On May 1, 2026, six national cybersecurity agencies — CISA and the NSA in the US, Australia's ASD ACSC, and counterparts in Canada, New Zealand, and the UK — published "Careful Adoption of Agentic AI Services," the first coordinated multigovernment guidance aimed specifically at agentic systems rather than generative AI in general. If you're running or planning agentic workflows in production, this is now the closest thing to an official baseline for doing it responsibly, whether or not you're in a regulated industry.
Why agentic AI needed its own guidance
Generative AI risk guidance has mostly been about outputs — hallucination, prompt-based data leakage, bias. Agentic AI is a different category because these systems take actions: sending emails, modifying records, executing transactions, calling other systems, often with minimal human review at each step. The guidance's framing is blunt: agentic AI will misbehave at some point, and its deployment amplifies whatever security weaknesses an organization already has rather than introducing entirely new ones. Because these systems chain together tools, APIs, and other agents, a weakness in any single connected component can cascade into the agent's broader behavior.
What it actually asks you to do
Five risk categories, 23 specific risks, 100+ practices — but three themes carry most of the weight:
Deploy incrementally and risk-ranked. Start with clearly defined, low-risk tasks instead of granting broad autonomy on day one, and pair every scope expansion with continuous reassessment, not a one-time approval.
Design for the agent behaving unexpectedly, not for it behaving correctly. Build in the ability to pause, roll back, or contain an agent's actions before you need it, because retrofitting containment after an incident is a much worse position to be in.
Put real human control points on high-risk activities. Not a theoretical human-in-the-loop an agent can route around under normal operation — an actual checkpoint that requires approval before the action executes.
Why this reaches past government contractors
The agencies issuing this guidance collectively feed a huge share of the private sector's threat intelligence, and analyst firms including Forrester and the Cloud Security Alliance have already started publishing implementation frameworks that map this guidance onto standard enterprise environments. Expect it to behave the way past joint CISA/NSA guidance on cloud security or ransomware did — a baseline that auditors, cyber-insurance underwriters, and enterprise customers start expecting you to reference, whether or not there's a formal mandate behind it.
Start by inventorying every agentic workflow you already have in production or pilot, including the ones product teams stood up without going through a formal AI governance process — most organizations have more of these than they think once shadow IT is counted. Map each one against the five risk categories, and for any workflow with real side effects, confirm it actually has a tested rollback path rather than just a monitoring dashboard someone glances at occasionally. Do that mapping this quarter, before an auditor or a customer's security questionnaire asks for it and you're doing it under time pressure instead.