In the not-so-distant past, secure online exams promised to protect assessment security and academic integrity. But, with AI now built directly into operating systems, these formerly ‘secure’ platforms are increasingly vulnerable to architectural threats and widespread misconduct once again.
Tools like Microsoft Copilot and AI agents operate below the surface of locked down browsers, rendering traditional online proctoring tools less effective. When it comes to assessment, a key consideration is that you can more robustly protect when you disconnect – taking exams offline completely.
While institutions could return to pre-digital assessment methods to avoid
emerging trends in academic misconduct, that replaces one risk with a set of others – including human error, educator burnout, and grading inequity.
Fortunately, there is another way. A fully offline digital assessment platform provides the efficient grading tools and reliable data educators need to protect authentic student learning, as well as safeguard institutional reputation.
How do 'secure' online exams work?
The platforms behind so-called secure online exams create a ‘locked down’ exam environment. Here’s what they can do, and do well.
- Restrict system access: Ensure students can only access the exam paper - they can’t open Google or ChatGPT to answer the questions for them, for example.
- Verify identity: Use webcam and microphone to confirm the test taker is the registered student.
- Detect suspicious behavior: Track gaze, monitor keystrokes, and identify unusual composition patterns that may suggest misconduct.
- Protect exam content: Encrypt and control access to questions so they can’t be leaked in advance of the exam.
However, there’s a reason we’ve put ‘secure’ in inverted commas. The security of these assessment tools has been undermined by the emergence of OS-level AI, rendering these systems vulnerable – once again – to academic misconduct.
What is OS-level AI and how does it work?
OS-level AI is artificial intelligence that operates underneath the platforms that host ‘secure’ online exams. While online proctoring can stop students from accessing external AI tools, it can’t stop them using built-in AI. And today, built-in AI is everywhere. Think Microsoft CoPilot, Apple’s Siri, or Google’s Duet AI…
These work at the operating system level. Tools at the operating system level are difficult to turn off or control. In online exams, this creates a potential backdoor for students to access AI, even using a locked down browser. Tools like CoPilot can summarize a question and use AI to generate exam answers without opening another application, thereby evading detection by the exam platform.
Then there are AI agents. For especially determined students, an AI agent is any tool they can exploit to use AI within a secure environment. They’re as sneaky as the name suggests, meaning institutions may struggle to keep pace with what students are using.
For example, students can:
- Use a script to read text from the exam platform clipboard or screen
- Capture screenshots or keystrokes via a smartphone or smartwatch
- Hijack accessibility features – like screen reading – to feed questions to AI
- Surreptitiously receive answers from AI through audio, subtitles, or keystroke cues
AI agents operate outside the exam platform, and the proctoring tool can’t stop them unless it has system-level privileges, something that most institutions can’t allow for privacy and legal reasons. Put simply, OS-level AI is not easily stopped by online exam platforms.
Is there a simple way to think of OS-level AI in online exams?
Think of ‘secure’ online exams and OS-level AI like a ship on the sea.
- Your online exam platform is the ship. You can control everything that happens on board.
- The operating system is the sea (and any storm-weary sailor will tell you, you have no control over that).
If online exams were ever watertight, OS-level AI has punched a hole in the hull, exposing susceptible students to the siren call of AI exam misconduct once again.
A more secure approach to secure your ship and protect your students is to take it off the sea altogether. In other words, a fully offline exam model.
How does OS-level AI undermine so-called secure online exams?
‘Secure’ online exam platforms used to offer institutions protection against academic misconduct during assessments. But OS-level AI tools mean they’re now facing a critical vulnerability, because any online access gives students the very access they’re not supposed to have: AI during exams.
Now, simply having an internet connection becomes a security vulnerability. Any online assessment platform can feel like an endless game of whack-a-mole for institutions, no sooner quashing one threat than another pops up. First it was web browsers, then AI tools, now OS-level AI…
What is the impact of OS-level AI on student and institutional outcomes?
Like any academic misconduct, OS-level AI poses a significant risk to student and graduate outcomes, institutional reputation, and wider public trust.
Education leaders are worried about:
- Inaccurate assessment data compromising program evaluations.
- Graduating unqualified professionals into high-stakes roles.
- Risk to institutional reputation and degree value.
Educators are concerned by:
- Whether exam results reflect genuine student knowledge or AI assistance.
- Lack of confidence in the integrity of assessment data.
- Difficulty identifying and remediating learning gaps.
IT leaders are concerned about:
- The threat surface
- The perennial problem of support ticket volume during online exams due to network instability and dropped connections.
The online academic integrity threat is exhausting, endless, and resource-intensive for educators, administrators, and IT teams. But there is another way…
What is the alternative to online exams for more secure assessment?
It simply means conducting efficient digital assessments without an internet connection.
Now that ‘secure’ online exams are less safe against OS-level AI misconduct, schools and universities are considering new ways to protect outcomes and reputation. Given that the main threat comes from online access during exams, a fully offline exam model offers an effective alternative.
Thankfully, that doesn’t mean reverting to handwritten assessments and grading. Between growing class sizes and resource constraints, many institutions cannot realistically accommodate such a retrograde step.
An offline digital exam platform creates an ‘air gap’ that denies AI the three things it needs to bypass ‘secure’ online platforms: computation, connectivity, and content.
| What AI needs | How it gets it | How offline exams block it |
| Computation (the ability to ‘think’) | Built into the operating system (like CoPilot) or running as a local agent. | A stripped-down, secure operating system with no built-in AI or extra agents. |
| Connection between AI and exam platform | Internet or API access (an API can send a question to the cloud and receive an answer back). | No network or internet access – cloud-based AI can’t be accessed. |
| Access to exam content | AI reads the screen, keyboard, or clipboard, or the student feeds content to the AI agent. | Isolated exam window – AI can’t see or capture content, student can’t feed content to AI. |
ExamSoft by Turnitin offers institutions the ability to conduct fully offline digital exams, which protect both academic integrity and assessment efficiency.
What are the assessment security benefits of an offline exam model?
Institutions using offline exams will protect their reputation by securing high-stakes exams against AI threats, increasing confidence among potential students, professional bodies, and the public.
By closing the backdoor vulnerability that internet-reliant platforms create, universities mitigate the widespread risk of AI academic misconduct, from compromised graduate outcomes and damaged credibility, to costly and time-consuming investigations.
Not only that, leaders can ensure trustworthy and reliable assessment data to support program reviews and professional accreditation, as well as an equitable environment for student attainment and assessment. Plus, educators can be confident that exam data is a true reflection of student learning, provide targeted remediation for learning gaps, and guide appropriate AI use for learning.
Offline digital exams also reduce educators’ workload and AI fatigue. By removing the opportunity for students to use AI cheating tools, educators are freed from the burden of AI writing detection, without having to replace that workload with manual grading processes. (ExamSoft by Turnitin integrates with institutions’ assessment tools and LMS so that offline security is complemented by digitally efficient feedback and grading workflows.)
For IT leaders, offline digital assessment eliminates an entire class of integrity threats, drastically reduces support tickets associated with online exams, and provides a stable exam environment for all users.
Key takeaways – Disconnect exams to protect integrity
- ‘Secure’ online exam platforms face new security questions, thanks to OS-level AI
- Only offline exam platforms can protect against omnipresent AI online
- Secure offline exam platforms create an ‘air gap’ between assessments and AI
- This protects student outcomes, graduate quality, and institutional reputation
- ExamSoft by Turnitin provides secure offline assessment, grading tools, and LMS integration – for integrity and efficiency