DHS flags agentic AI as emerging CI risk in new governance framework

Homeland Security Today reports that U.S. federal cyber leaders are now treating agentic AI as a unique attack surface within critical infrastructure, rather than just another software component. Citing HiddenLayer’s 2026 AI Threat Landscape Report, the article notes that one in eight reported AI breaches is now linked to agentic systems, with attacker breakout times dropping under 30 minutes and some compromises occurring in seconds. These incidents often hinge on vulnerabilities specific to AI agents—prompt injection, tool misuse, privilege escalation, memory poisoning, and cascading failures across interconnected agents—which do not fit neatly into traditional intrusion-detection models.

The piece highlights two concrete policy moves: DHS’s Roles and Responsibilities Framework for Artificial Intelligence in Critical Infrastructure, and joint guidance from CISA and six allied nations on secure AI integration in operational technology. Both emphasize that agents controlling or advising on physical and high-impact processes must have prompt injection protections, documented human-override mechanisms, comprehensive audit logging of autonomous actions, and isolation architectures to limit blast radius when an agent is compromised.

What changed. DHS and CISA have moved from general AI guidance to explicitly calling out agentic AI as a distinct risk category in critical infrastructure, with concrete expectations around controls.

Why it matters. If you’re deploying agents in regulated or safety-critical environments, these principles are likely to be codified into sector-specific rules and audits, raising the bar on design and operations.

Builder takeaway. Treat prompt injection defenses, granular tool permissions, immutable audit logs, and compartmentalized execution environments as first-class engineering requirements for any agent that can affect money, people, or physical systems—not as retrofitted compliance work.