Overview

Agentic AI has become prevalent and is available via many platforms. Microsoft Copilot Studio is JMU’s enterprise-approved platform for agent creation. Agents that can perform actions offer new opportunities and come with risks, particularly related to privacy and security.

Unlike most generative AI chatbots on the open web, AI agents require access to systems, files, and some programs. This could reveal protected data, including financial data, research data, and data protected by HIPAA and FERPA. This level of access also creates appealing targets for malicious actors. Prompt injection attacks are a known vulnerability that users should be aware of when working with agentic AI.

JMU IT Approach

• Explore AI agents that are becoming available through existing enterprise platforms.
  
  
• Ensure students, faculty, and staff understand agentic AI, including associated responsibilities and risks.
  
  
• Develop a model to monitor and manage usage and costs for Microsoft Copilot Studio.
  
  

Guidance and Steps to Get Started

• Use JMU-approved AI platforms only. If exploring a new AI tool or platform, ensure a Technology Solution Request (TSR) is created and approved before use.
  
  
• As a state institution, JMU is responsible for understanding how AI is used across campus. For a more rapid review, check whether a similar approved tool or platform already meets the need.
  
  
• Read more about Copilot and agents in the Knowledge Base.
  
  
• Do not open Canvas, CRM, or other JMU platforms using an unapproved agentic browser or agentic tool.
  
  
• Consider how agentic AI aligns with course policies related to AI use. If some generative AI is allowed, it may be necessary to explicitly state where AI agents are also allowed or not allowed.