{"id":194854,"date":"2026-03-11T11:54:00","date_gmt":"2026-03-11T15:54:00","guid":{"rendered":"https:\/\/testing.news-you-need.com\/index.php\/2026\/03\/11\/industry-to-nist-keep-agentic-ai-standards-flexible-and-voluntary\/"},"modified":"2026-03-11T12:05:10","modified_gmt":"2026-03-11T16:05:10","slug":"industry-to-nist-keep-agentic-ai-standards-flexible-and-voluntary","status":"publish","type":"post","link":"https:\/\/testing.news-you-need.com\/index.php\/2026\/03\/11\/industry-to-nist-keep-agentic-ai-standards-flexible-and-voluntary\/","title":{"rendered":"Industry to NIST: Keep agentic AI standards flexible and voluntary"},"content":{"rendered":"<p><a href=\"https:\/\/www.cybersecuritydive.com\/news\/ai-agents-security-nist-industry-feedback\/814434\/\">Industry to NIST: Keep agentic AI standards flexible and voluntary<\/a><\/p>\n<p><a href=\"https:\/\/www.cybersecuritydive.com\/news\/ai-agents-security-nist-industry-feedback\/814434\/\">https:\/\/www.cybersecuritydive.com\/news\/ai-agents-security-nist-industry-feedback\/814434\/<\/a><\/p>\n<p>Publish Date: <a href=\"publish_date]\">2026-03-11 11:54:00<\/a><\/p>\n<p>Source Domain: <a href=\"www.cybersecuritydive.com\">www.cybersecuritydive.com<\/a><\/p>\n<p>Author: <a href=\"\"><\/a><\/p>\n<p> Using an unordered list, summarize the following article with between 4 and 8 key points. <\/p>\n<p>The federal government should prioritize interoperable, risk-based standards as it develops security guidance for agentic AI systems, major businesses told the National Institute of Standards and Technology.<br \/>\nNIST\u2019s Center for AI Standards and Innovation is exploring ways to help AI companies and their customers protect agents from tampering or abuse, and as part of that project, it sought public comments through Monday evening. More than 930 organizations and individuals submitted comments, according to the docket, including a group of powerful industry trade groups: the American Bankers Association and the Bank Policy Institute, the software group BSA and the tech industry juggernaut TechNet.<\/p>\n<p>The groups made a wide range of recommendations to NIST, including publishing reference implementations, emphasizing secure-by-design principles, supporting research on managing agentic AI verification and mapping new guidance to existing NIST publications.<br \/>\n\u201cA collaborative, iterative approach that is focused on practical guidance, real-world testing, and alignment with existing risk management frameworks will help ensure AI agents can be deployed securely and at scale, enabling the United States to fully capture the economic and societal benefits of this emerging technology,\u201d TechNet said.<br \/>\nWhat makes agents uniquely risky<br \/>\nNIST asked commenters to address several topics, including the security risks that are unique to AI agents and the ways to mitigate those risks.<br \/>\nIn its response, BSA described four unique threats: agents\u2019 autonomous behavior that results in real-world actions requiring oversight; the way agents switch between different tools, which makes \u201cstatic policy enforcement\u201d difficult; agents\u2019 retention of information over time, which could allow hackers to hijack them by poisoning their data sources; and the way agents\u2019 \u201cnon-deterministic behavior\u201d makes it difficult to control them with \u201crule-based security controls.\u201d<br \/>\nTo address these challenges, BSA said, businesses should establish full visibility over AI agents, catalog their permissions (which can help quickly identify unauthorized behavior), verify the supply chain of AI code that powers agents\u2019 activities and monitor their behavior in real time.<\/p>\n<p>What makes agents especially risky, industry groups said, is their ability to connect to third-party databases and physical equipment through systems like the Model Context Protocol. \u201cBecause AI agents can interact with tools, external data, and real-world systems, they introduce distinct security challenges that merit targeted attention,\u201d TechNet said.<br \/>\nDon\u2019t rush to regulate<br \/>\nNIST is not a regulator, and the Trump administration has demonstrated a marked aversion to prescriptive AI security mandates. Industry groups nonetheless reiterated their frequent refrain that onerous rules for any AI systems would hamper innovation without meaningfully improving security.<br \/>\n\u201cThe policy objective should be to reduce and manage these risks without slowing innovation through premature, overly prescriptive, or one-size-fits-all requirements,\u201d TechNet said, encouraging NIST to focus on \u201cperformance-defining guidelines.\u201d<br \/>\nBPI and ABA similarly encouraged NIST to focus on \u201cvoluntary and technology-agnostic\u201d guidance with \u201cpractical examples and illustrative validation approaches that can be tailored by risk and operational context.\u201d<br \/>\n\u201cSuch guidance would facilitate industry adoption, support integration planning and risk-informed review, including due diligence where appropriate, and support compliance with legal and regulatory obligations without prescribing a single implementation approach,\u201d the financial-services groups said.<br \/>\nTechNet pointed to the aviation industry as an example of the performance-based standards it preferred. \u201cInstead of mandating uniform technical designs, regulators established outcome-oriented standards tied to risk exposure and operational context,\u201d the group explained. \u201cThis model created clarity around expectations while enabling innovation in aircraft design, autonomy, and operational practices.\u201d<br \/>\nAI agents present different levels of risk depending on how and where they are used and how much autonomy they have, TechNet added, which makes a risk-based approach \u201cparticularly important.\u201d<br \/>\nThe agentic AI field is still in its infancy, TechNet said, and NIST\u2019s guidance \u201cshould preserve meaningful room for experimentation as agentic AI security practices continue to mature.\u201d<br \/>\n\u201cOverly rigid or premature mandates,\u201d the group warned, \u201ccould freeze security approaches in place before the field has identified best-in-class techniques.\u201d<br \/>\nAdvice and research on thorny issues<br \/>\nThe AI industry could benefit from government advice and research sponsorship on a range of problems that developers still haven\u2019t solved, according to the trade groups.<br \/>\nBSA encouraged NIST to study ways to verify the identity of AI agents, as well as the use of \u201ccryptographic chains of custody\u201d to document what agents are authorized to do. TechNet similarly cited the importance of reliable agent-identification solutions and said they should be interoperable to avoid locking out new participants in the market.<br \/>\nWith more and more banks seeking to use AI agents to handle asset exchanges, ABA and BPI encouraged NIST to offer guidance specific to the financial industry, including reference materials for \u201csecure counterparty interactions.\u201d<br \/>\nTechNet, along with ABA and BPI, also asked NIST to incorporate its agent-specific guidance into existing publications, like the Risk Management Framework.<\/p>\n<p><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Industry to NIST: Keep agentic AI standards flexible and voluntary https:\/\/www.cybersecuritydive.com\/news\/ai-agents-security-nist-industry-feedback\/814434\/ Publish Date: 2026-03-11 11:54:00&#8230;<\/p>\n","protected":false},"author":1,"featured_media":194855,"comment_status":"closed","ping_status":"","sticky":false,"template":"","format":"standard","meta":{"fifu_image_url":"https:\/\/imgproxy.divecdn.com\/QNuO-fBp-E46tGD-XdI8kD2lg-5dyimByXNTt8i6Bo8\/g:ce\/rs:fit:770:435\/Z3M6Ly9kaXZlc2l0ZS1zdG9yYWdlL2RpdmVpbWFnZS9OSVNUX2NhbXB1c19zaWduLmpwZw==.webp","fifu_image_alt":"","footnotes":""},"categories":[15],"tags":[26],"class_list":["post-194854","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-cybersecurity","tag-ai"],"_links":{"self":[{"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/194854"}],"collection":[{"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/comments?post=194854"}],"version-history":[{"count":1,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/194854\/revisions"}],"predecessor-version":[{"id":194856,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/194854\/revisions\/194856"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/media\/194855"}],"wp:attachment":[{"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/media?parent=194854"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/categories?post=194854"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/tags?post=194854"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}