CISA, NSA Release Security Guidance for Agentic AI Systems
The Cybersecurity and Infrastructure Security Agency and National Security Agency have released guidance on safely adopting agentic AI systems, focusing on large language model-based agents that operate with minimal human oversight.
The guidance identifies specific security challenges organizations face when deploying these systems. It covers threats and vulnerabilities within agentic AI architectures, as well as risks arising from unpredictable system behavior.
What the Guidance Covers
The agencies outline steps for three critical phases: designing agentic systems with security built in, deploying them safely, and operating them with appropriate controls.
Agentic AI systems differ from traditional chatbots or analytics tools. They make autonomous decisions, take actions in external systems, and operate across multiple steps without human intervention between each decision. This autonomy creates new attack surfaces and failure modes that organizations need to understand before deployment.
Why This Matters Now
Organizations across sectors are moving quickly to adopt generative AI and LLM-based agents for customer service, data analysis, and workflow automation. The guidance provides concrete security requirements rather than leaving adoption decisions to individual risk assessments.
The agencies worked with international partners on this guidance, signaling alignment across governments on how these systems should be managed.
Your membership also unlocks:
