Artificial Intelligence: Agentic AI Risks and User Responsibilities

Agentic AI—autonomous AI systems that are capable of acting, planning, reasoning, and calling external functions. Agentic AI presents transformative opportunities for the University community. However, as we adopt these powerful tools, we must prioritize understanding and defending against their unique security risks to keep our data, systems, and community safe.

Key Security and Compliance Concerns with Agentic AI

The advanced capabilities of agentic AI introduce several unique security and compliance challenges that require careful consideration and robust policy frameworks before they are safe to use within the University environment.

External function calls (how AI connects with the outside world) and attack exposure

Because agentic AI can access and use external tools (like web services, software, or system commands), it greatly increases the areas an attacker could potentially exploit. This functionality, while powerful, makes agentic AI systems a prime target for attackers. Malicious actors could exploit vulnerabilities in the AI's logic or the functions it interacts with to gain unauthorized access, exfiltrate data, or execute harmful code. To ensure your tools are safe, the University Information Security (UIS) team provides careful scrutiny and security vetting to AI functionality during the Vendor Risk Assessment (VRA) process and consultation prior to use.

Vendor transparency and accountability

Vendor transparency is essential to the University community (including staff, faculty, and students) to ensure effective accountability and risk management, thereby safeguarding our members and the sensitive data we access. The University looks for vendors that disclose their AI security program with supporting documentation and actively communicate the security and compliance risks related to their functionality. Vendors who value this transparency and clear documentation to protect your vital teaching, learning, research, and supporting work are prioritized.

Data privacy and restricted information (Including PHI)

Any agentic AI systems that process, store, or transmit Protected Health Information (PHI) or other forms of restricted data are reviewed for compliance with relevant privacy regulations and may require a Business Associate Agreement (BAA). To help you maintain regulatory requirements, if a use case involves Private-Highly Restricted or Private Restricted Data (or requires a Business Associate Agreement (BAA)), UIS will evaluate the risks through the Vendor Risk Assessment process. UIS may recommend that University users omit the employment of any agentic AI system based on the security and compliance risks identified.

User Responsibilities and the Risks of Sharing Institutional Credentials

Sharing institutional login credentials (such as a User ID and password) with autonomous agentic AI systems poses critical risks, as the AI may:

● Violate Policy: Store or reuse credentials in ways that violate University policy.
● Cause Unintended Outcomes: Use credentials in unintended ways or with unforeseen results.
● Lack Oversight: Interact with third-party services that lack institutional oversight.
● Lead to Violations: Cause unauthorized access, data breaches, or compliance
violations (for example: HIPAA, FERPA, GLBA, and MNGDPA).

Take the following steps to protect your University credentials:
● Never Input Credentials: Never input University credentials into AI tools that have not been vetted by UIS first.
● Prioritize Single Sign-On (SSO): Use Single Sign-On (SSO) where available.
● Avoid Unvetted Software: Avoid personal or trial software for institutional work.
● Report Misuse: Report any suspected misuse or credential exposure to the University Information Security team immediately.
● Never Approve Unidentified Multi-factor Authentication (MFA): Never approve MFA/DUO authentication prompts for sessions you did not initiate or cannot identify.

University Information Security (UIS) Oversight and Risk Management

UIS plays a critical role in managing and mitigating the risks associated with agentic AI:

Use Case and Data Access Review

The UIS Vendor Risk team must review the use case any time a vendor has access to University data and whenever a use case changes significantly with a vendor. This is crucial for agentic AI systems because their ability to autonomously access, interpret, or link to new data sources can suddenly and significantly expand their data footprint. This review ensures that data access remains appropriate and securely governed according to current policy.

Product Change Review

The UIS Vendor Risk team must also review the vendor’s system any time the product changes, particularly for new model versions or updates. A change may inadvertently violate existing security or compliance controls due to the unique characteristics of agentic AI (e.g., new external function calls, altered security settings, or changes to the underlying large language model (LLM) behavior). This continuous oversight is necessary for maintaining a secure and compliant environment.