When AI agents go rogue, the federal government needs reversible resilience

The age of agentic AI — where autonomous systems make decisions and take actions at speed — has dawned in ways government agencies may struggle to grasp. As agencies explore ways to bring agentic AI into public service, resilience can no longer be a component of the strategy; it is the strategy. When integrating AI agents, the federal government must prioritize rapid reversibility and transparent, auditable recovery.

Agentic AI can deviate, whether intentionally or unintentionally

Agentic AI can accelerate deviations faster than any insider threat or external adversary. Recent notable incidents demonstrate that even leading organizations face challenges in managing autonomous AI systems when they make mistakes. Imagine such scenarios occurring within large-scale databases, essential infrastructure systems or security-sensitive applications. Considering the interconnected nature of cloud services, software platforms and hybrid environments, the potential for widespread and irreversible impact becomes significant.

The danger is significant, yet solutions exist

Federal cybersecurity teams are already playing catch-up to basic vulnerabilities lurking in their technology stacks of the past 30 years. Agentic AI is, and will be, built on top of these legacy systems, all while adversaries likely maintain an undetected foothold in many agencies.

Though AI agents hold great promise, they’re far from infallible. From technical glitches and legal issues to deleted production databases, past incidents highlight their potential to cause serious disruption. A recent study reveals a troubling trend: AI agents often become disoriented, take incorrect shortcuts and struggle with basic multi-step tasks. These aren’t just minor hiccups — they point to more profound reliability issues that must be addressed before AI can be fully trusted in high-stakes settings like government operations.

Therefore, cyber resilience strategies should be developed to provide extensive visibility, detailed tracking and the capability to reverse any unintended actions taken by AI agents. Agencies should also deploy tactics that enable them to trace agentic AI activities back to their origins, view the instructions issued, every system or resource utilized and every data modification made. Especially important are tactics that support safe rollback, allowing agencies to rewind what changed, such as files, databases, configurations or repositories. Additionally, agencies need to consider the following:

Resilience must be the core security strategy. To safeguard federal missions in the agentic AI era, government leaders must embrace a new paradigm: resilience is more than just protection. Cyber resilience is the ability to survive and recover from AI-driven incidents — no matter how fast or unpredictable.

Build agentic AI guardrails. Federal leadership should invest in architectures that keep humans in control, giving them final authority over critical actions, escalations and audit trails. Where necessary, security teams should require AI-generated actions to pass through staged approval — especially for sensitive operations.

Ensure full lifecycle observability. Traditional observability tells security teams what happened; it rarely tells them why or offers a path to undo damage. These teams should ensure that every agentic AI deployment traces all actions, triggers and causal chains — down to prompts and tool invocations. Any system that cannot be audited, explained and reversed should not be used for sensitive government workloads.

Prioritize reversibility. Agencies should deploy capabilities that allow their teams to surgically roll back specific actions — files, databases, process flows — without resorting to total system restores or lengthy downtimes. They should test these capabilities regularly during resilience exercises.

Focus on recovery speed. Agencies should design playbooks for AI incident response that prioritize minimization of impact and restoration of trust within minutes. Time is their adversary; they should aim for rollback at “AI speed.”

View agentic AI assurance as first class. Cybersecurity and agentic AI teams must work together to place AI assurance at the heart of every deployment. They should ensure continuous testing, independent validation and compliance standards to cover not just data and access but also agentic AI outputs and their traceability.

Treat cyber resilience as the greatest strength. Lastly, the new AI threat against governments is not just malware, phishing or nation-state sabotage — it is the emerging technology being deployed that is surging ahead without us. Federal leaders should instill a culture where cyber resilience is the strongest shield. The ability to swiftly undo agentic AI mistakes should be part of any unified federal agentic AI adoption strategy.

Agentic AI mistakes will happen. However, the government must be empowered to ensure that these mistakes are neither permanent nor catastrophic.

Travis currently serves as the Public Sector CTO at Rubrik helping organizations become more cyber and data resilient. Prior to Rubrik, Travis held several leadership roles including the Chief Technology and Strategy Officer at BluVector, CTO at Tychon, Federal CTO at FireEye, a Principal at Intel Security/McAfee and Leader at the Defense Information Systems Agency (DISA).

The views expressed in this article are those of the author and do not necessarily reflect the official policy or position of Rubrik. This article is for informational purposes only and does not constitute business or legal advice. Organizations should consult with legal and compliance professionals to ensure their cybersecurity strategies meet all applicable federal, state, and international requirements.