Campus IT leaders are adopting AI risk frameworks as universities accelerate deployments across student services, research and operations. Higher‑education IT experts warn that many institutions lack visibility into where third‑party models run, what data they access, and who governs those systems — gaps that expose campuses to privacy, bias and compliance risks. A recent incident outside academia crystallizes the stakes: a developer using an autonomous AI agent mistakenly deleted a production database, illustrating how agentic tools can propagate catastrophic errors when safety checks are removed. Higher‑education CIOs tell boards they must prioritize inventorying AI use, enforcing human‑in‑the‑loop safeguards and updating incident response plans before agents are given autonomous privileges.