Overview

Generative AI is a type of artificial intelligence that can learn from and mimic large amounts of data to create content such as text, images, music, videos, code, and more, based on inputs or prompts. The University supports responsible experimentation with generative AI tools, but there are important considerations to keep in mind when using these tools, including information security and data privacy, compliance, copyright, and academic integrity. These guidelines are updated periodically. 

Protect confidential data

You should not enter data classified as confidential (Level 2 and above, including non-public research data, finance, HR, student records, medical information, etc.) into publicly-available generative AI tools, in accordance with the University’s Information Security Policy. Information shared with generative AI tools using default settings is not private and could expose proprietary or sensitive information to unauthorized parties.

Level 2 and above confidential data must only be entered into generative AI tools that have been assessed and approved for such use by Harvard’s Information Security and Data Privacy office. See below for more information about approved tools.

Review content before publishing or sharing

AI-generated content can be inaccurate, misleading, or entirely fabricated (sometimes called “hallucinations”) or may contain copyrighted material. You are responsible for any content that you publish or share that includes AI-generated material.

Adhere to local academic and administrative policies

Review your School or Unit’s local policies around the use of generative AI. Many Schools have developed or updated policies around the use of generative AI in the classroom. You can find links to local resources on the University’s generative AI website.

Faculty should be clear with students they’re teaching and advising about their policies on permitted uses, if any, of generative AI in classes and on academic work. Students are also encouraged to ask their instructors for clarification about these policies as needed.

Be alert for phishing

Generative AI has made it easier for malicious actors to create sophisticated phishing emails and “deepfakes” (i.e., video or audio intended to convincingly mimic a person’s voice or physical appearance without their consent) at a far greater scale. Continue to follow security best practices and report suspicious messages to phishing@harvard.edu.

Use approved tools for Harvard work

HUIT and School IT providers have procured a range of generative AI tools with important contractual protections for use in Harvard work. These include security and privacy protections that ensure the tools are appropriate for use with certain types of confidential data, and assurances that the data entered will not be used to train vendor models. 

• A list of available tools provided by HUIT can be found here. More tools may be available from your School IT provider.
• AI meeting assistants should not be used in Harvard meetings, with the exception of approved tools with contractual protections. Consult the AI Assistant Guidelines for more information and how to manage unwanted AI assistants in meetings.
• If you are considering procuring a generative AI tool not currently offered or have questions, please contact HUIT. All vendor generative AI tools must be assessed for risk by Harvard's Information Security and Data Privacy office prior to use in Harvard work.