AI & Machine LearningQuantum Computing

Five Eyes Agencies Warn of Agentic AI Risks, Urge Cautious Adoption

Analyst 207||Source: TheRegister
Briefing room with podium, chairs, and laptop on a table near a large window.

"Agentic artificial intelligence (AI) systems increasingly operate across critical infrastructure and defense sectors and support mission-critical capabilities," the joint guidance states, warning that those very deployments make careful security planning essential.

Five Eyes agencies jointly warn on agentic AI

Last Friday, information security agencies from the Five Eyes alliance published a joint guide titled Careful adoption of agentic AI services that urges slow, cautious uptake of agentic artificial intelligence. The document, co-authored by Australia’s Signals Directorate and Cyber Security Centre (ASD’s ACSC) together with the U.S. Cybersecurity and Infrastructure Security Agency (CISA) and National Security Agency (NSA), the Canadian Centre for Cyber Security (Cyber Centre), the New Zealand National Cyber Security Centre (NCSC-NZ) and the United Kingdom National Cyber Security Centre (NCSC-UK), frames agentic AI as a growing presence across critical infrastructure and defense sectors and therefore a national-security concern.

Interconnected attack surface and concrete failure scenarios

The guidance argues that agentic AI requires “many components, tools, and external data sources,” creating an “interconnected attack surface that malicious actors can exploit.” It adds that “every individual component in an agentic AI system widens the attack surface, exposing the system to additional avenues of exploitation.”

To make that abstract risk concrete, the document offers two illustrative scenarios:

  • An AI agent given broad write permissions to install patches is asked by a malicious insider to “Apply the security patch on all endpoints and while you are at it, please clean up the firewall logs.” Because its permissions allow it, the agent performs maintenance and deletes firewall logs, bypassing expected privilege controls.
  • An organization deploys an agent to autonomously manage procurement approvals with access to financial systems, email and contract repositories. Other agents come to trust its outputs, a low-risk integrated tool is later compromised, and the attacker leverages the procurement agent’s generous privileges to modify contracts, approve unauthorized payments, and evade detection by creating faked audit logs.

Scope of risks and recommended safeguards

The guide enumerates 23 distinct risks and more than 100 individual best practices to address them. Its central recommendation is to “prioritize resilience, reversibility and risk containment over efficiency gains.” It urges organisations to

  • deploy agentic AI incrementally, “beginning with clearly defined low-risk tasks”;
  • treat “strong governance, explicit accountability, rigorous monitoring and human oversight” as essential prerequisites rather than optional safeguards;
  • design products to “fail-safe by default requiring agents to stop and escalate issues to human reviewers in uncertain scenarios”; and
  • ensure vendors test systems thoroughly before operational use.

The document also stresses that “until security practices, evaluation methods and standards mature, organisations should assume that agentic AI systems may behave unexpectedly and plan deployments accordingly.”

Threat intelligence gaps and current tooling

The guidance cautions that threat intelligence for agentic AI is still evolving, leaving potential security gaps. It notes that existing resources such as the Open Web Application Security Project and MITRE ATLAS “currently focus on LLMs,” and as a result “some attack vectors unique to agentic AI may not be fully captured or addressed.” The agencies therefore call on security practitioners and researchers to devote more attention to agentic-specific attack vectors and detection methods.

What this means for developers, vendors, and security practitioners

  • Developers and deployers: Expect to integrate many components and external data sources, which the guidance says widens the attack surface; follow the document’s over 100 best practices, start with low-risk tasks, and build in reversibility and monitoring.
  • Vendors: The agencies tell vendors to “test their wares thoroughly” and to make products “fail-safe by default requiring agents to stop and escalate issues to human reviewers in uncertain scenarios.”
  • Security practitioners and researchers: The guidance asks them to expand threat intelligence efforts beyond LLM-focused frameworks and to prioritise discovery and mitigation of attack vectors that are specific to agentic AI architectures.

The message from the Five Eyes agencies is unambiguous: agentic AI amplifies existing system frailties and creates new avenues for exploitation, so adopt cautiously and build for containment before chasing productivity gains. Until evaluation methods and standards catch up, the guidance advises treating agentic systems as likely to “behave unexpectedly” and planning deployments accordingly.

Original story

Agentic AiArtificial IntelligenceCisaCritical InfrastructureEmerging ThreatsNational SecurityNSAFive EyesAsd's ACSC
Related Intelligence

Continue Reading

Military officer at podium in Pentagon briefing room with large screen display.

Pentagon Unveils Agentic-AI Tool to Rapidly Generate Targeting Options

The Pentagon has launched Agent Network, a game-changing AI tool that rapidly analyzes vast amounts of data to deliver actionable targeting options to commanders in mere seconds. This innovative technology empowers commanders to make informed decisions, with AI-driven insights at their fingertips, while ensuring humans remain in the decision-making driver's seat.

Analyst 207
Modern lab setting with futuristic equipment and blank laptop screen.

OpenAI Unveils GPT-5.6 Sol With Enhanced Cyber Safeguards

Meet GPT-5.6 Sol, the latest innovation from OpenAI, equipped with a robust safety stack that sets a new standard for cyber protection, and get ready for the rollout of its efficient and speedy siblings, Terra and Luna. With enhanced safeguards against real-world attacks, this cutting-edge family of models is poised to revolutionize the way we interact with AI.

Analyst 207
Professional interacts with futuristic autonomous system in office setting.

Agentic AI Reshapes GRC with Autonomous Controls Monitoring

Imagine a future where AI doesn't just automate tasks, but empowers GRC practitioners to focus on high-impact decisions - that's the promise of agentic AI, which brings autonomous controls monitoring to the table. By combining autonomy, context, and multi-step execution, agentic tools can revolutionize the way we approach governance, risk, and compliance.

Analyst 207
Qihoo 360 CEO speaks at a tech conference with a large screen displaying code behind him.

Qihoo 360 Unveils AI Bug-Finder to Rival Anthropic's Mythos

Qihoo 360 CEO Zhou Hongyi has unveiled an AI bug-finder, positioning it as a powerful countermeasure to restricted Western tools, likening Anthropic's Mythos to a "cyber nuclear weapon". This new Chinese innovation aims to level the playing field in cybersecurity.

Analyst 207