The U.S. Cybersecurity and Infrastructure Security Agency (CISA), alongside international partners, has released a new guide aimed at helping organizations securely adopt agentic artificial intelligence while addressing emerging cybersecurity risks.
Published on May 1, Careful Adoption of Agentic Artificial Intelligence (AI) Services outlines the security challenges associated with deploying autonomous AI systems and offers mitigation strategies for developers, vendors, and operators. The guide was developed jointly by CISA, the Australian Signals Directorate’s Australian Cyber Security Centre (ASD ACSC), and other global partners.
As critical infrastructure and defense organizations increasingly adopt agentic AI to support mission-critical operations and automation, officials warn that these systems can expand cybersecurity vulnerabilities. Risks include broader attack surfaces, privilege creep, behavioral misalignment, and limited visibility into system events.
“CISA is committed to supporting the U.S.’s adoption of AI that includes ensuring it aligns with President Trump’s Cyber Strategy for America and is cyber secure. We actively collaborate with government and international partners on shared priorities on AI advancements while addressing cybersecurity challenges and risks. CISA encourages agentic AI developers, vendors and operators to review this guide,” said CISA Acting Director Nick Andersen.
The guidance recommends limiting AI systems’ access to sensitive data and critical infrastructure while encouraging organizations to begin with low-risk, nonsensitive use cases as they scale adoption.