The NIST AI Agent Standards Initiative is a program for standardizing AI agents officially launched by the NIST Center for AI Standards Innovation (CAISI) under the National Institute of Standards and Technology (NIST) on February 17, 2026. With a total of 104,504 AI agents active worldwide, efforts are being made to establish order through three main pillars: standard development, fostering open-source protocols, and security research.
TL;DR
- NIST CAISI launched the AI Agent Standards Initiative on February 17, 2026
- 3 pillars: Industry-led standard development / Fostering of open-source protocols (MCP) / Security and identity research
- Key deadlines: March 9, 2026 (Security RFI), April 2, 2026 (Identity Concept Paper)
- MCP identified by NIST as a "leading open standard" candidate — 44% (8,000+) of the total 18,058 MCP servers are exposed without certification
- Gartner: By 2028, 40% of enterprise CIOs are expected to demand Guardian Agents for AI agents
What is the NIST AI Agent Standards Initiative?
The NIST AI Agent Standards Initiative is an initiative launched by the NIST CAISI (Center for AI Standards Innovation) on February 17, 2026, to establish international standards for the security, interoperability, and identity verification of AI agents. With over 100,000 agents active, the initiative addresses the lack of security standards, identity verification systems, and interoperability rules.
When looking at the numbers behind the initiative, the scale of the problem becomes clear.
| Indicator | Value | Source |
|---|---|---|
| Total AI Agents Worldwide | 104,504 | UAR (as of March 2026) |
| MCP Servers | 18,058 | mcp.so |
| Monthly MCP SDK Downloads | 97 million+ | npm/PyPI |
| Rate of Deployment after Security Approval | 14.4% | Industry research |
| Unauthenticated MCP Servers | 8,000+ | Security research (February 2026) |
| Prediction of CIOs Demanding Guardian Agents by 2028 | 40% of CIOs | Gartner |
NIST's diagnosis is clear. "No one knows what AI agents are, what they can do, or who is responsible when problems arise." This is why NIST has taken action.
What do the three pillars of the initiative entail?
The NIST AI Agent Standards Initiative consists of three main pillars: standard development, protocol nurturing, and security research.
Pillar 1: Industry-led Standard Development
It promotes industry-led standard development rather than direct government standardization. Key tasks include securing the U.S. representation in international standardization bodies such as ISO, IEC, ITU, and establishing agent definitions, functional classifications, and performance evaluation criteria.
NIST expects these standards to follow a path from voluntary guidelines to industry standards, regulatory standards, and legal responsibilities, similar to the path taken by the NIST Cybersecurity Framework (CSF).
Pillar 2: Community-led Open-Source Protocols
It fosters an open protocol ecosystem to ensure interoperability among AI agents. The protocols of interest to NIST include:
| Protocol | Role | NIST Interest |
|---|---|---|
| MCP (Model Context Protocol) | Agent-tool connectivity | Top priority (specified as a standard candidate) |
| A2A (Agent-to-Agent) | Communication between agents | High |
| OAuth 2.0/2.1 | Authentication/authorization | Core infrastructure |
| SPIFFE/SPIRE | Service identity | Reference standard |
In an official announcement, NIST specified MCP as a "leading open standard that allows AI agents to securely connect to various data sources without exclusive integration." Compliance with MCP has started to appear in enterprise RFPs in early 2026.
Pillar 3: AI Agent Security and Identity Research
It conducts research on security and identity verification technologies for adopting trustworthy agents. In this pillar, NIST has issued two key documents.
AI Agent Security RFI
- Issued: January 2026
- Deadline: March 9, 2026
- Industry feedback on current threats, mitigation measures, and measurement methods for agent security
AI Agent Identity & Authorization Concept Paper
- Issued: February 5, 2026
- Deadline: April 2, 2026
- Issued by: NCCoE (National Cybersecurity Center of Excellence)
- Exploration of practical standard-based approaches to software and AI agent authentication, authorization definition, and access control
- Submit feedback to: AI-Identity@nist.gov
What are the 7 key AI agent security threats highlighted by NIST?
By combining the NIST RFI and related research, the core security threats in the AI agent ecosystem are summarized into 7 categories, including the God Key issue, unauthenticated MCP servers, prompt injection, and others.
| # | Threat | Description | Severity |
|---|---|---|---|
| 1 | God Key Issue | Delegating all permissions with a single API key — full system control if leaked | Critical |
| 2 | Unauthenticated MCP Servers | Over 8,000 servers exposed on the internet without authentication | Critical |
| 3 | Prompt Injection | Manipulating agent behavior with malicious input | High |
| 4 | Excessive Permissions | Granting agents more system access than necessary | High |
| 5 | Model Extraction Attack | Stealing model knowledge through agent interactions | High |
| 6 | Supply Chain Attack | Infiltration through malicious MCP servers/plugins | Medium |
| 7 | Data Leakage | Unintentional exposure of sensitive data handled by agents | Medium |
These 7 threats overlap significantly with the MCP Top 10 security risks identified by OWASP. MCP01 (Tool Control Hijacking), MCP02 (Excessive Permissions), MCP03 (Tool Addiction), MCP04 (Server Vulnerabilities), MCP07 (Lack of Authentication), and MCP09 (Plain Text Transmission) directly correspond to areas of interest for NIST.
Why is the issue of AI agent identity important?
The core issue of AI agent identity lies in the fact that most agents currently use user credentials directly. This structurally creates three problems: exceeding authorization scope, lack of auditability, and difficulty in revocation.
[사람] --> OAuth 토큰 --> [에이전트] --> API 키 --> [서비스]
^
누구의 권한?
무엇을 할 수 있는지?
감사 추적은?
The target state proposed by NIST is as follows.
| Current State | NIST Target State |
|---|---|
| User Token Sharing | Agent-specific Identity |
| Full Permission Inheritance | Principle of Least Privilege |
| Indistinguishable Human/Agent | Actor Differentiation + Audit Logs |
| Static API Keys | Dynamic, Time-limited Tokens |
In addressing this issue, NIST refers to existing standard stacks as follows.
| Standard | Role | Implementation |
|---|---|---|
| OAuth 2.0/2.1 | Authorization Framework | Issuance of agent-specific scoped tokens |
| OpenID Connect | Identity Verification | Agent identity proof + metadata |
| SPIFFE/SPIRE | Service Identity | Unique SPIFFE ID assignment to agents |
| NIST SP 800-207 | Zero Trust | Agent identity verification for each request |
| NIST SP 800-63-4 | Digital ID Guidance | Definition of agent authentication levels (IAL/AAL) |
What changes after the standardization of MCP security?
The most significant change in the MCP ecosystem after NIST standardization is that authentication transitions from being optional to mandatory. Currently, 44% (8,000+) of the 18,058 MCP servers are exposed without authentication.
| Area | Current State | Post NIST Standardization |
|---|---|---|
| Authentication | Optional (44% not applied) | Mandatory (based on OAuth 2.1) |
| Authorization | God Key (full permissions) | Scope-based least privilege |
| Transmission | HTTP (some plaintext) | Mandatory TLS + recommended mTLS |
| Auditing | No logging | Actor-specific audit logs required |
| Identity | None | SPIFFE ID + metadata |
| Lifecycle | Permanent tokens | Time-limited + automated rotation |
The reason MCP has become a core part of NIST standards is due to its market dominance. With over 18,000 servers, 97 million+ monthly downloads, and 146 AAIF member companies, including support from Anthropic, Microsoft, Google, and OpenAI, and Apple preparing to support it. After being specified as a "leading open standard" by NIST, the trend of including MCP compliance in procurement requirements is accelerating.
If you are considering adopting AI agents for web scraping, make sure to check out What You Need to Know When Building Web Scraping AI Agents as well.
Enterprise Compliance Checklist — What should be done now?
Preparing for enterprise AI agent compliance should be approached in three stages: immediate actions, short-term improvements, and long-term standardization.
Phase 1: Immediate Actions (1-2 weeks)
| # | Item | Description | Time Required |
|---|---|---|---|
| 1 | MCP Server Authentication Check | Verify OAuth 2.0 authentication on operational MCP servers | 2 hours |
| 2 | API Key Audit | Check for "God Key" pattern usage + scope separation | 4 hours |
| 3 | Agent Inventory | Conduct a comprehensive survey of AI agents in the organization | 1 day |
| 4 | Review of NIST RFI | Understand the contents of the Agent Security RFI + compare with internal security status | 2 hours |
Phase 2: Short-Term Improvements (1-3 months)
| # | Item | Description |
|---|---|---|
| 5 | Agent-specific Authentication Implementation | Separate OAuth tokens for agents instead of user token sharing |
| 6 | Application of Least Privilege | Grant agents only the necessary minimum permissions (tool-specific scopes) |
| 7 | Establishment of Audit Logging | Collect agent behavior logs + distinguish between human/agent behavior |
| 8 | Application of TLS/mTLS | Mandatory encryption for MCP server transmission |
Phase 3: Long-Term Standardization (3-12 months)
| # | Item | Description |
|---|---|---|
| 9 | Implementation of SPIFFE ID | Assign unique identities to agents with SPIFFE ID |
| 10 | Application of Zero Trust | Verification of agent identity for each request based on NIST SP 800-207 |
| 11 | Compliance Monitoring | Track NIST standard announcements + analyze gaps in internal implementation |
| 12 | Participation in International Standards | Monitoring discussions on agent standards at ISO/IEC |
NIST Standardization Timeline — What are the key deadlines?
The closest deadline is the AI Agent Security RFI on March 9, 2026, which is 2 days away from the time of writing.
2026.01 CAISI, AI Agent Security RFI 발행
2026.02.05 NCCoE, Agent Identity & Authorization Concept Paper 발행
2026.02.17 AI Agent Standards Initiative 공식 출범
2026.03.09 [마감] AI Agent Security RFI 의견 제출 마감
2026.04.02 [마감] Agent Identity Concept Paper 의견 제출 마감
2026.H1 첫 번째 보안 가이드라인 초안 예상
2026.H2 표준 초안 공개 검토 예상
2027 NIST SP (Special Publication) 형태로 정식 발행 예상
2028 Gartner: 기업 CIO 40%가 AI Agent에 Guardian Agent 요구
The implications for Korean companies are concrete. There is a high likelihood that U.S. customers/partners will demand NIST-based compliance, and there is potential for mutual reference between the Korean AI Basic Act (enacted in January 2026) and NIST standards. The trend of including MCP compliance in domestic procurement requirements is also expected to accelerate.
If you are curious about the legal standards in the web data collection process, refer to Is Web Scraping Legal? A Complete Overview of Legal Standards in Korea and Abroad.
FAQ
Q1. Does the NIST AI Agent Standards Initiative have legal binding force?
Currently, it is a voluntary standard. However, similar to the NIST Cybersecurity Framework (CSF), the path from voluntary guidelines to industry standards, regulatory standards, and legal responsibilities is predictable. Gartner predicts that by 2028, 40% of enterprise CIOs will demand Guardian Agents for AI agents.
Q2. Do Korean companies need to adhere to NIST standards?
It is practically essential if you trade with U.S. customers or aim for the global market. Gartner predicts that by 2028, 40% of enterprise CIOs will demand Guardian Agents for AI agents, and there is potential for mutual reference between the Korean AI Basic Act (enacted in January 2026) and NIST standards.
Q3. I operate MCP servers. What should I do first?
There are three immediate actions you should take. Firstly, check if OAuth 2.0 authentication is applied to your operational MCP servers. Secondly, verify if API keys follow the "God Key" pattern and ensure scope separation. Lastly, confirm TLS transmission encryption. With over 8,000 MCP servers exposed without authentication, starting with basic security checks is crucial.
Q4. How does NIST's Agent Identity differ from traditional OAuth?
Traditional OAuth focuses on human authentication and authorization. NIST's proposed agent identity assigns a unique ID to AI agents, distinguishes between human and agent behaviors, and sets different permission scopes for each agent. Currently, most agents inherit user tokens directly, making it impossible to differentiate between human and agent actions.
Q5. Can I submit feedback to the NIST RFI?
Yes, Korean companies can submit feedback. The deadline for the AI Agent Security RFI is March 9, 2026, and for the Agent Identity Concept Paper is April 2, 2026. The feedback email is AI-Identity@nist.gov, and providing detailed information about your security status and standardization needs can influence the standardization process.
Conclusion
The NIST AI Agent Standards Initiative is the first government-level attempt to bring order to the AI agent ecosystem. Summarizing the three key messages:
First, standardization is inevitable. With over 104,504 agents, 18,058 MCP servers, and over 8,000 unauthenticated exposures — standardization is not just a matter of time but a matter of survival in the age of chaos.
Second, MCP transitions from a de facto standard to an official standard. After being specified as a "leading open standard" by NIST and starting to appear in RFPs, MCP compliance is accelerating.
Third, companies preparing now have an advantage. Before Gartner's forecast of 40% of enterprise CIOs demanding Guardian Agents for AI agents by 2028 becomes a reality, establishing authentication, authorization, and audit infrastructure is a priority.
In the era of AI agents directly collecting web data, it is essential to check the security and compliance of web scraping infrastructure. Hashscraper operates MCP servers with OAuth 2.1 authentication, HTTPS transmission, and tool-specific scope separation, and is preparing a roadmap for OAuth 2.1 migration aligned with NIST standardization.
If you are curious about the security status of your web scraping infrastructure, request a free consultation at www.hashscraper.com/#contact.
