ACCORDING to the UK’s National Cyber Security Centre (NCSC), a new guidance document helps organisations balance harnessing agentic AI with cyber risk considerations. The guidance summarises a report produced alongside Five Eyes partners and stresses that the autonomy and complexity of agentic systems can be dangerous, including risks from over-privileged access and rapid, hard-to-spot actions.
It urges organisations to think carefully before deployment, start with tightly bounded pilots, and deploy incrementally while clarifying ownership, access approvals, monitoring, incident review, and the authority to stop the system if needed. The NCSC warns against granting unrestricted access to sensitive data or critical systems and emphasises ongoing visibility and meaningful human oversight.
A best-practice approach outlined includes applying least privilege, limiting scope, avoiding long-lived credentials, using secure defaults, understanding dependencies, monitoring behaviour, threat-modeling, and planning for incidents. The guidance notes that agentic AI is likely to offer benefits in repetitive, well-understood, low-risk scenarios, while encouraging a responsible, scalable adoption with planning for failure and appropriate cyber hygiene from the start.