The UK’s National Cyber Security Centre (NCSC) has released new guidance for organizations keen to harness agentic AI but concerned about the associated cyber risks.
The new document summarizes a more detailed report authored by the NCSC alongside its Five Eyes counterparts in Australia, Canada, the US and New Zealand.
It argues that the autonomy and complexity of agentic systems make them particularly dangerous, warning of excessively broad access to external systems, data and tools, as well as unpredictable behavior.
Problems can be harder to spot when actions occur faster than humans can review them, while the sheer range of behaviors and tools available to agents make it more challenging to explain a particular course of action, the NCSC continued.
Read more on agentic AI guidance: OWASP Launches Agentic AI Security Guidance.
The NCSC urged organizations to think carefully before they deploy agents, explaining that if over-privileged or poorly designed, a single failure could quickly become a serious incident.
Organizations should therefore think about what might go wrong, reflect on whether AI is really needed for specific use cases and only deploy incrementally, “starting with tightly bounded pilots using clearly defined tasks.”
Teams must work out before deployment who owns the agentic system, who approves its access, who monitors its behavior, who reviews incidents, and who can stop it if something goes wrong, the NCSC added.
“Think about what could happen if an agent misunderstood its task, exceeded its intended scope or was manipulated, and never grant an agent unrestricted access to sensitive data or critical systems,” it said.
“Ensure you maintain ongoing visibility of the system’s operation and understand how to retain meaningful human oversight and control. If you cannot understand, monitor or contain an agent’s actions, it is not ready for deployment.”
A Best Practice Approach For Mitigating Agentic AI Risk
Fortunately, industry best practices can help here, as defined by the international ETSI EN 304 223 standard. The NCSC outlined the following as useful for mitigating agentic AI risk:
- Apply least privilege so that agents get only the minimum access they need, for the shortest time required
- Limit scope by restricting what agents can access, what actions they can take and when they can take them
- Avoid long-lived credentials by using temporary ones where possible and revoking elevated access once tasks are complete
- Use secure defaults so that applications are designed with safe configurations, secure protocols and appropriate validation
- Understand dependencies to manage supply chain risk for third-party components, models, tools and integrations
- Monitor behavior to spot unusual or unexpected activity across tools, workflows and connected systems
- Threat-model the deployment by considering how the system could be misused, manipulated or caused to behave unexpectedly
- Plan for incidents to ensure response plans cover agentic AI failures, misuse and loss of control
“Agentic AI is likely to offer significant benefits in many scenarios, particularly where tasks are repetitive, well-understood and low risk,” the NCSC guidance concludes.
“The NCSC understand the desire to realize these benefits, and are encouraging responsible, thoughtful, and scalable adoption. Start small, apply existing cyber hygiene and governance from the start and plan for failure (including how you would respond to it).”
