Privacy & Cybersecurity Law Blog

On May 1, 2026, the cybersecurity authorities of Australia, Canada, New Zealand, the United States and the United Kingdom published joint guidance on the secure adoption of agentic artificial intelligence (“AI”) systems (the “Guidance”). The Guidance is intended to assist organizations that design, develop, deploy or operate agentic AI systems.

The Guidance focuses primarily on large language model-based agentic AI systems. Unlike more conventional generative AI tools which produce content or predictions for human use, agentic AI systems may be able to interpret objectives, retain context, access external data, use tools, make decisions, and take actions with limited ongoing human involvement. In some cases, such systems may also create sub-agents to carry out specific tasks. While the Guidance acknowledges that these capabilities may offer clear benefits, it emphasizes that they also create a broader and more complex security risk profile than non-agentic AI tools.

The Guidance identifies the following key security risks associated with agentic AI, accompanied by example scenarios:

• Privilege risks: Granting AI agents broad access to systems, data, tools and services may expand the attack surface and increase the potential impact of a compromise.
• Design and configuration risks: Unvetted third-party components may introduce excessive, unintended, or poorly understood privileges, thereby increasing security and operational risks.
• Behavior risks: AI agents may pursue objectives in unintended ways, resulting in unpredictable, misaligned, or otherwise undesirable behavior.
• Structural risks: Where tasks are delegated autonomously or actions are not validated in advance, visibility and control may be reduced. Similar concerns may arise where actions occur too quickly or across too many interconnected systems for meaningful human review.
• Accountability risks: Agentic AI systems may obscure the causes of particular actions, creating accountability and explainability challenges. This can make it difficult to determine why an action was taken or to identify which component or decision caused an adverse outcome.

The Guidance also notes that agentic AI systems inherit known large language model risks, including prompt injection, hallucinations and other forms of malicious manipulation. According to the Guidance, such risks may be amplified where AI agents are able to act on external systems, operate across connected environments or make use of elevated privileges.

A recurring theme throughout the Guidance is that organizations should approach adoption cautiously and incrementally. The Guidance recommends that organizations first assess whether agentic AI is necessary for the relevant task and whether the same objective could be achieved through a simpler or lower-risk form of automation.

The Guidance further emphasizes that agentic AI security should be addressed within existing cybersecurity and governance frameworks, rather than treated as a separate discipline, and makes clear that accountability remains with human decision-makers. Organizations are expected to define, before deployment, who owns the system, who approves its access, who monitors its behavior, who reviews incidents and who has authority to suspend or terminate its operation.

In its press release, the UK National Cyber Security Centre identified examples of practical measures recommended in the Guidance, such as:

• Give AI agents only the minimum access necessary, and only for the period required to complete the relevant task.
• Restrict the systems, data, tools, and actions available to an AI agent, as well as the circumstances in which it may act.
• Use temporary or just-in-time credentials where possible and revoke elevated permissions promptly once a task is complete.
• Treat each AI agent as a distinct identity and secure agent-to-agent and agent-to-service authentication.
• Configure systems to fail safely, escalate uncertainty, and prevent AI agents from overriding core safeguards.
• Maintain visibility into AI agent activity, tool use, privilege changes, and anomalous behavior across connected systems.
• Assess how the AI system could be misused or manipulated, and ensure incident response processes address compromise, misuse, and loss of control.

Read the Guidance here.