Five Eyes Agencies (CISA, NSA, GCHQ, ASD, CCCS) Release Joint Guidance: 'Careful Adoption of Agentic AI Services' for Critical Infrastructure
The cybersecurity agencies of the US, UK, Australia, Canada, and New Zealand jointly released guidance warning that AI agents capable of real-world actions are already inside critical infrastructure, and most organizations grant them far more access than they can safely monitor. The document identifies five risk categories: excessive privilege (single compromise causes cascading damage), behavioral risks (agents pursuing unintended goals), structural risk (interconnected agent failures), accountability gaps (opaque decision logs), and supply chain risks. Core recommendation: fold agents into existing zero-trust, defense-in-depth, and least-privilege frameworks rather than creating a new security discipline.
Source
↳ Follow the thread