AI Governance Glossary

The framework of policies, processes, and controls that guide the responsible development, deployment, and use of AI systems within an organization.

A formal organizational policy defining the rules, guidelines, and boundaries for employee use of AI tools and services.

The systematic process of identifying, assessing, mitigating, and monitoring risks associated with the development, deployment, and use of AI systems.

The principles and values guiding the responsible development, deployment, and use of AI systems to ensure fairness, transparency, accountability, and human welfare.

Systematic errors in AI systems that produce unfair outcomes, typically reflecting historical prejudices in training data or flawed algorithmic design.

The principle that AI systems should be understandable, with their decision-making processes, data usage, and limitations clearly communicated to stakeholders.

The practice of protecting AI systems, models, and data from threats, vulnerabilities, and attacks throughout the AI lifecycle.

The practice of adversarial testing where security experts attempt to find vulnerabilities, biases, and failure modes in AI systems.

When an AI model generates output that is factually incorrect, fabricated, or nonsensical, presented with the same confidence as accurate information.

The practice of ensuring an organization's AI systems and usage adhere to applicable laws, regulations, industry standards, and internal policies.

The ability to monitor, measure, and understand the behavior, performance, and usage of AI systems across an organization in real time.

The practice of identifying, assessing, and mitigating security risks across the entire chain of components, services, and vendors that make up an organization's AI ecosystem.

The policies and mechanisms that determine which users, roles, and systems can access, use, or manage AI tools and the data they process.

A chronological record of all AI-related activities, decisions, and data flows within an organization, maintained for compliance, security, and accountability purposes.

The protection of personal and sensitive data throughout AI system lifecycles, from training data collection to inference and output generation.

The process of identifying and cataloging all AI tools, services, and models being used across an organization, including unauthorized or unknown usage.

The structured process for detecting, investigating, containing, and recovering from security incidents involving AI systems or AI-related data breaches.

An AI-powered assistant embedded in software applications that helps users complete tasks by providing suggestions, automating workflows, and generating content.

A standardized document that provides essential information about an AI model including its intended use, performance characteristics, limitations, and ethical considerations.

The requirement that data processed by AI systems remains within specific geographic or jurisdictional boundaries to comply with data sovereignty laws.

The basic unit of text that AI language models process, typically representing a word, subword, or character, used to measure input/output length and pricing.

A structured process for identifying, categorizing, and prioritizing potential security threats specific to AI systems and their deployment environments.

The practice of simulating real-world attacks against AI systems to identify exploitable vulnerabilities in models, APIs, and data pipelines.

A comprehensive inventory of all components, data sources, models, libraries, and dependencies that make up an AI system, enabling transparency and supply chain security.

The process of monitoring AI models for changes in data patterns, model performance, or output quality over time that may degrade accuracy or introduce new risks.

The practice of isolating AI tools and experiments in controlled environments to test their behavior, security, and compliance before broader organizational deployment.

A cross-functional governance body responsible for overseeing the ethical development, deployment, and use of AI systems within an organization.

A field of study focused on understanding and defending against attacks that manipulate AI systems through malicious inputs, poisoned data, or model exploitation.

The unauthorized extraction, replication, or stealing of proprietary AI models through API queries, insider access, or reverse engineering techniques.

The ongoing, automated surveillance of AI systems to detect performance degradation, security threats, policy violations, and compliance issues in real time.

The unintentional exposure of sensitive, confidential, or regulated data through interactions with AI tools and services.

The process of categorizing data based on its sensitivity level to determine appropriate handling, protection, and AI usage rules.

Security technology and processes that detect and prevent the unauthorized transfer of sensitive data, including through AI tools and services.

A mathematical framework that provides measurable privacy guarantees by adding controlled noise to data or computations, preventing identification of individuals in datasets.

An attack on AI systems where adversaries deliberately corrupt training data to manipulate model behavior, introduce backdoors, or degrade performance.

The European Union's comprehensive regulatory framework for artificial intelligence, establishing risk-based rules for AI development and deployment.

AI systems and techniques designed to make artificial intelligence decisions understandable and interpretable by humans, enabling trust and accountability.

A machine learning approach where models are trained across multiple decentralized devices or servers without sharing raw data, preserving privacy.

AI systems capable of creating new content — text, images, code, audio, or video — based on patterns learned from training data.

The international standard for AI Management Systems, providing a framework for organizations to manage AI responsibly throughout its lifecycle.

A type of AI model trained on vast text datasets that can understand and generate human-like text, powering tools like ChatGPT, Claude, and Gemini.

The set of policies, processes, and controls for managing the lifecycle of AI and machine learning models from development through deployment and retirement.

Techniques for embedding hidden, identifiable markers into AI models or their outputs to prove ownership, detect unauthorized use, or trace content provenance.

A voluntary framework published by the National Institute of Standards and Technology providing guidelines for managing risks in AI systems.

An attack technique where malicious instructions are inserted into AI prompts to manipulate the model's behavior or extract sensitive information.

An approach to AI development and deployment that prioritizes ethical principles, societal benefit, and risk mitigation throughout the AI lifecycle.

An AI architecture that enhances language model outputs by retrieving and incorporating relevant information from external knowledge sources before generating responses.

The use of AI tools and services by employees without the knowledge, approval, or oversight of IT and security teams.

The use of IT systems, software, and services within an organization without explicit approval from the IT department.

The application of zero trust security principles to AI systems, requiring continuous verification of every user, device, and data flow interacting with AI tools.