(Updated) Extending AI in SharePoint using custom skills

🚨 The Signal: SharePoint AI will allow users to create custom, multi-step AI skills using natural language. This enables tailored AI automation for document review and other business tasks, increasing AI utility but also the potential for data misuse.

The Impact

SharePoint site owners and users with edit permissions are affected, facing risks of data exposure, compliance breaches, and unintended AI actions if not properly governed.

• SharePoint site owners: Risk of misconfigured AI skills leading to data exposure.
• Users with edit permissions: Risk of creating skills that inadvertently bypass compliance or security policies.
• Security teams: Increased complexity in monitoring and auditing AI-driven data interactions.
• Compliance officers: New challenges in ensuring AI skill usage aligns with regulatory requirements.

The Action

1. Review and update existing SharePoint governance policies to include guidelines for AI skill creation and usage.
2. Establish a clear approval process for custom AI skills, especially those handling sensitive data.
3. Implement data loss prevention (DLP) policies to monitor and restrict AI skill interactions with sensitive information.
4. Educate users and site owners on responsible AI skill development and potential security implications.
5. Regularly audit AI skill usage and outputs for compliance with organizational policies and regulatory requirements.

Domain: Agentic-AI · Impact: high · Workload: SharePoint