← Back to Schedule
Abstract visualization of agentic AI and campus cybersecurity
Session 1

The Autonomous Shift: Understanding Agentic AI and Safeguarding the Modern Campus

Wednesday, June 10, 2026 11:00 AM – 12:00 PM CMC · RDSC 129

About This Session

As higher education shifts from task-based systems to autonomous agentic AI, institutions must move beyond generic security to AI-specific deployment architectures. This session provides a clear and practical introduction to the evolution of AI—from traditional, reactive systems to autonomous, goal-driven agentic AI capable of independent decision-making.

Presenters from Claremont McKenna College and Earlham College will ground these concepts in real-world use cases relevant to higher education: IT operations automation, help desk assistance, student services, and the generation of academic materials. A significant portion of the session focuses on the emerging threat of prompt injection attacks—where malicious instructions embedded in emails, documents, and web content can manipulate AI behavior in unintended and dangerous ways.

Attendees will walk through a simulated scenario demonstrating how a prompt injection attack can lead to unintended actions or data exposure, and leave with an actionable framework for safe AI procurement and deployment.

Key Topics

Agentic AI Defined

How autonomous AI differs from traditional task-based systems and why that distinction matters for campus security.

Prompt Injection Attacks

Real threat vectors targeting AI systems via malicious instructions hidden in everyday documents and communications.

AI Vendor Vetting Blueprint

A risk-tiered 5-step procurement framework (Trigger, Classify, Overlay, Verify, Deploy) built for FERPA, GLBA, and NIST compliance.

Data Sovereignty "Red Lines"

Non-negotiable vendor contract requirements: Zero Data Retention (ZDR) and Model Training Opt-Outs to protect institutional data.

Learning Outcomes

By the end of this session, participants will be able to:

  • Classify AI tools into three distinct risk zones — Perimeter Defense, Standard SaaS, and Strategic SaaS — and apply appropriate security overlays for NIST, FERPA, and GLBA compliance.
  • Implement the 5-step AI Vendor Vetting Blueprint (Trigger, Classify, Overlay, Verify, Deploy) using the HECVAT 4.0 AI Appendix to streamline AI technology authorization.
  • Enforce non-negotiable data sovereignty "Red Lines" by evaluating vendor contracts for Zero Data Retention (ZDR) and Model Training Opt-Outs.
  • Explain the key differences between traditional AI and agentic AI, including how each operates organizationally and where risk profiles diverge.
  • Identify how prompt injection attacks work, recognize common delivery methods, evaluate the associated security risks, and describe practical controls to mitigate them.

Session Description

We will begin by defining the limitations of traditional AI and explaining how agentic systems differ in their ability to make decisions and take independent action. Real-world higher education use cases explored include IT operations, help desk automation, student services, and AI-generated academic materials like lecture outlines and study guides.

The session then pivots to emerging security risks — specifically prompt injection, where malicious instructions embedded in emails, documents, and web content can manipulate AI behavior. Attendees will work through a simulated scenario demonstrating how a prompt injection attack can lead to unintended actions or data exposure.

The session closes with a practical walkthrough of the 5-step procurement blueprint, integrating controls like least privilege access and human-in-the-loop validation to verify AI integrity using the HECVAT 4.0 AI Appendix.