ctipilot.ch

Five Eyes + CISA/NSA — Careful Adoption of Agentic AI Services guidance (five risk categories)

annual-report · annual-report:five-eyes-agentic-ai-guidance-2026

Coverage timeline
1
first 2026-05-18 → last 2026-05-18
Briefs
1
1 distinct
Sources cited
2
2 hosts
Sections touched
1
weekly_summary
Co-occurring entities
0
no co-occurrence

Story timeline

  1. 2026-05-18CTI Weekly Summary — 2026-W21 (Mon 18 – Sun 24, 2026)
    weekly_summaryConsolidated in weekly summary for week 2026-W21

Where this entity is cited

  • weekly_summary1

Source distribution

  • cisa.gov1 (50%)
  • media.defense.gov1 (50%)

All cited sources (2)

Items in briefs about Five Eyes + CISA/NSA — Careful Adoption of Agentic AI Services guidance (five risk categories) (1)

Five Eyes + CISA/NSA joint guidance on agentic AI security — five risk categories for autonomous AI in enterprise and critical infrastructure

From CTI Weekly Summary — 2026-W21 (Mon 18 – Sun 24, 2026) · published 2026-05-18 · view item permalink →

Published 2026-05-01, "Careful Adoption of Agentic AI Services" (CISA, NSA, ASD ACSC, CCCS, NCSC-NZ, NCSC-UK) is the first coordinated international guidance specifically addressing agentic AI deployment risks. Five risk categories:

  1. Privilege risks — agents operating with excessive permissions enabling lateral movement when compromised (mitigated by least-privilege tool-permission scoping).
  2. Design and configuration risks — prompt injection and goal-misspecification allowing unexpected autonomous actions (mitigated by input validation and bounded goal-spaces).
  3. Behavioral risks — hallucination or adversarial manipulation leading to harmful autonomous decisions (mitigated by human-in-the-loop gates for irreversible or high-impact actions).
  4. Structural risks — agent-to-agent trust escalation in multi-agent orchestration where one compromised agent impersonates a higher-privileged agent (mitigated by agent-identity isolation and mutual authentication between orchestrators).
  5. Accountability risks — audit trail gaps when automated reasoning is opaque (mitigated by mandatory logging of all agent reasoning traces and tool invocations to an append-only audit log).

Notable absence: BSI, ANSSI, and NCSC-CH are not co-authors. DORA-regulated entities should assess how these five risk categories interact with ICT risk management obligations for novel technology; ENISA agentic AI guidance is anticipated but not yet published. Swiss federal entities operating AI-agent-driven procurement or case-management systems face a guidance gap until a CH-specific equivalent emerges.