The UK’s National Cyber Security Centre (NCSC) has warned organizations to take a measured approach toward adopting agentic AI, highlighting the growing cyber and operational risks associated with highly autonomous AI systems.
In a new guidance document co-authored with international partners, the NCSC said businesses should avoid rushing into large-scale deployments of agentic AI tools without understanding the security implications. The guidance recommends starting with low-risk use cases, limiting system privileges, and maintaining strong human oversight throughout deployment.
The advisory comes as organizations increasingly experiment with AI systems capable of making decisions, accessing tools, and carrying out actions with limited human involvement.
What Is Agentic AI?
Unlike traditional generative AI systems that primarily create text, images, or predictions, agentic AI systems are designed to independently pursue goals. These systems can access data sources, remember context, make decisions, interact with software tools, and even create sub-agents to complete tasks.
According to the NCSC, this added autonomy is what makes agentic AI useful for areas such as cyber defense, workflow automation, and operational efficiency. However, it also introduces a wider attack surface and increases the difficulty of monitoring system behavior.
The agency noted that many security risks linked to AI are not entirely new. Concerns around access control, supply chain security, monitoring, and incident response already exist in traditional IT systems. Agentic AI systems also inherit existing large language model risks, including prompt injection and jailbreaking attacks.
However, the NCSC warned that the autonomy of agentic AI systems could amplify these issues, especially if organizations deploy them without proper safeguards.
Why Agentic AI Raises Security Risks
The guidance outlines several risks tied to agentic AI deployments. One of the main concerns is broader access to systems and sensitive data. AI agents may interact with external tools, APIs, or databases in ways that traditional AI applications do not.
The NCSC also highlighted the possibility of unpredictable behavior. Since AI agents interpret goals autonomously, they may take actions that differ from human expectations or exceed their intended scope.
Another challenge involves visibility and oversight. Autonomous systems can operate at speeds that make meaningful human review difficult, particularly in enterprise environments where multiple systems and workflows are interconnected.
The guidance further noted that explaining the behavior of agentic AI systems can be more difficult than understanding conventional AI models. The combination of decision-making, tool usage, and autonomous actions creates additional complexity during incident investigations or compliance reviews.
NCSC Calls for Incremental Agentic AI Deployment
To reduce risks, the NCSC urged organizations to adopt agentic AI gradually instead of deploying it across critical systems from the outset.
The guidance recommends tightly controlled pilot deployments focused on clearly defined, low-risk tasks. Organizations are also encouraged to assess whether AI is genuinely necessary before integrating autonomous agents into existing workflows.
“If you cannot understand, monitor or contain an agent’s actions, it is not ready for deployment,” the guidance stated.
The agency stressed that organizations should never grant unrestricted access to sensitive data or critical infrastructure. Maintaining visibility into AI system behavior and preserving meaningful human control were identified as key requirements for safe deployment.
Human Accountability Remains Essential
Despite the growing capabilities of autonomous AI systems, the NCSC emphasized that humans remain fully accountable for how these technologies are used.
The guidance states that organizations should clearly define who is responsible for approving AI access, monitoring system behavior, reviewing incidents, and shutting systems down when necessary.
Security teams were also advised to integrate agentic AI risk management into existing cybersecurity and governance frameworks instead of treating AI security as a separate process.
Recommended practices include applying least-privilege access controls, limiting system scope, avoiding long-lived credentials, monitoring unusual behavior, and planning for incidents involving AI misuse or loss of control.
Path Forward
While warning about the risks, the NCSC acknowledged that agentic AI could deliver significant operational benefits, particularly for repetitive and low-risk tasks.
The agency said organizations should focus on responsible and scalable adoption strategies built around existing cybersecurity practices and strong governance controls.
The guidance ultimately encourages businesses to move carefully, test systems incrementally, and prepare for potential failures before expanding the role of autonomous AI systems across enterprise environments.
