Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

    Publications

Other (Initial Public Draft)

[Concept Paper] Accelerating the Adoption of Software and Artificial Intelligence Agent Identity and Authorization

Date Published: February 5, 2026
Comments Due: April 2, 2026
Email Comments to: [email protected]

Author(s)

Harold Booth (NIST), William Fisher (NIST), Ryan Galluzzo (NIST), Joshua Roberts (NIST)

Announcement

The NIST National Cybersecurity Center of Excellence is interested in launching a project to demonstrate how identity standards and best practices can be applied to software agents, with a focus on agentic AI applications.

Artificial Intelligence (AI) technology brings great opportunities to organizations. Specifically, AI agents—software systems that use data and algorithms to autonomously perform tasks—offer the promise of improved productivity, efficiency, and decision-making in complex scenarios. However, realizing these benefits requires understanding the potential risks from giving AI agents access to diverse data sets, tools, and applications, and applying appropriate identification and authorization controls to mitigate these risks.  

We Need Your Feedback

To help the community provide input on this potential project, the NCCoE has released a concept paper, Accelerating the Adoption of Software and Artificial Intelligence Agent Identity and Authorization, outlining considerations for a potential NCCoE project focused on applying identity standards and best practices to AI agents.

The concept paper provides an overview of the types of feedback that would be most helpful, such as:

  • Use Cases: How are organizations currently using or planning to use AI agents?
  • Challenges: What new and unique problems do AI agents bring compared to other software?
  • Standards: What current or emerging standards are being used to guide AI agent identity and access management?
  • Technologies: What technology is being used or planned to support AI agents?
  • More detailed questions on the identification, authorization, auditing and non-repudiation of AI agents, as well as controls to prevent and mitigate prompt injection techniques.

How to Submit Feedback

This concept paper is open for public comment through April 2, 2026. We encourage you to visit our project page for more details and instructions to submit comments. We appreciate your feedback to inform the NCCoE’s work to accelerate the adoption of secure technologies.

Control Families

None selected

Documentation

Publication:
Download URL

Supplemental Material:
Submit comments

Document History:
02/05/26: Other (Draft)