When the U.S. National Institute of Standards and Technology (NIST) opened a public‑comment window on its draft Cybersecurity Framework Profile for Artificial Intelligence, and the Five‑Eyes intelligence alliance released joint guidance on the careful adoption of agentic AI services, a clear message emerged: the traditional playbook for cyber defense is no longer sufficient for the rapid expansion of generative and autonomous AI in enterprise settings.

NIST’s profile, first announced in a LinkedIn post in March 2026, dissects AI risk into three overlapping pillars—Secure, Defend, and Thwart—mirroring the agency’s broader AI Risk Management Framework. The Secure pillar treats AI as a new attack surface, covering models, prompts, agents, pipelines, training data, and the AI supply chain. The Defend pillar positions AI as a force multiplier for detection and response, while the Thwart pillar tackles the threat that adversaries already use AI to create targeted social‑engineering attacks, deepfakes, malware, and autonomous attack agents.

The Five‑Eyes guidance, published on 3 May 2026, zooms in on agentic AI—systems that reason, plan, and act autonomously across tools, data, and environments. It identifies four major risk classes: identity control, behavioral risk, structural risk, and accountability. The document warns that agentic systems can be over‑permissioned, inherit compromised tool authority, and propagate failures across tightly coupled components, making containment difficult.

Both documents converge on a single conclusion: AI security demands a defense‑in‑depth strategy that treats AI as both an attack surface and a defensive asset. The recommended approach includes:

Identity and privilege management – each autonomous agent should have a unique cryptographic identity and just‑in‑time access controls. Data governance and secure‑by‑default configurations – enforce least privilege, monitor data pipelines, and apply zero‑trust principles. Behavior‑based detection – monitor inputs, tool usage, and outputs across endpoints, networks, SaaS, and OT to spot anomalous goal drift or lateral movement. Autonomous containment and kill‑switches – enable rapid rollback or isolation of compromised agents. * Testing, validation, and red‑team exercises – simulate attacks, perform chaos testing, and verify that guardrails and policy enforcement work under realistic conditions.

The urgency of these measures is underscored by recent threat research. Darktrace researchers reported that the React2Shell vulnerability (CVE‑2025‑55182) was exploited within minutes of a honeypot’s deployment. They also identified an AI/LLM‑generated malware sample used in that exploitation chain, demonstrating how AI‑driven tools lower the barrier for attackers and compress the time between experimentation and real‑world impact.

Security leaders are urged to weave AI risk into existing cyber programs rather than treating it as a separate checklist. The guidance stresses continuous oversight, behavior analytics, and autonomous investigation as essential controls. It also calls for clear ownership of agents, robust logging, and forensic‑ready data capture, because AI incidents can resemble insider threats and may be difficult to reconstruct.

At present, the NIST profile remains in the public‑comment phase until 30 January 2026, while the Five‑Eyes guidance has already been incorporated into several national‑security agencies’ procurement and deployment policies. Organizations that adopt the outlined defense‑in‑depth framework early will be better positioned to manage the dual nature of AI—its capacity to enhance security and its potential to accelerate attacks.

In short, the new guidance from NIST and the Five‑Eyes alliance signals a shift toward a holistic, behavior‑centric approach to AI security. Enterprises must treat AI systems as both a new attack surface and a force multiplier, implement rigorous identity, data, and behavioral controls, and maintain continuous monitoring and rapid containment capabilities to stay ahead of evolving threats.