NIST’s CAISI Seeks Input on Securing AI Agent Systems

USA: NIST’s CAISI Seeks Input on Securing AI Agent Systems

The U.S. Department of Commerce’s National Institute of Standards and Technology (NIST) has issued a Request for Information (RFI) on January 12, 2026, seeking feedback from industry, academia, and the security community about how to securely develop and deploy artificial intelligence (AI) agent systems. The solicitation, issued through the Center for AI Standards and Innovation (CAISI), aims to gather insights that will shape future voluntary guidelines and best‑practice recommendations. Responses are accepted until March 9, 2026, 11:59 PM Eastern Time, via the regulations.gov portal under docket number NIST-2025-0035.

Scope of the Request

The RFI focuses on AI agent systems—software capable of planning and executing autonomous actions that affect real‑world environments. While these systems promise productivity gains and novel capabilities, they also introduce security considerations that differ from traditional applications.

Identified Security Risks

According to the notice, risks include conventional software vulnerabilities such as exploitable authentication flaws or memory‑management errors, as well as AI‑specific threats. These AI‑specific threats encompass indirect prompt injection from adversarial data, data‑poisoning attacks on model training sets, and behaviors where models pursue misaligned objectives, known as specification gaming, even without malicious input.

Areas of Inquiry

The RFI asks for input on several topics: unique security threats that may evolve over time; methods to improve security throughout development and deployment; gaps in existing cybersecurity frameworks when applied to AI agents; techniques for measuring security and anticipating risks; and deployment‑time interventions to constrain and monitor agent access.

Intended Outcomes

Feedback collected will inform CAISI’s work on voluntary guidelines and best practices for AI agent security, and will support ongoing NIST research and evaluation efforts aimed at mitigating both current and future threats.

Submission Details

Stakeholders are encouraged to submit concrete examples, case studies, and actionable recommendations through the online portal at www.regulations.gov, referencing docket number NIST-2025-0035. The comment period closes on March 9, 2026, at 11:59 PM Eastern Time.

Implications for Industry

Industry participants, developers, and security researchers can influence the emerging security standards for AI agents, potentially shaping compliance expectations and fostering more resilient deployments across sectors.

This report is based on information from NIST, licensed under Public Domain (U.S. Government Work). Source: Official U.S. Government release.