The United Kingdom’s National Cyber Security Centre (NCSC) has recently unveiled a new guideline aimed at organizations eager to leverage agentic artificial intelligence (AI) while remaining vigilant about the potential cybersecurity risks that accompany such technology. This newly released document encapsulates a more comprehensive report crafted in collaboration with the NCSC’s Five Eyes partners—Australia, Canada, the United States, and New Zealand.
The NCSC emphasizes that the autonomy and intricate nature of agentic systems pose substantial risks. The guidance highlights the dangers linked to excessive and indiscriminate access these systems might have to external platforms, data, and tools. Moreover, organizations are cautioned about the unpredictable behavior that may arise from deploying these systems. Such unpredictability can complicate the identification of issues, especially when actions are executed at speeds that far exceed human capabilities for review or oversight. The wide array of actions and tools available to agentic systems further complicates the ability to clarify and explain any specific behavior or decision made by the AI agents.
Recognizing these complexities, the NCSC urges organizations to approach the deployment of agentic AI with a considerable degree of caution. It asserts that if these systems are over-engineered or allocated excessive privileges, a single failure could escalate into a significant incident rapidly. Organizations should proactively consider potential pitfalls, evaluate whether AI truly provides a solution for their specific use cases, and implement agentic AI systems incrementally. The guidance encourages starting with tightly contained pilot projects that involve clearly defined tasks, thereby allowing for better control and oversight.
To bolster a successful and secure deployment, organizations must clarify roles and responsibilities prior to launching the agentic systems. This includes identifying the individuals or teams who will be responsible for ownership of the agentic system, monitor its behavior, approve its access levels, review any incidents that arise, and possess the authority to intervene if something goes awry. The NCSC strongly warns against granting agents unrestricted access, particularly to sensitive data or critical systems. It stresses the importance of maintaining visibility regarding the system’s operational status and understanding how to uphold meaningful human oversight and control. If an organization cannot monitor, understand, or effectively contain the actions of an agent, it should reconsider the readiness of that agent for deployment.
To mitigate the risks associated with agentic AI, the NCSC offers a series of best practices, drawing from the internationally recognized ETSI EN 304 223 standard. These practices include:
-
Apply Least Privilege: Ensure that agents are granted only the minimum access necessary for the shortest time required, minimizing potential exposure.
-
Limit Scope: Restrict what tasks agents are permitted to engage in, as well as what data and systems they can access. Properly defining these boundaries is essential.
-
Avoid Long-Lived Credentials: Where feasible, utilize temporary credentials. Once tasks are concluded, revoking elevated access protects against unintended security breaches.
-
Use Secure Defaults: Design applications with safety in mind by implementing secure configurations, robust protocols, and reliable validation.
-
Understand Dependencies: Actively manage supply chain risks associated with third-party components, models, tools, and integrations to bolster overall system security.
-
Monitor Behavior: Focus on identifying unusual or unexpected activities by observing tools, workflows, and interconnected systems.
-
Threat-Model Deployment: Consider potential avenues through which the system might be misused, manipulated, or forced to behave unexpectedly.
- Plan for Incidents: Ensure that response strategies are comprehensive enough to handle failures, misuse, and scenarios where control over the system may be compromised.
The NCSC concludes its guidance by acknowledging the significant advantages that agentic AI can bring, especially in contexts where tasks are repetitive, well-defined, and entail low risk. They understand the eagerness of organizations to capture these benefits but advocate for a responsible, deliberate approach to adoption. The guidance encourages stakeholders to start small, implement robust cybersecurity protocols from the outset, and always plan for potential failures and how to respond effectively should they occur. By adhering to these principles, organizations can unlock the vast potential of agentic AI while minimizing associated risks.