Microsoft Copilot is a free AI that you may encounter when using the Bing search engine, Edge browser, and when logging into office.com or copilot.microsoft.com. This Copilot does not have access to any data other than what you may prompt it with and web data that is freely available to anyone with internet access.

You should exercise great caution when working with chat-based AIs like Microsoft Copilot. You should only enter data with classification 0.

(x) Exceptionally, you can also use classification 1 (but NOT personal data) if you are logged into copilot.microsoft.com or office.com with your AAU login and see the green ‘Protected’ badge.

Copilot Pro, like Copilot for Microsoft 365, is a subscription-based AI, but this is aimed at private users and therefore cannot be used on your Microsoft licence from AAU.

If you have this type of Copilot, you should be aware of whether you process and store AAU data on your personal devices, as this Copilot version is only approved for classification 0.

Copilot for Microsoft 365 is a subscription-based AI that is only available in the enterprise version of Microsoft 365. Copilot for Microsoft 365 operates across organisation-specific data, such as that found in your calendar, emails, documents, contacts and more.

Very few people have test access to this version of Copilot at AAU yet - and you have been notified if you have access.

This version of Copilot has access to everything in your OneDrive, Outlook and Teams, but will not access files on a shared drive or in WorkZone, for example - unless you actively ask it to. Copilot for Microsoft 365 does not have access to search anything other than what you have stored in Microsoft 365. However, be aware that if you open a file from WorkZone or a shared drive in a Microsoft 365 product such as the Word app, Copilot will be able to read data while you have the document open in the app.

Copilot for Microsoft 365 is not approved to handle classification 2 and 3 data, so you should pay special attention to where you store your confidential and sensitive information.

ChatGPT is a free web-based tool that allows users to ask questions and get answers instantly in a chat format. ChatGPT stores and learns from the data that its users feed it, which is why users should exercise great caution when using ChatGPT.

This means that you should only enter data with classification 0.

Google Gemini, formerly known as Bard, is Google's answer to a web-based chatbot. There is both a free version and versions with extended functionality that can be accessed for a fee. Like ChatGPT, Google Gemini learns from its users' input and stores all data entered.

This means that you should be very careful if you use Google Gemini in your work and should only enter data with classification 0.

Claude AI is a chatbot like ChatGPT and Google Gemini, running on the same technology as the other two products. The tool is created by the American company Anthropic. Claude AI is divided into two levels; a free version with a daily usage limit and a pro version with no restrictions for a fee. Unlike the aforementioned chatbots, Claude AI does not use your prompts for training unless you give them permission or the content is sent for review.

Despite this, you should exercise caution when using Claude AI and only enter data with classification 0.

There is also the option to download already built and fully functional models from the internet and run them on your own PC. There are no guidelines for their use nor any systematic control yet, so you should pay special attention to what data these AI assistants will have access to if you use them.

By default, you should only enter data with classification 0 in your self-hosted AI assistant.

(x) However, your AI assistant may also be approved for classification 1, 2 and 3 - contact IT Security via the service portal for an assessment of your AI solution.

There are several self-built AIs at AAU. As there are no guidelines for the construction or use of self-built AI assistants or systematic control in this area, you should pay special attention to what data you give your AI assistant access to.

You should therefore only enter data with classification 0.

(x) However, your self-built AI assistant may also be approved for classifications 1, 2 and 3 - contact IT Security via the service portal to have your AI solution assessed.