This week's digest centres on two developments relevant to practitioners working at the intersection of AI capability and governance design. NIST's Center for AI Standards and Innovation has opened a Request for Information on securing agentic AI systems, seeking input on risks specific to autonomous agents—including prompt injection and misaligned objective pursuit—that will inform future voluntary guidelines; given Australian agencies' established reliance on NIST publications, those beginning to govern or procure agentic tools should consider tracking this consultation. Separately, research covered in Import AI raises a longer-horizon policy design question: whether AI regulations could be structured with automated compliance triggers, deferring entry into force until capable enforcement systems exist. Taken together, both items reflect a broader shift in the governance conversation from static rules toward frameworks that account for the dynamic and autonomous character of emerging AI systems.
NIST's Center for AI Standards and Innovation (CAISI) has issued a Request for Information seeking input from industry, academia, and security researchers on how to secure AI agent systems - autonomous systems capable of taking real-world actions. The RFI focuses specifically on risks distinct to agentic AI, including indirect prompt injection, data poisoning, specification gaming, and misaligned objective pursuit. Responses will inform future voluntary guidelines and best practices. Given that Australian AI governance frameworks regularly draw on NIST publications, this consultation is worth monitoring, particularly for agencies beginning to govern or deploy agentic AI tools.
Implications
MonitorAgencies tracking agentic AI adoption may want to monitor the outputs of this RFI process, as resulting NIST guidelines are likely to inform Australian voluntary standards and AISI guidance.
ConsiderAI governance and security teams could consider whether the risk categories identified - prompt injection, data poisoning, specification gaming - are reflected in existing agency AI risk registers or procurement requirements for agentic tools.
Implications are AI-generated. Starting points, not advice.
Global12 Jan 2026Import AI – Substack (Jack Clark)
This edition of Import AI covers two substantive AI research threads. First, Sakana AI's Digital Red Queen experiment demonstrates that LLM-based agents evolved adversarially against one another rapidly outperform human-designed competitors in a competitive programming environment, with implications for cybersecurity and AI-on-AI dynamics. Second, researchers from the Institute for Law and AI propose that AI regulations could be written with 'automatability triggers' - conditions that defer a regulation's entry into force until an automated compliance system capable of applying it exists. This concept, which the newsletter terms 'If Then Policy', could reduce compliance costs and make AI regulation more practically enforceable as capabilities improve.
Implications
MonitorPolicy teams working on AI regulatory design may want to monitor the 'automatability trigger' concept as a potential approach to phased, capability-contingent AI compliance frameworks.
MonitorAgencies with cybersecurity or national security AI responsibilities may want to watch adversarial AI evolution research for emerging threat modelling insights.
Implications are AI-generated. Starting points, not advice.