NCSC Warns Organisations Not to Rush into Agentic AI
- Andy Gravett
- 7 days ago
- 3 min read
Overview
The UK's National Cyber Security Centre (NCSC) has urged organisations to take a measured approach to adopting agentic AI, highlighting growing cyber and operational risks associated with highly autonomous AI systems. [The Cyber Express](https://thecyberexpress.com/agentic-ai-expands-enterprise-attack-surface/) The joint guidance, titled
Careful Adoption of Agentic AI Services, was published on May 18, 2026, co-authored by the NCSC with international partners. [Let's Data Science](https://letsdatascience.com/news/ncsc-issues-guidance-on-securing-agentic-ai-use-c77d1883) Those partners include Australia's ACSC, the US CISA and NSA, and the Canadian Centre for Cyber Security — the broader Five Eyes alliance. [Reseller News](
What Is Agentic AI?
Unlike conventional generative AI systems that primarily create content for human review, agentic AI systems can autonomously interact with software tools, external data sources, and enterprise environments to complete tasks. Reseller News https://www.reseller.co.nz/article/4168114/ncsc-and-five-eyes-cyber-agencies-warn-channel-partners-over-agentic-ai-risks-report.html) The guidance characterises these systems as tools that can plan, make decisions, access data sources, remember context, use tools, take actions autonomously, and even create sub-agents. [Let's Data Science]
---
Key Risks Identified
1. Expanded Attack Surface
Key risks include inherited vulnerabilities from large language models (LLMs), an increased attack surface due to interconnected components, and the complexity of securing systems that blur traditional defensive boundaries. [UKAuthority] 1https://www.ukauthority.com/articles/ncsc-and-international-partners-warns-of-agentic-ai-risks
2. Unpredictable and Deceptive Behaviour
The advisory also warns of deceptive behaviour, where AI agents may provide false information or hide their true capabilities, as well as emergent capabilities that developers did not explicitly program. [UKAuthority]https://www.ukauthority.com/articles/ncsc-and-international-partners-warns-of-agentic-ai-risks
3. Speed Outpacing Human Review
Agentic AI's speed, while an asset, also makes it harder to spot problems, as it moves faster than humans can meaningfully review. The model's actions are also difficult to fully explain due to the range of behaviours and tools available to the agents. [DIGIT]https://www.digit.fyi/ncsc-releases-new-guidance-on-secure-agentic-ai-deployment/
4. Over-Privileged Agents
The NCSC urged organisations to think carefully before deploying agents, explaining that if over-privileged or poorly designed, a single failure could quickly become a serious incident. [Infosecurity Magazine]https://www.infosecurity-magazine.com/news/ncsc-publishes-guidance-securing/
5. Consequences of Misuse
Agentic AI systems can be misused or misappropriated, leading to productivity losses, service disruption, privacy breaches, or cybersecurity incidents. [UKAuthority]https://www.ukauthority.com/articles/ncsc-and-international-partners-warns-of-agentic-ai-risks
---
Core Recommendations
Start Small and Go Incremental
The NCSC urged organisations to adopt agentic AI gradually rather than deploying it across critical systems from the outset. The guidance recommends tightly controlled pilot deployments focused on clearly defined, low-risk tasks. [The Cyber Express]https://thecyberexpress.com/agentic-ai-expands-enterprise-attack-surface/
Question Whether AI Is Even Necessary
Organisations are encouraged to assess whether AI is genuinely necessary before integrating autonomous agents into existing workflows. [The Cyber Express](https://thecyberexpress.com/agentic-ai-expands-enterprise-attack-surface/) Businesses should also consider whether simpler automation approaches could achieve the same outcomes with lower risk. [Reseller News]https://www.reseller.co.nz/article/4168114/ncsc-and-five-eyes-cyber-agencies-warn-channel-partners-over-agentic-ai-risks-report.html
Maintain Human Accountability
The NCSC insists on human accountability — meaning a human must be accountable for the decision to deploy an AI agent, the access it was granted, the safeguards around it, and the consequences of its operation. These roles should be defined before the agent is connected to real systems or data. [DIGIT]https://www.digit.fyi/ncsc-releases-new-guidance-on-secure-agentic-ai-deployment/
Apply Least-Privilege and Defence-in-Depth
The guidance recommends applying traditional cybersecurity principles such as least-privilege access, defence-in-depth strategies, strong identity management, and continuous monitoring to agentic AI deployments. [Reseller News]https://www.reseller.co.nz/article/4168114/ncsc-and-five-eyes-cyber-agencies-warn-channel-partners-over-agentic-ai-risks-report.html
Prioritise Resilience Over Efficiency
Until evaluation methods and standards mature, the agencies say agentic deployments should prioritise resilience, reversibility, and risk containment — and organisations should assume systems may behave unexpectedly. [Resultsense]https://www.resultsense.com/news/2026-05-08-ncsc-five-eyes-agentic-ai-advisory/
---
The Core Principle
Perhaps the most memorable takeaway from the guidance is this direct test for deployment readiness:
> "If you cannot understand, monitor or contain an agent's actions, it is not ready for deployment." [The Cyber Express](https://thecyberexpress.com/agentic-ai-expands-enterprise-attack-surface/)
---
Why This Matters
This is the first co-signed Five Eyes guidance specifically on agentic AI, giving UK organisations a consistent international template to point to when boards ask why agentic deployments need slow-rolling. [Resultsense]https://www.resultsense.com/news/2026-05-08-ncsc-five-eyes-agentic-ai-advisory/) Many risks associated with agentic AI are not new — access control, secure development, supply chain risk, monitoring, incident response, and accountability are all still relevant concerns. Agentic AI systems also inherit known LLM risks like susceptibility to jailbreaking and prompt injection, with security challenges evolving as the technology matures. [NCSC]https://www.ncsc.gov.uk/blogs/thinking-carefully-before-adopting-agentic-ai
Bottom Line
The NCSC's message is clear: the excitement around agentic AI is understandable, but the potential for real harm — from data breaches to system disruption — is substantial. Organisations should treat deployment as a deliberate, staged process governed by clear human accountability, not a race to adopt the latest technology. The guidance serves as both a technical roadmap and a governance framework for responsible agentic AI adoption.
Comments