Developing greater use of AI agents has become a strategic business imperative for many companies, but they struggle to secure and govern their agent deployments because of a lack of neutral frameworks or guidance. The Cybersecurity and Infrastructure Security Agency, National Security Agency and four international counterparts filled that gap last month when they issued lengthy guidance (Guidance). The Guidance lists dozens of best practices for companies to adopt, while signaling raised government expectations for agent security. This article discusses the Guidance’s recommendations and impact, and provides insights on what companies should do while standards slowly develop, with perspective from practitioners at Freshfields, Jones Walker, Norton Rose and Panoptic Systems. See “Eyewitness Accounts and Recommended Actions to Counter AI’s Strain on Cyber Defense” (May 6, 2026).