What should an AI acceptable-use policy include for employees and agents?

An AI acceptable-use policy should define permitted and prohibited uses of AI/agent systems, outline human oversight expectations, and specify how humans can override AI decisions and the boundaries of agent autonomy.

Specifically, the policy should include:

• Permitted Use Cases and Prohibited Uses: Clearly define what employees and agents are allowed and not allowed to do with AI systems.
• Human Oversight Expectations: Establish guidelines for human involvement in AI operations, including when and how humans should monitor, intervene, and make decisions.
• Override Authority: Detail the procedures and conditions under which humans can override AI system decisions or actions.
• Boundary of Agent Autonomy: Define the limits of an agent's independent operation, addressing risks like excessive agency (OWASP LLM06/LLM08).
• Roles and Responsibilities: Assign clear roles and responsibilities for AI risk management, including a named risk owner for each deployed AI/agent system (NIST-GOVERN-2.1).
• Intent-Aware Authorization: Implement authorization policies that consider the "purpose" or "intent" of an agent's actions, rather than just static roles, to prevent privilege drift and ensure actions align with legitimate use cases. This helps manage risks like data exposure and compliance violations.
• Data Handling and Memory Management: Address how agents handle sensitive data, including memory retention rules, redaction workflows, and review gates for memory promotion to mitigate threats like memory poisoning and sensitive data retention (MAESTRO Layer 2).
• Tool Usage and Delegation: Define policies for tool access, least-privilege tools per specialist, strict delegation schemas, and explicit tool approvals for sensitive actions to prevent workflow hijacking and tool misuse (MAESTRO Layer 3, 4).
• Security and Compliance: Incorporate controls for data classification, role-based access controls, and compliance review of rubrics, along with explicit human approval for irreversible or regulated actions (MAESTRO Layer 6).
• Agent Ecosystem Management: Establish policies for authenticated agent rosters, version-pinned agents, signed tool definitions, and deny-by-default access to external systems to mitigate threats like agent impersonation and malicious specialist agents (MAESTRO Layer 7).