Skip to main content
To KTH's start page

AI agents: consider the risks and follow KTH's recommendations

Published Mar 24, 2026

Different types of AI agents are increasingly appearing and offer to simplify tasks by doing them for you. However, there are major risks with using agentic AI, such as information leakage, lack of transparency, and the tools being sensitive to external manipulation. KTH E-learning recommends great caution regarding agentic AI based on existing recommendations.

What are AI agents?

AI agents are a form of generative AI tools that can perform tasks as you in different systems with minimal oversight. To be able to perform these types of tasks, the AI ​​agent needs extensive access to your device. This is different from traditional generative AI tools (such as ChatGPT or Copilot), which provide answers to a prompt.

Agentic AI comes in many forms, both as standalone programs (web browsers, coding programs) and as add-ons to other programs.

Agentic AI at KTH

KTH E-learning recommends that students and employees exercise great caution regarding agentic AI. KTH does not have any procured agentic AI, which means that there is no service that has been confirmed to comply with KTH's requirements for security and compliance with GDPR.

AI agents are prohibited for administrators in Canvas due to the lack of control and the risk of information in the system being leaked.

KTH's terms and conditions applies

Some use of AI agents violates the KTH terms and conditions regarding the usage of computers, network, and system resources. All users accept the terms and conditions during account activation (students as well as employees). Read more about Rules for Computer, Network and System Facilities .

Specifically, the following points are relevant:

  • An account and through it allotted resources may only be used by authorized account holders.
  • Only in cases where it is clearly stated that materials may be disseminated is copying and distribution permitted.

The AI ​​recommendations apply

Agentic AI is covered by KTH's existing recommendations:

In particular, keep in mind that:

  • Human control (“human-in-the-loop”) is particularly difficult to achieve when using AI agents.
  • There is a high risk of violating GDPR and other laws and agreements when giving agentic AI access to the information on your computer.

The major problems with using agentic AI

A built-in problem with agentic AI is that you need to give it access to the systems you want it to use to perform your tasks for you. You give out more information than you might think, as the tool gets the same access to the systems as you. It is difficult to know what the agent uses in the systems.

Risk of information leaking to third parties

You share large amounts of information with the AI ​​agent, such as your logins and files. Student data, research data and internal documents can be exposed. Depending on the user agreement in the specific service, the data can be used to train the AI ​​or shared with third parties.

No control or transparency in execution

It can be difficult to understand what the AI ​​has done afterwards and how your prompt has been executed. Since agentic AI is generative, it is not possible to predict exactly what it will do and it can perform other tasks than what you have specified (hallucinate instructions).

Sensitive to external manipulation

Generative AI tools are sensitive to external manipulation, as they can interpret any text they read as instructions, known as “prompt injection”. If this happens, the AI ​​agent switches tasks to something that could exploit access to your computer. It is also possible to influence the AI ​​agent to behave in a certain way in the future.

News e-learning
Did you find this page useful?
Thank you for helping us!
Page responsible:e-learning@kth.se
Belongs to: KTH Intranet
Last changed: Mar 24, 2026