The National Institute of Standards and Technology (NIST) wants more information on how it can develop agentic artificial intelligence (AI) guidelines and evaluation methods to address exploitation threats.
NIST’s Center for AI Standards and Innovation (CAISI) said in a request for information (RFI) that as it builds agentic AI evaluation and assessment measurements, methods, guidelines, and best practices, it wants to know how industry improves and measures the security of agentic AI systems.
“AI agent systems are capable of taking autonomous actions that impact real-world systems or environments, and may be susceptible to hijacking, backdoor attacks, and other exploits,” CAISI said. “If left unchecked, these security risks may impact public safety, undermine consumer confidence, and curb adoption of the latest AI innovations.”
The center said it is also interested in how it can develop security methods to address “the risk that the behavior of uncompromised models may nonetheless pose a threat to confidentiality, availability, or integrity,” including models that may “pursue misaligned objectives.”
The RFI asks respondents to “provide concrete examples, best practices, case studies, and actionable recommendations based on their experience developing and deploying AI agent systems and managing and anticipating their attendant risks.”
The RFI is part of a recent push by the Trump administration to shift NIST’s work on AI from existential risk evaluations to developing AI security best practices and measurement systems to evaluate AI.
In July, White House Office of Science and Technology Policy Director Michael Kratsios said that NIST should shift its focus from risk evaluations to developing AI standards and measurements in order to become a “gold standard” agency. NIST would look at standardizing evaluations later on, he said.
Also last summer, the U.S. Artificial Intelligence Safety Institute underwent a rebrand, with the Trump administration renaming it as CAISI to reflect an emphasis on AI innovation and security, according to officials.
CAISI’s RFI questions asked respondents to identify the biggest security risks unique to AI agents, what defenses actually work, and requested explanations on how to test, monitor, and constrain these systems in the real world.
The RFI specifically mentioned patching, least-privilege deployments, rollback mechanisms, and what standards, disclosures, research, and policy coordination are needed to make agentic AI safer to deploy at scale.
All information provided, however, should only address agentic AI capable of taking actions that create “persistent changes outside of the AI agent system itself,” CAISI noted.
“Unless contextualized to impact the security of agent systems directly, this RFI does not seek general information on generative AI security, insights on practices for AI chatbots or retrieval-augmented generation systems that are not orchestrated to act autonomously, or feedback on the misuse of AI agent systems to carry out cyberattacks,” CAISI explained.
Responses to the RFI are due March 9.