New Concept Paper on Identity and Authority of Software Agents
As APS agencies begin deploying agentic AI, NIST's emerging identity and authorisation framework will likely inform Australian standards and vendor implementations.
Key points
- NIST's NCCoE is consulting on a concept paper addressing identity, authorisation, and auditing of AI agents.
- The paper seeks input on use cases, standards, and controls including prompt injection mitigations for agentic AI.
- Public comment closes 2 April 2026; Australian agencies with agentic AI programs could contribute or observe.
Implications for Australian agencies
- Monitor Agencies piloting or planning agentic AI deployments may want to monitor the NCCoE project as it develops, given its likely influence on vendor implementations and emerging standards.
- Consider Policy and security teams could consider reviewing the concept paper to assess whether its identity and authorisation framing aligns with or could inform Australian government agentic AI governance guidance.
Implications are AI-generated. Starting points, not advice — see methodology for how they're framed.
View original source
Copied.
"New Concept Paper on Identity and Authority of Software Agents"
Source: NIST Information Technology RSS
Published: 5 February 2026
URL: https://www.nist.gov/news-events/news/2026/02/new-concept-paper-identity-and-authority-software-agents
NIST's National Cybersecurity Center of Excellence has released a concept paper, 'Accelerating the Adoption of Software and Artificial Intelligence Agent Identity and Authorization', to gauge interest in a potential project applying identity standards to AI agents. The paper seeks community feedback on use cases, challenges, relevant standards, and technologies, with specific questions on identification, authorisation, auditing, non-repudiation, and prompt injection controls. Public comment is open until 2 April 2026. The project reflects growing recognition that agentic AI systems—capable of autonomously acting across tools, data, and applications—require dedicated identity and access management approaches not addressed by existing frameworks.
Implications for Australian agencies:
- [Monitor] Agencies piloting or planning agentic AI deployments may want to monitor the NCCoE project as it develops, given its likely influence on vendor implementations and emerging standards.
- [Consider] Policy and security teams could consider reviewing the concept paper to assess whether its identity and authorisation framing aligns with or could inform Australian government agentic AI governance guidance.
Retrieved from SIMS, 18 July 2026.