Post by Kapil Bhardwaj
Associate Director|| OT Cyber Security
Agentic AI Is Here — But Are We Securing It Right? Just went through the joint advisory "Careful Adoption of Agentic AI Services" released by ASD's ACSC, CISA, NSA, CCCS, NCSC-NZ & NCSC-UK — and it's a must-read for anyone deploying AI agents in critical infrastructure and industrial environments. Here's why these matters, especially for OT & cyber-physical security: Unlike generative AI that simply produces content, agentic AI autonomously reasons, plans and acts. That's powerful, but in OT environments where uptime and safety are non-negotiable, the risks multiply fast. The core message which came across is to adopt agentic AI carefully, securely, and incrementally embedding security, governance, and human oversight from day one. Document highlights that · Agents can act independently, increasing attack surface and potential impact of failures. · Integration with tools, APIs, and data sources creates multiple entry points for exploitation. · Goal misalignment, hallucinations, and emergent behaviours can lead to unsafe or unintended actions. However, in the current ecosystem we cannot stay aloof from this , hence for me below is what good looks like · Adopt Zero Trust principles · Deploy incrementally · Human-in-the-loop is non-negotiable · Embed AI security within existing cyber frameworks Santha Subramoni Prathima Kasagar Abhijit Nandi Gautam Kapoor Luis Luque Paul Brownlee Jason Holcomb Luis Parrondo Florian Forster Dominik Busch