CISA and its worldwide companions additionally advisable integrating human management and oversight into agentic AI workflows to make sure they’re accredited for non-sensitive, low-risk duties. For this, the companies advised dwell monitoring throughout activity execution, human approval for decision-making steps, and auditing upon activity execution.
Consultants agree that visibility is vital. “Safety groups want steady visibility into how brokers behave, what methods they contact, and when their actions deviate from anticipated patterns,” mentioned Nick Tausek, Lead Safety Automation Architect at Swimlane. “Constructing human approval into high-risk workflows and automating containment is paramount for taking motion when agent habits crosses a line.”
Placing all of it collectively, the advisory detailed core danger areas, from immediate injection and knowledge publicity to instrument misuse and privilege creep, urging organizations to lock down privileged entry, validate inputs and outputs, monitor agent habits, and tightly management how these methods work together with knowledge, instruments, and different companies.
