Five Eyes intelligence agencies have issued a joint warning urging organizations to prioritize security and resilience over rapid deployment when adopting autonomous agentic artificial intelligence systems in critical infrastructure.

Key Points

• The Five Eyes alliance, including CISA, the NSA, and counterparts from the UK, Canada, Australia, and New Zealand, co-authored the guidance.
• The report warns that agentic AI expands attack surfaces by integrating multiple tools, external data sources, and complex software components.
• Agencies highlight risks where AI agents with broad permissions can be manipulated by malicious prompts to perform unauthorized actions or delete security logs.
• The guidance includes 23 identified risks and over 100 best practices for developers and organizations to implement.
• Experts recommend that vendors ensure systems "fail-safe by default" and require human intervention for uncertain or high-risk tasks.

Why it Matters

This guidance signals a major shift in how governments view the integration of autonomous AI into critical national infrastructure and corporate environments. By emphasizing risk containment over productivity, the alliance is setting a new standard for security governance that could slow the adoption of AI tools until more robust safety frameworks are established.