is committed to supporting the US’s adoption of AI that includes ensuring it aligns with President Trump’s Cyber Strategy for America and is cyber secure,” said CISA Acting Director Nick Andersen. “We actively collaborate with government and international partners on shared priorities with AI advancements while addressing cybersecurity challenges and risks. CISA encourages agentic AI developers, vendors and operators to review this guide.”

Actionable recommendations for organizations using agentic AI include:

  • Avoid granting broad or unrestricted access, especially to sensitive data or critical systems
  • Begin with agentic AI use cases that are low-risk and non-sensitive
  • Account for agentic AI security in your organization's security model and risk posture

For more information, please visit Artificial Intelligence on CISA.gov.

###

About CISA

As the nation’s cyber defense agency and national coordinator for critical infrastructure security, the Cybersecurity and Infrastructure Security Agency leads the national effort to manage, uncover, and reduce risk to our digital and physical infrastructure Americans rely on every hour of every day.

Visit CISA.gov for more information and follow us on X, Facebook, LinkedIn, Instagram.

Facts Only

* CISA, ASD ACSC, and other U.S. and international partners published a joint guide on the secure adoption of agentic AI.
* The guide presents cybersecurity challenges and risks associated with introducing agentic AI and recommended mitigations.
* Agentic AI systems can introduce risks such as an expanded attack surface, privilege creep, behavioral misalignment, and obscure event records.
* Critical infrastructure and defense sectors are deploying agentic AI systems for mission-critical support and automation.
* The guide provides best practices for securing agentic AI systems and recommended defensive actions for operators and vendors.
* Recommendations include avoiding broad or unrestricted access to sensitive data or critical systems.
* Recommendations include starting with agentic AI use cases that are low-risk and non-sensitive.
* Organizations are advised to account for agentic AI security within their security model and risk posture.
* CISA Acting Director Nick Andersen stated commitment to ensuring AI adoption aligns with the U.S. Cyber Strategy and is cyber secure.

Executive Summary

The Cybersecurity and Infrastructure Security Agency (CISA), the Australian Signals Directorate’s Australian Cyber Security Centre (ASD ACSC), and other U.S. and international partners released a joint guide titled "Careful Adoption of Agentic Artificial Intelligence (AI) Services." This guide outlines the cybersecurity challenges and risks associated with introducing agentic AI and provides recommended mitigations. The guide addresses the increasing deployment of agentic AI in critical infrastructure and defense sectors to support mission-critical systems and automation. The risks identified include an expanded attack surface, privilege creep, behavioral misalignment, and obscured event records. The joint guidance offers best practices for developers, vendors, and operators on securing these systems. Actionable recommendations for organizations include avoiding broad access to sensitive data or critical systems, starting with low-risk and non-sensitive AI use cases, and integrating agentic AI security into the overall organizational risk posture.

Full Take

The framing of this guidance leverages the established authority of governmental bodies (CISA, ASD ACSC) to establish immediate credibility and urgency regarding a nascent and complex technology. By focusing on systemic risks—attack surface expansion, privilege creep, and behavioral misalignment—the narrative successfully transitions the discussion from theoretical AI capability to tangible, immediate operational security concerns. The core pattern here is the authoritative use of threat language to compel action from developers and operators.
The narrative implicitly positions risk management as the primary responsibility of the deploying organizations, thereby structuring the adoption process around mitigation rather than purely technical innovation. This moves the focus from the potential benefits of automation to the necessary defensive infrastructure. The implication is that agentic AI, by its nature, introduces systemic vulnerabilities that must be controlled by human-defined boundaries, rather than being treated as an unmitigated feature.
The potential for pattern detection centers on the deployment of "fear appeals" and "authority games." The urgency is manufactured by linking advanced technology directly to existing, critical security mandates (e.g., the Cyber Strategy for America). This structure creates a perceived necessity for immediate compliance, which is a form of soft coercion. The underlying assumption is that the technical complexity of agentic systems is inherently adversarial until explicitly secured.
This raises critical questions about the division of responsibility: If risks like behavioral misalignment and obscured records emerge from the agentic system's design, does the responsibility for mitigating these risks truly rest with the end-user, or does it require mandating specific, auditable safety standards at the developmental stage? Furthermore, whose interests are served by emphasizing low-risk entry points and access restrictions? What are the long-term consequences if the focus remains on immediate operational defense rather than fundamental architectural safety?

Sentinel — Human

Confidence

The text is a clear, fact-based release from established government bodies, exhibiting the structure and specific detail characteristic of human-authored policy communication rather than generic synthetic text.

Signals Detected
low severity: Natural variance in sentence structure and focus; clear, slightly formal press release tone.
low severity: Strong thematic focus; cohesive flow between the problem statement (risks) and the solution (recommendations).
low severity: Specific attribution (Nick Andersen quote) and clear organizational context (CISA, ASD ACSC) point toward a real-world public announcement.
low severity: The politically specific reference to the President's Cyber Strategy is an indicator of human-contextual writing rather than generalized LLM output.
Human Indicators
The specific, contextually-loaded attribution to CISA Acting Director Nick Andersen suggests a primary source involvement.
The integration of specific organizational names (CISA, ASD ACSC) and explicit policy alignment demonstrates deep domain knowledge consistent with official communication.