NCSC warns organisations to take a cautious approach to agentic AI

The UK’s National Cyber Security Centre has urged organisations to be cautious when introducing agentic AI systems, saying the technology should be adopted gradually and only after security risks are...

The UK’s National Cyber Security Centre has urged organisations to be cautious when introducing agentic AI systems, saying the technology should be adopted gradually and only after security risks are properly understood.

In new guidance produced with international partners, the NCSC says agentic AI can be useful because it can plan tasks, make decisions and carry out actions with limited human input. But that same autonomy can also make mistakes harder to detect and increase the potential impact of a security failure.

Why the technology is different

Unlike standard generative AI tools that mainly produce text or predictions, agentic systems can interact with data, use external tools, remember context and pursue goals over multiple steps. In some cases, they can even create sub-agents to handle parts of a task. That broader reach can create new operational and cyber security challenges.

The NCSC said many of the dangers are familiar ones, including weak access controls, insecure development practices, supply chain risk and poor monitoring. However, the added independence of agentic AI can make behaviour more difficult to predict, test and govern.

Key risks highlighted

  • Broader access to systems, tools and data than non-agentic AI
  • Unexpected actions caused by ambiguous goals or unclear instructions
  • Problems unfolding too quickly for people to review in time
  • Greater difficulty explaining why a system took a particular action

Security-first deployment

The guidance recommends that organisations begin with small pilots focused on low-risk tasks. It also advises teams to consider whether AI is needed at all, and whether a simpler or lower-risk automation approach would be better.

Where agentic AI is used, the NCSC says it should be limited by design, monitored continuously and never given unrestricted access to sensitive data or critical systems. Temporary credentials, least-privilege permissions and secure defaults are among the recommended controls.

The agency also stresses that human accountability cannot be outsourced to software. People must remain responsible for approving access, overseeing behaviour, reviewing incidents and stopping a system if necessary.

According to the NCSC, if an organisation cannot understand, contain or monitor what an agent is doing, it is not ready to deploy it.