Best Practices: Managing Generative AI Systems
What is Managing Generative AI Systems?
Generative AI technologies are increasingly being integrated into enterprise applications, development platforms, automation tools, assistants, and AI agents. These systems may access data, interact with connected services, and perform actions across multiple environments.
Departments deploying or managing AI-enabled systems should evaluate them using the same security, privacy, governance, and risk-management principles applied to other enterprise technologies.
Common Risks
| Category | Description | Key Controls (At a Glance) |
|---|---|---|
Sensitive Data Exposure | Data may be entered, processed, stored, logged, or retained by AI systems. | Apply risk classification requirements, minimize sensitive inputs, and review vendor protections. |
Data Integrity & Reliability | AI-generated outputs may be inaccurate, incomplete, or manipulated. | Validate inputs/outputs and require appropriate human review. |
Prompt Injection & Model Manipulation | Information may persist across sessions, users, tools, or integrations. | Limit retention, manage memory features, and enforce separation where appropriate. |
Context & Memory Leakage | Data persists across sessions or tools unintentionally. | Enforce isolation; limit context; manage memory. |
Agents, Connectors & Integrations | AI agents, connectors, APIs, and MCP servers may expand access to systems and data. | Review integrations, apply least privilege, and enable only approved capabilities. |
Privilege & Identity Misuse | Excessive permissions or exposed credentials may allow unauthorized access. | Implement least privilege, strong authentication, and credential management practices. |
Governance & Visibility | Unmanaged AI deployments can create compliance, operational, and privacy/security risks. | Maintain inventories, logging, ownership, and oversight processes |
Note:
The “Key Controls (At a Glance)” column is intended as a quick reference. Detailed expectations and implementation guidance are described in the Best Practices sections below.
General Best Practices
Documentation & Governance
- Maintain an inventory of AI-enabled systems, services, and integrations.
- Define ownership, approved use cases, and responsible administrators.
- Review new AI capabilities before enabling them.
- Reassess risks when systems, data sources, or integrations change.
Data Protection
- Apply Harvard data-classification requirements consistently.
- Treat prompts, outputs, logs, and retained context as organizational data.
- Review memory, retention, and training settings before deployment.
- Verify that vendor protections align with University requirements.
Identity & Access Management
- Use HarvardKey and approved authentication methods whenever possible.
- Apply least-privilege access controls.
- Restrict AI systems to only the resources necessary for their intended function.
- Store credentials and secrets in approved enterprise solutions.
Agents, Connectors & Automation
- Review AI agents, connectors, and integrations before deployment.
- Treat MCP servers and external connectors as third-party integrations requiring security review.
- Grant only the minimum permissions necessary.
- Require human approval for high-impact or sensitive actions whenever feasible.
Secure Development & Administration
- Review repository-level AI configuration files, agent instructions, and automation settings before use.
- Disable unnecessary automated execution features.
- Validate AI-generated code before deployment.
- Follow secure development and change-management practices.
Environment Isolation
- Run AI coding agents and automation tools in isolated environments when feasible.
- Limit access to sensitive systems, credentials, and administrative workstations.
- Separate development, testing, and production environments.
Logging, Monitoring & Testing
- Maintain appropriate logging of AI-enabled activities and administrative actions.
- Monitor for unusual behavior, excessive usage, or unexpected access patterns.
- Test AI-enabled systems for prompt injection and malicious content.
- Evaluate systems for misuse, manipulation, and unexpected behavior before production deployment.
Vendor Management
- Use approved vendors and services.
- Review contractual protections related to data use, retention, and model training.
- Understand enterprise versus consumer service boundaries.
- Establish off-boarding and data-deletion processes.