Block Personal Devices Granting AI Agents Access to Sensitive Systems
Staff using their own phones or computers to reach OFFICIAL: Sensitive or PROTECTED systems must not let unapproved AI agents in.
Plain language
If a staff member uses their own personal phone, tablet or home computer (rather than a work-issued one) to access systems or data classified as OFFICIAL: Sensitive or PROTECTED, they are not allowed to hand that access over to an unapproved artificial intelligence (AI) agent. An AI agent is software that can act on your behalf, such as an assistant or browser tool that reads and clicks through your accounts. This matters because connecting an unvetted AI tool to sensitive government information can quietly leak or misuse that data without anyone noticing.
Framework
ASD Information Security Manual (ISM)
Control effect
Preventative
Classifications
OS, P
ISM last updated
June 2026
Control Stack last updated
18 June 2026
E8 maturity levels
N/A
Guideline
Guidelines for enterprise mobilitySection
Enterprise MobilityOfficial control statement
Personnel using privately owned mobile devices or desktop computers to access OFFICIAL: Sensitive or PROTECTED systems or data are disallowed from granting access to unapproved artificial intelligence agents.
Why it matters
An unapproved AI agent connected from a personal device could quietly read, copy or misuse OFFICIAL: Sensitive or PROTECTED data, causing a serious breach of government information.
Operational notes
Keep the approved AI agent list and device-access rules under regular review, because new AI tools appear constantly and personal-device usage changes as staff and roles change.
Implementation tips
- The security manager should publish a written rule, signed off by management, stating that personal (bring-your-own) phones, tablets and computers used to reach OFFICIAL: Sensitive or PROTECTED systems must never connect or authorise an unapproved AI agent, and circulate it to all affected staff.
- The IT team should build and maintain an approved list of AI agents that are permitted to touch sensitive systems, and block all others by default so that any AI tool not on the list cannot be granted access from a personal device.
- The IT team should configure system access (for example through conditional access or device checks) so that connections from personal devices are detected, and so that unapproved AI agents attempting to log in or use saved credentials are refused.
- Line managers should brief every staff member who uses their own device for work on exactly what an AI agent is, give plain examples (such as AI browser assistants or chatbots that log into accounts), and have each person confirm in writing they understand they cannot connect one.
- The security manager should review access and AI-connection logs each month, follow up on any sign that a personal device tried to grant an unapproved AI agent access, and record what was found and what was done about it.
Audit / evidence tips
- Askthe written policy covering personal devices and AI agents Look atwhether it clearly names privately owned mobile devices and desktop computers, the OFFICIAL: Sensitive and PROTECTED classifications, and a ban on granting access to unapproved AI agents Goodis a dated, management-approved document that staff have acknowledged
- Askthe list of approved AI agents and how everything else is blocked Look atwhether there is a defined allow-list and a default-deny setting for any agent not on it Goodshows the list, who maintains it, and evidence that unlisted agents are actually refused
- Askhow the organisation detects when a personal device connects to sensitive systems Look atconditional access or device-identification settings and the rules that stop unapproved AI agents Gooddemonstrates the technical control working, not just an intention
- Askthe staff acknowledgement records Look atwhether people who use their own devices have been briefed on what an AI agent is and have signed to confirm they will not connect one Goodis a complete, current set of signed confirmations matching the list of bring-your-own-device users
- Askthe monitoring and follow-up records Look atthe access and AI-connection logs and any incidents where a personal device tried to grant an AI agent access Goodshows regular reviews, with flagged events investigated and resolved
Cross-framework mappings
How ISM-2095 relates to controls across ISO/IEC 27001, ISO/IEC 42001, Essential Eight, and ASD ISM.
ISO 27001
| Control | Notes | Details |
|---|---|---|
| layers Partially meets (4) expand_less | ||
| Annex A 5.10 | ISM-2095 requires personnel using privately owned devices to access sensitive/protected environments to not grant access to unapproved AI... | |
| Annex A 5.15 | ISM-2095 prohibits personnel using privately owned devices to access OFFICIAL: Sensitive or PROTECTED systems or data from granting acces... | |
| Annex A 5.18 | ISM-2095 requires that unapproved AI agents are not permitted access via privately-owned devices used to access OFFICIAL: Sensitive or PR... | |
| Annex A 8.3 | ISM-2095 restricts granting unapproved AI agents access to OFFICIAL: Sensitive or PROTECTED systems or data when accessed via privately-o... | |
These mappings show relationships between controls across frameworks. They do not imply full equivalence or certification.