The Cybersecurity and Infrastructure Security Agency (CISA), alongside international partners, has published a series of Artificial Intelligence (AI) Resources, including two cybersecurity control frameworks.
If AI is starting to gain traction at your institution and you're still working through how to govern it, you're not alone. These two resources provide practical, security-focused guidance for financial institutions, just like yours.
Let's take a look at what these two documents say, what they recommend, and how financial institutions can use them to improve their AI risk management activities.
- Engaging with Artificial Intelligence
- Careful Adoption of Agentic AI Services
- Where Should You Start?
- Managing AI Risk with Tandem
- Frequently Asked Questions (FAQs)
Engaging with Artificial Intelligence
Overview
On January 24, 2024, the Engaging with Artificial Intelligence document was published. This resource focuses on the secure use of AI systems, highlighting common AI-related risks and controls for organizations looking into any kind of AI technology: predictive, generative, agentic, or otherwise.
Key Risks
The guidance identifies several key risks associated with AI systems, including:
- Data poisoning, where training data is manipulated to influence model outputs
- Adversarial attacks, which can bypass controls or produce unintended results
- Hallucinations, where AI generates inaccurate or fabricated information
- Privacy concerns, including unauthorized disclosure of sensitive information
- Model theft, where attackers attempt to replicate models or steal proprietary data
Recommendations
The guidance presents a series of questions and considerations organizations should address when adopting AI. The recommendations generally fall into a few familiar control categories.
|
Category |
Description |
|
Governance and Risk Assessment |
Evaluate AI benefits, risks, and regulatory obligations before deployment. |
|
Privacy and Data Protection |
Understand how AI systems collect, process, store, and use the organization's data. |
|
Access Management |
Implement controls like multi-factor authentication and least-privilege access. |
|
Resilience |
Maintain backups of AI models and training data to support recovery. |
|
Vendor Management |
Assess the security posture and development practices of AI providers. |
|
Training |
Train personnel on acceptable AI use, sensitive data handling, and output validation. |
|
Ongoing Monitoring and Assurance |
Implement logging and monitoring capabilities and conduct periodic assessments to evaluate accuracy, detect misuse or compromise, and identify model drift. |
Practical Application
If you're looking at this list and thinking, "That sounds familiar…" Good! To quote the guidance directly, "Your organization's AI systems would benefit from many of the same cyber security mitigations that you have implemented to protect your organization's other systems."
In other words, treat this less as a new AI checklist and more like a fresh reason to go back and confirm you've got the right controls in place.
Careful Adoption of Agentic AI Services
Overview
On May 1, 2026, the Careful Adoption of Agentic AI Services document was published. This guidance focuses on the secure design, deployment, and operation of agentic AI systems. The guidance acknowledges that while agentic AI can automate repetitive and low-risk tasks, it also introduces new risks due to its ability to act autonomously, interact with other systems, and perform actions on behalf of users.
Key Risks
The guidance identifies several key risks associated with agentic AI systems, including:
- Privilege risks, where overprivileged agents can increase the impact of a compromise
- Configuration risks, where insufficient controls can introduce vulnerabilities
- Behavior risks, where goal misalignment and unexpected actions can cause problems
- Structural risks, where the interconnected nature creates a larger attack surface
- Accountability risks, where autonomous decision-making can make it difficult to determine responsibility, audit activities, and show compliance
Recommendations
The guidance organizes its controls and recommendations around the lifecycle of an agentic AI system.
|
Category |
Description |
|
Designing Secure Agents |
Define clear roles, responsibilities, permissions, and guardrails before deployment. |
|
Developing Secure Agents |
Build security into the agent's architecture, prompts, workflows, third-party components, and testing processes. |
|
Deploying Agents Securely |
Implement identity, authentication, authorization, and separation-of-duties controls. |
|
Operating Agents Securely |
Establish ongoing monitoring, logging, oversight, testing, and governance processes. |
|
Defend Against Future Risks |
Continue improving as threats evolve, including through threat intelligence, agent-specific evaluations, and broader security analysis methods. |
Practical Application
If you work for a community financial institution, two quick notes on application of this guidance:
- "Organizations should only use agentic AI for low-risk and non-sensitive tasks." In 2026, you should write that down on every sticky note and flat surface you can find. The guidance also recommends never granting an agent "broad or unrestricted access, especially to sensitive data or critical systems." For a financial institution, that's a big deal. Agentic AI systems are not something you should point at your core system or non-public information (NPI) on day one. If you are experimenting with agentic AI tools, start using them somewhere low-stakes and grow from there.
- Pay attention to what matters most. While the full guidance is helpful context, the controls that primarily apply to community financial institutions live in the "Deploying Agents Securely" and "Operating Agents Securely" sections. Community institutions are almost always the operators, not the developers, so focus your time on the right areas and don't try to eat the elephant in one bite.
Where Should You Start?
The first and most important step is always going to be to create and maintain an accurate IT asset inventory. You can't secure what you don't know exists. What AI tools are you considering using? More critically though, what AI tools may already be in place at your financial institution that you don't know about?
If you're looking for assistance with this process (and with what comes after the inventory), check out the Tandem Artificial Intelligence (AI) Risk Management Workbook. We've created this free resource with community financial institutions in mind to help you oversee AI governance, risk management, and compliance (GRC), with some helpful tools for detecting shadow AI on Page 15.
Learn more and download this free resource now at Tandem.App/AI-Resources.

Managing AI Risk with Tandem
If you're ready to take your AI risk management program to the next level, check out Tandem. Our easy-to-use platform helps you manage all aspects of AI, including risk assessments, policies, third-party risk management, business continuity planning, incident management, and more.
Specifically, Tandem Cybersecurity Assessment includes various frameworks you can use to perform cybersecurity control self-assessments, including the CISA artificial intelligence (AI) frameworks covered in this blog. Sign up for free and complete your first assessment today at Tandem.App/Cybersecurity.

Frequently Asked Questions (FAQs)
Are these CISA AI resources required for banks and credit unions?
No. Both documents are voluntary guidance, not regulations. While the regulators increasingly expect you to manage AI risk, using these frameworks to guide your AI implementation can be helpful to use as benchmarks.
Does the CISA AI guidance apply to community financial institutions?
Yes, these guidance documents are written for any organization using or adopting AI. The risks they describe and controls they recommend apply just as much to a community bank or credit union as to a large enterprise.
What is agentic AI, and how is it different from generative AI?
Generative AI creates content like text, images, or videos for a person to review and use. Agentic AI goes a step further by reasoning, planning, and taking actions on its own through connections to tools, data, and other systems.
What are the biggest risks of agentic AI?
CISA groups them into five categories: privilege, configuration, behavior, structural, and accountability. In plain terms, an agent with too much access, a shaky configuration, or unclear ownership can take unexpected actions that are hard to trace after the fact.
What is prompt injection?
Prompt injection is an attack that hides malicious instructions inside the input an AI system reads, tricking it into ignoring its safeguards or doing something it shouldn't. It's more dangerous with agentic AI because the system can act on those injected instructions, not just respond to them.
What is shadow AI?
Shadow AI is any AI tool being used inside your organization without IT or security knowing about it. Identifying shadow AI matters because you can't secure or govern a tool you don't know exists. This is why an accurate IT asset inventory is the right first step.
What is the principle of least privilege for AI agents?
It means giving an AI agent only the access it needs to do its specific job, and nothing more. CISA flags over-privileged agents as one of the top agentic AI risks, because if that agent is ever compromised, the attacker inherits every permission it was granted.
Where should my institution start with AI risk management?
Start with an accurate IT asset inventory so you know which AI tools are actually in use, including the ones nobody told you about. From there, fold AI into the programs you already manage, like your risk assessments, vendor management, policies, and incident response.
How can Tandem help with AI risk management?
Tandem helps you manage AI risk with our suite of products, including Risk Assessment, Policies, Business Continuity Planning, Vendor Management, Incident Management, and more. You can also use the CISA AI frameworks directly in the Cybersecurity Assessment product.