AI governance is moving from policy statements to operational deployments—and campuses are reporting both demand and risk. Case Western Reserve University adopted Google Gemini for faculty, staff, and students after campus leaders said they needed a secure AI option that would not train on their data. Meanwhile, a separate Mercor report confirms a major data breach at an AI data startup that provides training data and works with major AI companies including OpenAI and Anthropic. The breach was linked to a supply chain compromise involving LiteLLM, affecting a wide set of customers. The combination of campus AI rollout choices and real-world vendor security incidents is raising the bar for higher education data privacy controls, vendor risk assessments, and incident readiness.