The State is considering implementing Agentic Artificial Intelligence (AI) modules within the myAlaska application to enhance service delivery to users of the application as described below. The phases outlined below would be concurrent and should be addressed as separate items. The State intends to expand the application’s capabilities by adding: Phase 1: Desired Timeline – 120 days • Agentic AI modules within the myAlaska mobile application to enable: • Autonomous completion of multi-step government service transactions on behalf of users, based on user consent and preferences. • Proactive notifications, reminders, and personal recommendations for relevant state services. • Context-aware assistance, including dynamic form filling, document retrieval, and eligibility checks. • Adaptive learning from user interactions to improve future service delivery and support. • Agentic AI capabilities to select legacy digital services that interact with the mobile application by: • Enabling secure API-based communication between agentic AI modules and legacy systems. • Facilitating autonomous data exchange, workflow orchestration, and service fulfillment across disparate platforms. State of Alaska Department of Administration Office of Information Technology Issued: November 25, 2025 Page 2 of 4 • Supporting legacy service modernization through AI-driven automation, error handling, and exception management. • Security, Privacy, and Compliance updates: • Ensure agentic AI integration adheres to all applicable data protection, privacy, and regulatory requirements and best practices, including relevant National Institute of Standards and Technology (NIST) controls and risk management frameworks. • Implement robust audit trails, user consent management, and explainability features for AIdriven actions. • Maintain compatibility with existing identity management, authentication, and authorization frameworks (e.g., Azure B2C, Multi-Factor Authentication (MFA), biometric security). • Adversarial testing for misuse, hallucination, etc. • Incident response – describe how to detect, report, and respond to data breaches or misuse. • Provide a sandbox demonstration and test environment access if requested by the State. • Provide mechanisms for human oversight, override, and correction.
