A Framework for Securing Agentic AI Workflows and Quantum-Resistant Communication in U.S. Critical Infrastructure Networks

Abstract

For artificial intelligence (AI) systems designed to learn and act without human intervention, the events of this rapid integration into U.S. critical infrastructure networks and the rapid pace of approach to cryptographically relevant quantum computers (CRQCs) create a dual convergence of threat that is not adequately met by current frameworks. Agentic AI systems have additional attack surfaces, such as prompt injection, non-human identity (NHI) exploitation, and cascading multi-agent failures, due to their ability to operate autonomously, take multiple steps, and coordinate with other agents. At the same time, existing public-key cryptographic standards, such as RSA and elliptic curve cryptography (ECC), are under attack with harvest-now-decrypt-later (HNDL) attacks to hack encrypted communications in operational technology (OT) and industrial control system (ICS) environments. This article suggests security in both threat domains by leveraging three layers of security: Layer 1: Security of the agentic AI workflow through identity management, prompt sanitization and behavior monitoring; Layer 2: Quantum resistant communication with migration to NIST standardized post-quantum cryptographic (PQC) algorithms (FIPS 203, 204, 205); and Layer 3: Governance and compliance integration with CISA, NERC CIP and the NIST AI Risk Management Framework. Compliance is verified with a cross-walk analysis to current standards, and the framework is tested in scenarios of representative critical infrastructure in the energy, water, and financial sectors. Results suggest that this framework offers a roadmap for RTOs to use in preparing for the deployment of agentic AI and the migration to post-quantum cryptographic algorithms.