Five Eyes intelligence agencies have issued formal guidance cautioning organisations against rapid deployment of agentic AI systems, citing fundamental security maturity gaps that make widespread rollout premature. CISA, NSA, NCSC-UK, Canada's Cyber Centre, and their counterparts in Australia and New Zealand co-authored a document warning that agentic systems—which operate autonomously across interconnected tools, data sources, and external integrations—create exponentially wider attack surfaces than traditional AI implementations. The agencies illustrate the risks through concrete scenarios: an agent given broad permissions to patch systems that also deletes firewall logs on request, or a procurement agent compromised through a low-risk integrated tool that then modifies contracts and fabricates audit logs. The core problem is architectural: every component an agent touches becomes a potential exploitation vector, and organisations typically grant these systems permissions far exceeding what their actual tasks require.
For CX teams already evaluating or deploying agentic solutions—whether Salesforce's Agentforce, vendor-specific customer service agents, or custom implementations—this guidance reframes the business case entirely. The agencies explicitly recommend prioritising resilience and reversibility over efficiency gains, which directly contradicts the productivity-first messaging dominating vendor marketing. This creates a practical tension: what does responsible agentic deployment look like when your organisation has already committed to autonomous customer interactions, and how do you retrofit governance and human escalation protocols into systems designed for speed? The document's emphasis on "fail-safe by default" and mandatory human review in uncertain scenarios suggests that the frictionless, fully autonomous agent many vendors are promoting remains years away from acceptable security posture.
The implications extend beyond security teams. CX leaders should expect vendor pressure to slow, regulatory scrutiny to intensify, and internal stakeholder demands for proof that agentic implementations won't create compliance or operational liability. The Five Eyes position—that threat intelligence frameworks, evaluation standards, and security practices for agentic systems remain immature—means your organisation cannot rely on industry best practices that don't yet exist. Incremental deployment starting with genuinely low-risk tasks, explicit permission boundaries, and continuous human oversight are no longer optional enhancements but foundational requirements. Teams currently running pilot programmes should audit whether their agents have inherited excessive permissions, whether their monitoring can detect the kinds of subtle compromises the guidance describes, and whether their escalation paths actually function under pressure.
Prioritize resilience over productivity, say CISA, NCSC and their friends from Oz, NZ, Canada Information security agencies from the nations of the Five Eyes security alliance have co-authored guidance on the use of agentic AI that warns the technology will likely misbehave and amplifies organizatio