101s.aiContact
Aligned with CISA · NSA · NCSC-UK · NCSC-NZ · ASD's ACSC · Canadian Cyber Centre

Adopt agentic AI without giving up control.

Agents that plan, decide, and act unlock real productivity — and introduce a new class of security risk. We translate the joint allied government guidance into reference architectures, board-ready risk language, and concrete mitigations your teams can ship.

Book a decision-maker sessionExplore the risk taxonomySubscribe to the brief →
Risk classes
5
Privilege · Design · Behaviour · Structural · Accountability
Lifecycle phases covered
4
Design · Develop · Deploy · Operate
Authoring agencies
6
ACSC · CISA · NSA · Cyber Centre · NCSC-NZ · NCSC-UK
For executives

Agentic AI is not a chatbot upgrade.

Generative AI produces text and images for human review. Agentic AI acts — calling tools, moving money, sending email, modifying files — often without continuous human intervention. The joint guidance is explicit: never grant agents broad or unrestricted access, especially to sensitive data or critical systems, and only use them for low-risk, non-sensitive tasks until your controls catch up.

This site distils that guidance into the language and decisions executives, architects, and security leaders need to move forward responsibly.

AGENTIC AI SYSTEMUser / OperatorInput + oversightLLM Reasoning CorePlan · Decide · ActTriggers · Goals · PoliciesExternal ToolsAPIs · Code · Email · BrowseExternal DataRAG · Web · FilesMemoryShort / long-termPlanning WorkflowSub-agents · Delegation · TriggersSolid: outbound tool/action calls · Dashed: data flowing back into the prompt context
Components of an LLM-based agentic AI system. Each component is an attack surface.
Risk taxonomy

Five risk classes — and they compound.

The joint guidance organises agentic AI risk into five classes. Each one widens the attack surface of the next, which is why a single misconfiguration can cascade across tools, data, and downstream agents.

!PrivilegeCompromiseScope creepSpoofing!Design & ConfigStale allowWeak segmentation!BehaviourMisalignmentDeceptionEmergence!StructuralCascadesTools3rd-partyComms!AccountabilityOpacityAudit gapsAccuracyAgentic AI risk surfaceEach category multiplies the blast radius of the next
Five risk classes from the joint guidance. Each compounds the others.
Class 1

Privilege

Over-broad permissions, scope creep, identity spoofing, confused-deputy abuse.
Class 2

Design & Config

Unvetted third-party components, stale allow-decisions, weak segmentation.
Class 3

Behaviour

Specification gaming, deception, emergent capabilities, prompt injection.
Class 4

Structural

Cascading failures, tool-squatting, rogue agents, insecure communication.
Class 5

Accountability

Opaque chains, fragmented logs, hallucinated outputs, ownership gaps.
Operating model

Security obligations live across the lifecycle.

The guidance prescribes practices for every phase — Design, Develop, Deploy, Operate — and emphasises continuous evaluation feeding back into design. Skipping any phase erodes the others.

DesignThreat modelControlled contextDevelopAdversarial trainingRed teamDeployPhased autonomyGuardrailsOperateMonitorHITLRotate keysContinuous evaluation feeds back into Design at every iteration.
Security obligations across the agent lifecycle (joint guidance §3–§6).

Designing secure agents

Controlled context, oversight mechanisms, identity management, defence in depth.

Developing secure agents

Adversarial training, red-team, accountability artefacts, third-party hygiene.

Deploying agents securely

Threat modelling, governance, progressive deployment, secure-by-default, isolation.

Operating agents securely

Monitoring, output validation, HITL, just-in-time credentials, cryptographic attestation.

Three ways to engage 101s.ai

Whether you're scoping your first agent or operating a fleet, we plug into your existing security model. Outcomes, not slideware.

See engagements →Talk to us
Engagement 01

Decision-Maker Consultation

A working session for executives, CISO and architecture leadership. Frame your agentic roadmap in the joint-guidance risk taxonomy. Outputs: prioritised risk register, go / no-go criteria, board-ready briefing.
Engagement 02

Plan & Architecture Review

Independent review of your proposed or in-flight agentic system: identity model, tool surface, data flows, guardrails, oversight. Mapped against CISA, NIST 800-207, OWASP, MITRE ATLAS™.
Engagement 03

Guidance Watch & Brief

Ongoing notification when allied agencies (or NIST, OWASP, MITRE) publish or change agentic-AI guidance. Plain-English impact for your stack and a quarterly executive briefing.

The 101s Brief — agentic AI security for the enterprise

Practical, source-cited updates when government cyber agencies move. No hype, no fluff. Free.

Subscribe