NCCoE seeks input on project to apply identity, authorization standards to agentic AI

The National Cybersecurity Center of Excellence (NCCoE) at the National Institute of Standards and Technology (NIST) is interested in AI agents. Specifically, according to an announcement, it is “interested in launching a project to demonstrate how identity standards and best practices can be applied to software agents, with a focus on agentic AI applications.”

NCCoE is seeking community input on the project. To that end, it has released a concept paper, “Accelerating the Adoption of Software and Artificial Intelligence Agent Identity and Authorization,” which contextualizes the project and outlines topics for feedback.

“AI agents offer the promise of improved productivity, efficiency, and decision-making in complex scenarios,” says the abstract. “But these benefits cannot be realized without the ability to understand how identity principles such as identification, authentication, and authorization can apply to agents to provide appropriate protections while enabling business value.”

The NCCoE will consider use cases, challenge, standards both established and developing, technologies being used to support agentic AI, and “more detailed questions on the identification, authorization, auditing and non-repudiation of AI agents, as well as controls to prevent and mitigate prompt injection techniques.” Other sections of the paper cover authentication, auditing and non-repudiation, access delegation, and .

The concept paper is open for public comment now through April 2, 2026. It says “feedback received will help determine the scope, feasibility, and potential value of the project and inform whether a demonstration effort or other NCCoE outputs would best address the challenge. Community input will inform subsequent project planning activities, which could include development of a draft project description and a call for collaborators.”

“Consistent with the NCCoE mission, the ultimate deliverable will be a practice guide detailing example implementation details built in the NCCoE laboratories using commercially available technologies, along with key lessons learned along the way.” As a comparable project, the paper points to the NCCoE’s recent mobile driver’s license (mDL) project.

Article Topics

AI agents  |  authentication  |  authorization  |  cybersecurity  |  digital identity  |  identity verification  |  NCCoE  |  NIST