AI Agents: What You Need to Know

What Are AI Agents? 

AI agents are AI systems that can take actions on your behalf—performing multi-step tasks such as reading your screen, clicking buttons, filling out forms, sending messages, running commands, or moving between websites and applications with limited human input. Unlike standard chat-based AI, they operate outside the conversation. Many web browsers and extensions now include these capabilities.  

Because agents can interact with your applications and act in your name, misuse or unintended actions can have complex, far-reaching consequences, including compromising the confidentiality, integrity, and availability of university systems and data. These risks also extend to your personal accounts, finances, and private information. When your work calls for agentic capabilities, use university-approved tools. 

Common platforms like ChatGPT, Gemini, and Claude now offer "Agent" or "Action" modes that can operate independently of the standard chat interface. This advisory applies to any AI system that can access university networks, view screen content, or take actions on your behalf, including: 

  • AI Assistants with Actions: Tools that browse the web, fill out forms, or manage your calendar. 
  • AI-Enhanced Browsers: Browsers and extensions that automate navigation or interact with page content (e.g., Perplexity Comet). 
  • Autonomous Workflows: Systems designed to complete multi-step tasks across different apps (e.g., AutoGPT). 
  • Computer-Control Tools: Agents that can run commands, manage files, or control your desktop (e.g., Claude Code). 

Key Risks

Because agents can “see” your screen and share your login permissions, they may transmit sensitive information, such as student records, financial data, or research files, to external companies.

Agents can misinterpret instructions or make mistakes. Unlike a chatbot that just gives a wrong answer, an agent can actually execute that mistake, deleting files, changing grades, or sending incorrect messages in university systems, often before you can intervene. 

Agents can be “taken over” by malicious instructions hidden on a website or in an email, forcing them to perform harmful actions, such as downloading files or sharing your passwords, without your knowledge or intent.

Agents can log into learning systems to autonomously complete assignments, making it difficult to verify that work reflects a student’s own knowledge and effort.  

Some agents continue to run in the background, creating a hidden connection to university systems that may continue to access data or take actions without your direct supervision.

Approved Agentic Tools

Microsoft Copilot Studio is available through university licensing and, when signed in with your KU or KUMC account, is the recommended tool for agentic work. Custom agents built for internal use should go through IT review before deployment, including any third-party integrations.  

Consistent with KU’s AI principles, human oversight is essential when working with agentic tools. Monitor agents closely while they are running and stop them immediately if they access unexpected sites, handle sensitive data, or begin making changes you did not intend. Additionally: 

  • Limit Permissions: Grant agents only the minimum access needed for the task and avoid connecting them to accounts with broad access to Restricted or Confidential university data.  
  • Protect Critical Systems: Do not allow agents to control active sessions in critical university platforms, including clinical, HR, finance, or research systems.   

Research Use

Agentic AI may be appropriate in controlled research environments. Researchers should apply appropriate safeguards and oversight consistent with frameworks such as the NIST AI Risk Management Framework. IRB review is required when research involves human subjects, identifiable data, or other regulated activities. 

Automating Official Work

Using agentic AI to automate official university functions, including advising, admissions, grading, HR, finance, or handling Restricted or Confidential data, presents significant institutional risk. When agents retrieve and act on university content, the accuracy of their outputs depends on the quality and timeliness of their source materials. Units considering this use should carefully curate the information sources made available to agents and pursue documented review through established IT, security, compliance, or research oversight processes before deployment. 

Protecting Online Exams

Instructors should consider locked-down testing tools such as Respondus LockDown Browser, which can help limit access to external resources, including some AI agents, during online exams in Canvas, Blackboard, and similar systems. Note that Respondus requires students to download and install the browser before use, so instructors should communicate this requirement in advance. 

A Final Note

AI agents have real potential to support teaching, research, and university operations. With the right safeguards in place, the university community is well-positioned to explore these tools responsibly. As with all emerging technology, thoughtful and informed use is the best approach. Follow the direction outlined in this advisory, stay current with university policy, and when in doubt, pause and seek guidance before proceeding. 

Issued by the KU AI Privacy & Risk Council | Last Updated: June 2026