CISA, alongside cybersecurity agencies in the UK, Canada, Australia, and New Zealand, published joint guidance on agentic AI this Friday, highlighting key risks associated with the technology and warning that its growing use across critical infrastructure and defense sectors requires stronger security controls.

Agentic AI is a type of artificial intelligence capable of planning, reasoning, and executing multi-step tasks with limited human intervention. Some examples include platforms like Microsoft's Copilot, Google's Gemini, and Anthropic's Claude.

They are increasingly being used in critical infrastructure and defence sectors, which means organizations must actively “anticipate what could go wrong”.

CISA says that agentic AI carries risks that could lead to “productivity losses, service disruption, privacy breaches, or cybersecurity incidents.”

The agency identifies five categories of risks: privilege, design and configuration, behaviour, structural, and accountability.

Privilege risks refer to scenarios in which agentic AI is given too much access – in that case, a compromise can have detrimental consequences for the entire infrastructure. Design and configuration risks stem from poor system setup, like insecure design and provisioning decisions, which can create new vulnerabilities.

Behaviour risks cover how AI agents may act unexpectedly, cause harm, or be manipulated. Structural issues refer to the interconnected structure between agents, meaning that a small issue in one part can spread and cause broader security problems.

Finally, accountability may be hard to trace, as the architecture of AI agents can obscure the decision process, making it harder to assign responsibility when something goes wrong.

The agencies note that security frameworks have yet to to address the risks posed by agentic AI fully, stressing the need for more research and collaboration.

Eran Barak, CEO of the data security firm MIND, said that AI agents are inherently risky, especially when deployed without proper controls.

“AI agents are risky. They are non-human, non-deterministic and autonomous. In other words, they do what they think is right without oversight or control. The best way to secure your AI agents is to control the data they access, but most companies lack a good handle on the sensitive data elements they are racing to connect aI Agents to.”

Barak added that, despite the advice, corporations might be too focused on benefiting from Agentic AI’s advantages, which can make them not so eager to slow down.

“This is a recipe for significant risk, and it is wise to advise slowing down agentic AI rollouts. However, this advice may not be heeded, as the perceived need to achieve or maintain a competitive advantage from agentic AI is currently too great for most enterprises to consider slowing down. Advice would be to move forward while ensuring your data security controls can keep pace with AI.”

---

Unlock exclusive Cybernews content on YouTube.