ICBA responded to the National Institute of Standards and Technology’s request for information regarding security considerations for artificial intelligence agent systems. ICBA recommended that any future NIST guidance on AI agents reflect the realities of community banking and:

•Agent systems should be treated as a higher-risk category of AI because they can take actions - not just generate text - that impact sensitive data, customer communications, and business operations.

•NIST should encourage strong identity orchestration to support a “Know Your Agent” approach so institutions can identify which agent is acting, what it is authorized to do, and who approved that authority.

•Guidance must emphasize "constrained deployments by default" in high-risk environments, clear accountability across the vendor ecosystem, and auditability that enables banks to investigate incidents, protect customers, and demonstrate appropriate oversight.