On 1 May 2026, the Australian Signals Directorate's Australian Cyber Security Centre (ASD's ACSC) co-published Joint Guidance on the Careful Adoption of Agentic AI Services with the United States Cybersecurity and Infrastructure Security Agency (CISA) and National Security Agency (NSA), the Canadian Centre for Cyber Security, the New Zealand National Cyber Security Centre and the United Kingdom National Cyber Security Centre. The guidance is aimed at government, critical infrastructure and industry stakeholders.
The authoring agencies define agentic AI as systems composed of one or more agents that rely on a foundation model — typically a large language model — to interpret state, make decisions and take actions with limited continuous human intervention. The guidance distinguishes agentic AI from conventional LLM systems by five attributes:
- underspecified objectives;
- autonomous action;
- goal-directed behaviour;
- long-term planning;
- the capacity to spawn sub-agents.
The agencies recommend that organisations align agentic AI risks and mitigation strategies with their existing security model, never grant agentic AI broad or unrestricted access — especially to sensitive data or critical systems — and use agentic AI only for low-risk and non-sensitive tasks. They also recommend that organisations consider the full spectrum of solutions for repetitive work, including reducing or eliminating low-value processes that might otherwise become candidates for agentic-AI automation.
The guidance covers threats to and vulnerabilities within agentic AI systems as well as risks arising from the systems' behaviour, including those introduced through components, integrations and downstream use. Identified threat categories include misuse and misappropriation of agentic AI, productivity losses, service disruption, privacy breaches and cyber-security incidents.