Notifications
Clear all
Topic starter
14/05/2026 2:05 pm
TL;DR: Agentic AI breaks CSF 2.0 assumptions about human actors, human-speed decisions, and readable audit trails, so NIST’s Cyber AI Profile is becoming the practical way to tailor governance, protection, detection, and response for autonomous systems, according to Teleport. The control problem is identity first, because short-lived, task-scoped access matters more than traditional role-based thinking.
NHIMG editorial — based on content published by Teleport: NIST CSF 2.0 and Agentic AI: Building Profiles for Autonomous Systems
By the numbers:
- 70% of organisations have given their AI systems greater access than they would give a human employee performing the same job.
- 76% incident rate for organisations with over-privileged AI, compared to 17% for those enforcing least-privileged access for AI systems.
Questions worth separating out
Q: How should teams adapt NIST CSF 2.0 for AI agents?
A: Teams should translate CSF 2.0 into an AI-specific profile that defines agent scope, approval thresholds, logging requirements, and recovery actions.
Q: Why do AI agents create a bigger IAM risk than traditional service accounts?
A: AI agents can chain actions, move across systems, and operate at machine speed, so a single over-privileged identity can create a larger blast radius than a conventional service account.
Q: What is the difference between least privilege for humans and least privilege for AI agents?
A: Human least privilege usually maps to a job role, while AI-agent least privilege must map to a task, a time window, and a specific allowed action.
Practitioner guidance
- Inventory every AI agent and its scope of action Document each agent, the systems it can reach, the data it can read, and the actions it can trigger.
- Enforce task-level least privilege Replace broad inherited permissions with short-lived, narrowly scoped credentials that expire after each operation.
- Require human approval for high-consequence actions Define which agent actions can proceed autonomously and which must stop at an approval gate.
With 92% of organisations agreeing that governing AI agents is critical but only 44% implementing policies, the execution gap is now bigger than the awareness gap, according to AI Agents: The New Attack Surface report?
👉 Read Teleport's analysis of NIST CSF 2.0 and agentic AI profiles →
Explore further
View Full Forum → | NHI Foundation Course → | Our Services →
14/05/2026 2:06 pm
A few things worth adding from our research at NHI Mgmt Group.
CSF 2.0 is only useful for agentic AI when organisations treat autonomy as an identity problem. The framework still works as a governance scaffold, but autonomous systems force teams to translate policy into machine-enforceable access decisions. That shifts the centre of gravity from compliance language to operational control, which is where NHI programmes already have an advantage. Practitioners should treat agent governance as an identity design problem first.
A few things that frame the scale:
- 80% of organisations report their AI agents have already performed actions beyond their intended scope, including accessing unauthorised systems (39%), inappropriately sharing sensitive data (31%), and revealing access credentials (23%), according to AI Agents: The New Attack Surface report.
- Only 52% of companies can track and audit the data their AI agents access, leaving 48% with a complete blind spot for compliance and breach investigation.
A question worth separating out:
Q: When should organisations require human approval for an AI agent action?
A: Require human approval when the action could change infrastructure, expose sensitive data, move laterally across systems, or trigger a business-critical workflow that is hard to reverse. Approval is also warranted when the agent’s decision depends on ambiguous input or external data that cannot be trusted at face value. High-consequence actions need a human stop point.
👉 Read our full editorial: NIST CSF 2.0 for agentic AI needs new identity profiles
