Five Eyes Joint Guidance · Published May 1, 2026

The Agentic AI Governance Imperative

5 of 5
Five Eyes Risk Classes Operationalized

Six national cybersecurity agencies — CISA, NSA, ASD ACSC, Canadian Cyber Centre, NCSC-NZ, and NCSC-UK — just classified agentic AI as a critical national infrastructure concern. The MYTHOS Playbook is the operational reference CISOs adopt to implement every page.

📘 Publishing June 2026
↓ Scroll to discover
What's At Stake

The Critical Infrastructure Reality

AI agents are already deployed across critical infrastructure with insufficient governance. The Five Eyes joint guidance is the regulatory floor; the breach data is the operational ceiling.

⚠️
1 in 8
Enterprise breaches now involve AI agents — 340% YoY surge with 78% over-permissioned Digital Applied 2026
🛡️
88%
Of organizations report AI agent security incidents AGAT Software Survey 2026
🔐
98.9%
Of analyzed agent configurations lack deny rules entirely (n=18,470) Arun Baby Privilege-Escalation Kill Chain Analysis
Introducing

The MYTHOS Playbook

The CISO's Technical Guide to Governing Autonomous AI Agents

Convergent independent confirmation of the Five Eyes risk taxonomy. Drafted in 2025–2026 across a 17-sprint development cycle that closed May 9, 2026. Publishing June 2026.

34
Chapters + 9 appendices · ~450,000 words of CISO-grade technical depth
119
Cross-Walk Cells in Appendix C — 12 frameworks unified including Five Eyes, NIST AI RMF, OWASP, CRI FS AI RMF, MITRE ATLAS
≥99.65%
3-Sigma Lower Bound · Clopper-Pearson exact binomial · 7,000-scenario MYTHOS validation · 100% recall
The Five Eyes Cross-Walk

Every Risk Class. Every Chapter. Every Mapping.

Each of the five risk classes identified in "Careful Adoption of Agentic AI Services" maps to specific MYTHOS Playbook chapters and appendices. There is no Five Eyes risk class without an operational MYTHOS treatment.

Risk Class 1
Privilege Risks
Excessive access; compromise multiplication; privilege escalation across components
Part II — Architecture (Ch. 4–12): Patent-form least-privilege architecture across MRM-CFS-SG governance gates and AGL-SG access layer. Appendix D delivers the 8-2-8 model reference card with explicit privilege boundary specifications. Ch. 8 introduces the 828-model MRM-CFS cascading ensemble — privilege segmentation at scale no competing approach replicates.
Risk Class 2
Design & Configuration Risks
Insecure deployment; broad permissions; static role checks; poor segmentation; misconfigured third-party
Part II Architecture documents secure-by-design patterns chapter-by-chapter. Part VI Deployment (Ch. 30–34) specifies environment segmentation, fail-safe defaults, and progressive deployment patterns aligned with the Five Eyes "low-risk first" recommendation. Appendix G provides a 12-clause vendor RFP language library with inheritance — concrete procurement-grade language CISOs can paste into RFPs today.
Risk Class 3
Behavioral Risks
Shortcut-finding; ambiguous-instruction misinterpretation; prompt injection; strategic deception
Part III — Vectors (Ch. 13–19): Seven-vector behavioral threat taxonomy — autonomous multi-step exploitation, unsanctioned scope expansion, invisible deceptive reasoning, track-covering log manipulation, credential theft, sandbox escape, capability proliferation. Part IV Frameworks (Ch. 20–25): statistical detection methodology including HOTS Homology (81.4%), HCF2-SG, HES1-SG, and TEQ-SG patent-form gates designed for behavioral validation.
Risk Class 4
Structural Risks
Cascading failures; multi-step attacks; orchestration flaws; compromised third-party tool propagation
Ch. 8 specifies the 8-2-8 compositional safety model — explicit cross-component cascading-failure containment. Part V — SOC / Detection / Operations (Ch. 26–29) specifies real-time orchestration monitoring patterns. Appendix C delivers the 119-cell framework cross-walk matrix mapping structural-risk mitigations across NIST AI RMF, OWASP LLM Top 10, OWASP Agentic Top 10, CRI FS AI RMF, and MITRE ATLAS.
Risk Class 5
Accountability Risks
Distributed decisions; fragmented logs; opaque reasoning; difficult attribution and correction
Appendix F publishes a complete GTID hash-chained, tamper-evident audit-record sample — the exact log schema CISOs need to satisfy "every agent decision logged" requirements. Ch. 31 — NHI Governance delivers non-human-identity accountability patterns. Ch. 22 specifies the Crumpton 5/5 disclosure methodology. Appendix B provides the Clopper-Pearson exact-binomial worksheet for statistical accountability of detection claims.
Book Architecture

7 Parts. 9 Appendices. Built for the CISO Bookshelf.

Structured for security architects who need depth, not slogans. Each part maps to specific Five Eyes risk classes; each appendix delivers reference material adoptable as-is.

Part Chapters Focus Five Eyes Risk Class
I — FoundationsCh. 1–3Threat landscape; statistical methodology framingAll 5 (cross-cutting)
II — ArchitectureCh. 4–125-layer governance pipeline; 8-2-8 model; patent-form gatesPrivilege · Design · Structural
III — VectorsCh. 13–197-vector behavioral threat taxonomy with 1,000-scenario validation eachBehavioral
IV — FrameworksCh. 20–25Detection methodology; HOTS Homology; statistical gatesBehavioral · Structural
V — SOC / Detection / OpsCh. 26–29Real-time monitoring; SOC integration; vendor-eval methodologyStructural · Accountability
VI — DeploymentCh. 30–34Progressive deployment; NHI governance (Ch. 31)Design · Accountability
VII — AppendicesApp. A–ICross-walk matrix · GTID audit · Vendor RFP library · Glossary · BibliographyAll 5
Built for Regulatory Alignment
Five Eyes Joint Guidance NIST AI RMF OWASP LLM Top 10 OWASP Agentic Top 10 CRI FS AI RMF (230 objectives) MITRE ATLAS SOX (7-year retention) PCI DSS HIPAA
Author

Joseph P. Conroy

Founder & CEO, VectorCertain LLC. 30 years building mission-critical AI systems — from the 1997 ENVAIR2000 (the first commercial U.S. parts-per-trillion gas-detection system with AI-controlled hardware) through EPA-codified emissions monitoring, the first U.S. AI-driven NYMEX electricity-futures platform, and now SecureAgent — the first AI Agent Security (AAS) governance platform with 14,208 trials, 0 failures, and a 1.9636/2.0 internal TES score against MITRE's published methodology. MITRE ATT&CK Evaluations' Technical Lead Lex Crumpton confirmed in April 2026 that VectorCertain represents "a fundamentally different threat model" from post-execution detection.

30 yrs
Mission-critical AI systems · Since 1997
55
Patents · 21 USPTO-filed · $285M–$1.55B portfolio valuation
2 books
The AI Agent Crisis (Sept 2025) · The MYTHOS Playbook (June 2026)
Publishing June 2026 · Pre-Order Open

Be First In Line

Register your interest for early access to The MYTHOS Playbook. Early registrants receive priority access to author-led briefings and the Tier A External Exposure Report at no cost.

Register Pre-Order Interest → joseph@vectorcertain.com · vectorcertain.com · Casco, Maine