104D - Artificial Intelligence Security Standard

1.0 Purpose

The purpose of this standard is to communicate expectations and requirements related to use of Artificial Intelligence (AI) at Â鶹ÎÞÂë°æ (UAA), including what data is appropriate, the process for selecting and procuring Generative, Agentic, and other kinds of AI tools, as well as awareness of the risk associated with it.

2.0 Standard

2.1 Scope of Standard

This standard applies to the Â鶹ÎÞÂë°æ inclusive of all university campuses, IT systems, networks, and university administrative and operational data. 

2.2 Standard

2.2.1 Compliance with UA System Standard

The UAA will comply with the University of Â鶹ÎÞÂë°æ System Generative AI Security Standard in its entirety. UAA may add additional standards to add to and extend the system standard. Additions are found below in this standard.

2.2.2 General Use and Selection of AI Tools

UAA constituents should follow the University of Â鶹ÎÞÂë°æ System Generative AI Guidance and use the GenAI Tool Risk Assessment guidance to determine what university data can be used with what AI Tools. 

2.2.3 Prohibited AI Tools at UAA

UAA ITS will evaluate when specific AI tools are invasive or otherwise deemed to be high risk for the UAA community. ITS will maintain a list of Prohibited AI Tools on the ITS website that have been determined to be too invasive or high risk and may therefore not be used with UAA data, with UAA accounts, or used on UAA systems or network. This does not mean that the underlying LLM model is prohibited, only the specific AI tool or product.

2.2.4 Specific Use of AI Tools

2.2.4.1 Non-Repudiation and Human Responsibility

The actions of non-UA approved artificial intelligence tools either using a user's account as authorized by the user or otherwise authorized by the user in any way will constitute action by the user and for which the user is responsible.

3.0 Procedures

3.1 Maintaining the list of Prohibited AI Tools

Additions or subtractions to the list of Prohibited AI Tools must be proposed to ITS and approved by the Chief Information Officer. 

4.0 Definitions

See IT Policies and Standards Definitions.

5.0 References

Generative AI Security Standard - UA System IT Standard
 

University GenAI Policies and Guidance
 

University of Â鶹ÎÞÂë°æ Board of Regents Policy & Regulations

6.0 Standard Information

Standard Effective Date: 11/15/2025
Standard Revision Date: 01/13/2026
Standard Owner: Ryan McDaniel - Associate Vice Chancellor and CIO
Standard Author: Ryan McDaniel - Associate Vice Chancellor and CIO

Revision History:
1.0: Initial version.
1.1: Update to add agentic AI terminology and section 2.2.4.1.