As agentic AI systems move from research labs to enterprise workflows, regulators worldwide are grappling with how to address the potential risks these systems may pose (as discussed in prior blog posts here and here).  In January 2026, Singapore’s Infocomm Media Development Authority (“IMDA”) launched a non-binding Model AI Governance Framework for Agentic AI (“Framework”), just a few months after the Cyber Security Agency released a discussion paper titled “Securing Agentic AI” (“Discussion Paper”).

Together, these documents provide organizations with a structured, operational roadmap to consider when navigating some of the potential security and governance challenges posed by agentic AI.  This blog post highlights some of their key points.

What Is Agentic AI?

The Framework describes “Agentic AI” as systems that can plan across multiple steps, take actions, and interact with external systems or other agents to achieve user-defined goals.  It explains that agentic AI systems may include a central reasoning and planning engine (e.g., a large language model, “LLM”), instructions, memory, tools to interact with external systems, and protocols for inter-agent communication (e.g., the Agent2Agent Protocol).  The Framework also highlights that agentic systems operate with differing levels of autonomy depending on the instructions and level of human involvement, from closely supervised workflows to more autonomous operation.

Security and Governance Risks of Agentic AI

The Framework explains that Agentic AI may inherit traditional software vulnerabilities and LLM-specific risks, but that those risks can manifest differently due to agents’ autonomy, planning, and action-taking capabilities.

Some of the risks described by the documents include:

  • Risks across multiple layers: Agentic AI may hallucinate incorrect plans, misuse or invent tools (including via prompt or code injection), or bias tool calls that affect external systems and data.  Emerging agent communication protocols also introduce vulnerabilities if poorly deployed or compromised, such as untrusted servers used to exfiltrate user data.
  • Cascading effects and unpredictable outcomes: A single agent’s error can cascade through multi-agent systems, causing downstream failures.  Agents working in parallel may also compete or coordinate in unintended ways, leading to resource bottlenecks or conflicting actions.
  • Harmful real-world impacts: Agents can produce erroneous or unauthorized actions, biased or unfair outcomes, data breaches, or disruptions to connected systems.

How to Address Risks and Enable Agentic AI Security

The Framework builds on the Singapore IMDA’s Model AI Governance Framework released in 2020 (here) by highlighting emerging best practices that can address new concerns posed by agentic AI.  The Framework organizes its recommendations into four dimensions:

1. Assess and Bound the Risks Upfront

The Framework suggests that organizations begin by determining whether an agentic use case is suitable in light of factors affecting both impact and likelihood of risk.  Some of the factors that the Framework calls out are:

  • The domain and use case in which the agent is being deployed;
  • Access to sensitive data and external systems;
  • Scope and reversibility of actions;
  • Level of autonomy; and
  • Task complexity.

The Framework recommends that organizations “bound” risks at the outset by defining agent limits at the design stage—such as by restricting tools and data to the minimum necessary, and implementing access controls.  The Framework also discusses the concept of “agent identity management”, which refers to the idea that each agent should have a traceable identity linked to a human accountable party, with human users granting permissions to the agent.  This is a recommended security risk mitigation measure that is featured in the Discussion Paper, as well.

2. Make Humans Meaningfully Accountable

Both the Framework and the Discussion Paper reinforce that organizations deploying agents, and the humans who oversee them, should remain accountable for agents’ actions.  The Framework calls for clear allocation of responsibilities across multiple actors within and outside the organization, and notes that end users should be given the information they need to hold the organization accountable and to abide by their own responsibilities.  The Framework recommends that human approval should be sought at significant checkpoints (particularly for high-stakes or irreversible actions), and that organizations should also consider how those approvals are designed and presented.

3. Implement Technical Controls and Processes

The Framework highlights certain technical controls and processes for organizations to consider across the agentic AI lifecycle:

  • During Design and Development: Controls may include applying least-privilege access to tools and data, and developing agentic AI in secure, sandboxed environments with whitelisted servers and standardized communication protocols as appropriate.  The Framework also suggests that organizations consider prompting the agent to assess whether it “understands” its instructions and asking it to summarize its understanding and to request clarification from the user before proceeding, and to log the agent’s plan and reasoning for the user to evaluate and verify.
  • Before Deployment: The Framework recommends that organizations test for task execution accuracy, policy compliance, accurate tool usage, and robustness when encountering errors and edge cases.  It also emphasizes testing both individual agents and multi-agent systems in realistic environments and across varied datasets.
  • During and After Deployment: Post-deployment, the Framework emphasizes continuous monitoring and testing, as well as the need to implement mechanisms to respond to unexpected or emergent risks.  In particular, it recommends that organizations consider rolling out agents gradually (such as by limiting early deployment by user group, tool access, or system exposure), as well as continuous monitoring that enables real-time intervention, incident review and debugging, and auditing at regular intervals to ensure the system is performing as expected.  The Framework also explains both how organizations should identify what to log and how to effectively monitor logs—including by defining potential alert thresholds and risk-based interventions.

4. Enable End-User Responsibility

The Framework distinguishes between users who interact with agents (e.g., customer service agents) and users who integrate agents into their work processes (e.g., coding assistants).  For the former, the Framework focuses on transparency, including disclosure of the agent’s capabilities, data access, and a human point of contact.  For users integrating agents into their workflows, in addition to transparency the Framework emphasizes the importance of education and training on oversight best practices, common failure modes, and the potential impact on tradecraft (including the loss of basic operational knowledge as agents take over entry-level tasks previously done by humans).  The Discussion Paper further emphasizes that end users should review approval prompts carefully and, in sensitive contexts, serve as auditors or red-team testers.

*  *  *

For organizations considering agentic AI, the Framework offers practical guidance on governance, security, and oversight throughout the agentic system lifecycle.  Its Annex A contains several potentially helpful resources for further reading, including from key industry players.  The Framework is a living document that will evolve over time, and IMDA has requested feedback on the Framework itself as well as case studies on best practices for implementation.

Tags: Agentic AI, Infocomm Media Development Authority, Singapore
Print:
Email this postTweet this postLike this postShare this post on LinkedIn
Photo of Jadzia Pierce Jadzia Pierce

Jadzia Pierce advises clients developing and deploying technology on a range of regulatory matters, including the intersection of AI governance and data protection. Jadzia draws on her experience in senior in house leadership roles and extensive, hands on engagement with regulators worldwide. Prior…

Jadzia Pierce advises clients developing and deploying technology on a range of regulatory matters, including the intersection of AI governance and data protection. Jadzia draws on her experience in senior in house leadership roles and extensive, hands on engagement with regulators worldwide. Prior to rejoining Covington in 2026, Jadzia served as Global Data Protection Officer at Microsoft, where she oversaw and advised on the company’s GDPR/UK GDPR program and acted as a primary point of contact for supervisory authorities on matters including AI, children’s data, advertising, and data subject rights.

Jadzia previously was Director of Microsoft’s Global Privacy Policy function and served as Associate General Counsel for Cybersecurity at McKinsey & Company. She began her career at Covington, advising Fortune 100 companies on privacy, cybersecurity, incident preparedness and response, investigations, and data driven transactions.

At Covington, Jadzia helps clients operationalize defensible, scalable approaches to AI enabled products and services, aligning privacy and security obligations with rapidly evolving regulatory frameworks across jurisdictions—with a particular focus on anticipating enforcement trends and navigating inter regulator dynamics.

Read more about Jadzia PierceEmail
Show more Show less
Photo of Sam Jungyun Choi Sam Jungyun Choi

Recognized by Law.com International as a Rising Star (2023), Sam Jungyun Choi is an associate in the technology regulatory group in Brussels. She advises leading multinationals on European and UK data protection law and new regulations and policy relating to innovative technologies, such…

Recognized by Law.com International as a Rising Star (2023), Sam Jungyun Choi is an associate in the technology regulatory group in Brussels. She advises leading multinationals on European and UK data protection law and new regulations and policy relating to innovative technologies, such as AI, digital health, and autonomous vehicles.

Sam is an expert on the EU General Data Protection Regulation (GDPR) and the UK Data Protection Act, having advised on these laws since they started to apply. In recent years, her work has evolved to include advising companies on new data and digital laws in the EU, including the AI Act, Data Act and the Digital Services Act.

Sam’s practice includes advising on regulatory, compliance and policy issues that affect leading companies in the technology, life sciences and gaming companies on laws relating to privacy and data protection, digital services and AI. She advises clients on designing of new products and services, preparing privacy documentation, and developing data and AI governance programs. She also advises clients on matters relating to children’s privacy and policy initiatives relating to online safety.

Read more about Sam Jungyun ChoiEmailSam Jungyun's Linkedin Profile
Show more Show less