New Concept Paper on Identity and Authority of Software Agents
Agentic AI identity and authorisation is an unresolved governance gap - NIST's early framework work signals where international standards are heading.
Key points
- NIST NCCoE is developing guidance on identity, authorisation, and access controls for agentic AI systems.
- The concept paper seeks public comment through April 2026 on use cases, standards, and challenges for AI agent IAM.
- Covers prompt injection mitigation and non-repudiation - emerging governance gaps directly relevant to APS AI deployments.
Summary
NIST's National Cybersecurity Center of Excellence has released a concept paper, 'Accelerating the Adoption of Software and Artificial Intelligence Agent Identity and Authorization', to scope a potential project applying identity standards and best practices to AI agents. The paper solicits public feedback until 2 April 2026 on use cases, challenges, applicable standards, and technologies for AI agent identity and access management. It explicitly addresses identification, authorisation, auditing, non-repudiation, and prompt injection controls - areas where no mature standards yet exist and where Australian agencies deploying agentic AI will need to develop their own risk controls.
Implications for Australian agencies
- Monitor APS agencies exploring agentic AI deployments may want to monitor the NCCoE project as it develops, given the absence of mature Australian or international standards in this space.
- Consider DTA and AISI could consider whether Australian government perspectives on AI agent identity and authorisation warrant a submission or liaison input to the NIST public comment process before April 2026.
Implications are AI-generated. Starting points, not advice.
"New Concept Paper on Identity and Authority of Software Agents" Source: NIST Information Technology RSS Published: 5 February 2026 URL: https://www.nist.gov/news-events/news/2026/02/new-concept-paper-identity-and-authority-software-agents NIST's National Cybersecurity Center of Excellence has released a concept paper, 'Accelerating the Adoption of Software and Artificial Intelligence Agent Identity and Authorization', to scope a potential project applying identity standards and best practices to AI agents. The paper solicits public feedback until 2 April 2026 on use cases, challenges, applicable standards, and technologies for AI agent identity and access management. It explicitly addresses identification, authorisation, auditing, non-repudiation, and prompt injection controls - areas where no mature standards yet exist and where Australian agencies deploying agentic AI will need to develop their own risk controls. Implications for Australian agencies: - [Monitor] APS agencies exploring agentic AI deployments may want to monitor the NCCoE project as it develops, given the absence of mature Australian or international standards in this space. - [Consider] DTA and AISI could consider whether Australian government perspectives on AI agent identity and authorisation warrant a submission or liaison input to the NIST public comment process before April 2026. Retrieved from SIMS, 18 May 2026.