NCSC and Five Eyes partners issue joint warning on agentic AI risks

TL;DR:

• The UK National Cyber Security Centre has co-authored a new joint advisory with the US, Australia, Canada and New Zealand on agentic AI risks in critical infrastructure and defence — flagging privilege escalation, emergent behaviour, structural dependencies and accountability gaps.
• The agencies recommend layered defences, strict access controls, incremental deployment beginning with low-risk tasks, and explicit human oversight until evaluation methods and standards mature.
• Resultsense view: this is the first co-signed Five Eyes guidance specifically on agentic AI, following NCSC’s earlier UK-only patch-wave and AI cyber-defence positions. UK organisations now have a consistent international template to point to when boards ask why agentic deployments need slow-rolling.

The advisory frames agentic AI as systems that operate autonomously across interconnected tools, data and environments — and warns that this autonomy creates risks distinct from the static-model concerns that have dominated guidance so far. The agencies say agentic systems can be misused or misappropriated, leading to productivity losses, service disruption, privacy breaches or cyber security incidents.

Risks the agencies flag

Inherited vulnerabilities from the underlying large language models are joined by new attack surfaces created by interconnected components. Agents can blur traditional defensive boundaries, behave deceptively by hiding their true capabilities or providing false information, and exhibit emergent capabilities developers never explicitly programmed. Privilege escalation and structural dependencies between agents can interact in unpredictable ways.

Recommendations

The advisory tells organisations to align agentic AI risks with their existing security models rather than treating them as a separate discipline. Layered defence, strict access controls, incremental deployment starting with low-risk tasks, strong governance, explicit accountability, rigorous monitoring and human oversight are all named explicitly. Until evaluation methods and standards mature, the agencies say, agentic deployments should prioritise resilience, reversibility and risk containment — and assume systems may behave unexpectedly.

UK context

This is the third significant NCSC AI intervention in a fortnight, following the agency’s patch-wave warning on 4 May and deputy CTO Peter Haigh’s 6 May position that AI helps cyber defence but cyber basics come first. The Five Eyes co-signing of agentic-specific guidance signals that allied agencies have converged on a shared diagnosis — useful cover for UK boards weighing aggressive agentic pilots against measured rollout. UK firms in financial services have a particularly immediate read in light of GBST research published this week showing 62% of UK advisers are comfortable with agentic AI in wealth platforms.

Looking forward

Expect this advisory to be cited in UK procurement guidance and regulator workstreams over the coming months, particularly at the Bank of England, FCA and DSIT. The “until standards mature” framing implies a follow-up cycle once frameworks like the EU AI Act’s downstream rules and ISO/IEC AI agent standards stabilise. Organisations piloting agentic systems should treat the advisory as the floor for board-level paperwork on AI governance, not the ceiling.