Publicis Sapient Logo
v 2.0.20260401
Powered bySlingshot Logo
T&C|Privacy© 2026 Publicis Sapient

AI Studio – User Guidelines

Effective Date: January 19, 2026

These guidelines govern your use of AI Agentic Studio and any agents developed within it ("AI Studio Agents"). All usage must comply with these Guidelines and all applicable Publicis policies.

Do's

  • Use AI Studio for internal work only. Limit AI Studio Agents to prototype activities evaluating how it could help solve for client business problems or drive efficiencies.

  • Define scope and guardrails up front. State the approved purpose, what the agent can/can't do, and clear stop conditions; keep agents on a short leash (e.g., ≤10 steps or ≤15 minutes before human review).

  • Always keep a human in the loop. Require human oversight for key decisions, multistep flows and impactful actions (e.g., sending emails, updating systems, starting transactions); use "Agent suggests/human approves" patterns at key decision points.

  • Use only approved, secure connections. Connect via official, secure MCP servers and approved tools/connectors; keep access to the minimum necessary (least privilege). Choose specific folders/projects rather than broad access.

  • Build safety checks and controls. Apply rate limits and use sandboxes for testing. Include a "kill switch" and the ability to roll back actions once prototyping moves into Production use cases.

  • Test safely and ramp slowly. Use test/sanitized inputs, validate behavior in dry runs, and expand access/functionality in stages.

  • Log and monitor. Turn on auditable logging for all agent actions and tool uses; monitor tool calls, outputs, access patterns, and potential drift in real time.

  • Label and be transparent. Clearly identify AI-generated or AI-assisted outputs (legend, stamp, watermark, or similar disclosure).

  • Verify for accuracy and compliance. Review outputs for correctness and adherence to company rules, policies and content review processes.

  • Protect company confidential information. Minimize/redact confidential data and keep all work and data (including derived/output data) within company-controlled systems.

  • Document ownership and scope. Document the agent builder, purpose, integrated tools, and data sources before go-live.

  • Escalate and report incidents. If you see prohibited access, unexpected actions, hallucinations, bias, or security risks: stop the agent (kill switch), capture evidence, roll back if possible, and report promptly to reportincident@publicisgroupe.com

  • Shut down when done. Decommission agents that are no longer needed and remove extra permissions/integrations.

  • Know and follow the Groupe's Janus AI policy.

Don'ts

  • Don't build for client use yet. Agents are not permitted to access Client environments or Client data without proper discussion within the account team on use case and potential commercial model, as well as notification to client.

  • Don't enable tools or broad access by default. Avoid "pointing the agent at everything"; only enable what's necessary and controlled.

  • Don't allow scope creep or self-escalation. No multiagent patterns that add tools, expand data access, or elevate privileges on their own.

  • Don't permit external or high-risk actions or decisions. Do not permit Agents to send external communications, change systems of record, initiate transactions, or make decisions related to employment, legal determinations, credit/eligibility, or safety-critical tasks without a human-in-the-loop.

  • Don't bypass security or misuse the platform. Never disable safeguards such as logging, monitoring, access controls, rate limits, or safety filters. Don't tamper, reverse-engineer, or modify AI Studio tools, and do not scrape or extract data using unapproved methods.

  • Don't store secrets in prompts or memory. No passwords, API keys, or tokens in prompts or agent memory.

  • Don't call external tools/APIs with company data without approval. Keep data flows within approved, controlled channels.