U.S. flag

An official website of the United States government

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

New Concept Paper on Identity and Authority of Software Agents

Share

The NIST National Cybersecurity Center of Excellence is interested in launching a project to demonstrate how identity standards and best practices can be applied to software agents, with a focus on agentic AI applications.

Artificial Intelligence (AI) technology brings great opportunities to organizations. Specifically, AI agents—software systems that use data and algorithms to autonomously perform tasks—offer the promise of improved productivity, efficiency, and decision-making in complex scenarios. However, realizing these benefits requires understanding the potential risks from giving AI agents access to diverse data sets, tools, and applications, and applying appropriate identification and authorization controls to mitigate these risks.  

We Need Your Feedback

To help the community provide input on this potential project, the NCCoE has released a concept paper, Accelerating the Adoption of Software and Artificial Intelligence Agent Identity and Authorization, outlining considerations for a potential NCCoE project focused on applying identity standards and best practices to AI agents.

The concept paper provides an overview of the types of feedback that would be most helpful, such as:

  • Use Cases: How are organizations currently using or planning to use AI agents?
  • Challenges: What new and unique problems do AI agents bring compared to other software?
  • Standards: What current or emerging standards are being used to guide AI agent identity and access management?
  • Technologies: What technology is being used or planned to support AI agents?
  • More detailed questions on the identification, authorization, auditing and non-repudiation of AI agents, as well as controls to prevent and mitigate prompt injection techniques.

 

How to Submit Feedback

This concept paper is open for public comment through April 2, 2026. We encourage you to visit our project page for more details and instructions to submit comments. We appreciate your feedback to inform the NCCoE’s work to accelerate the adoption of secure technologies.

Comment Now!

View this on the NCCoE website

Information technology and Cybersecurity and privacy
Released February 5, 2026
Was this page helpful?