AI Governance Terms, Explained

An AI system that can autonomously perform tasks, make decisions, and interact with external tools and services.

A chronological record of all AI-related decisions, reviews, approvals, and policy changes within an organization.

A detailed inventory of all components, data sources, and dependencies within an AI system.

A centralized inventory of all AI tools evaluated, approved, or in use within an organization.

Meeting regulatory and standards requirements related to the use of AI within an organization.

The policies, processes, and controls an organization uses to manage AI adoption and risk.

A complete accounting of all AI systems, tools, and features deployed or in use across an enterprise.

A framework for assessing how advanced an organization's AI governance program is across key dimensions.

A formal document defining an organization's rules, guidelines, and expectations for AI tool usage.

The practice of identifying, assessing, and mitigating risks associated with AI systems and tools.

Continuous discovery and risk assessment of all AI assets, tools, and integrations across an organization.

The rapid, uncontrolled proliferation of AI tools, features, and agents across an organization.

The ability to explain how AI systems work, what data they use, and how decisions are made.

Systematic errors in AI outputs that create unfair outcomes for certain groups of people.

The management of data availability, usability, integrity, and security — especially critical when data flows through AI tools.

AI features built into existing SaaS tools that activate without a separate purchase or adoption decision.

The European Union's comprehensive regulation governing the development and use of AI systems.

The process of training a pre-existing AI model on specialized data to improve its performance for a specific task.

A large AI model trained on broad data that serves as the base for many downstream applications and tools.

Technical controls that constrain AI behavior to prevent unsafe, unauthorized, or non-compliant outputs and actions.

When an AI model generates output that sounds plausible but is factually incorrect or fabricated.

A system design where human judgment is required at critical decision points in an AI workflow.

The international standard for establishing an AI management system within an organization.

An AI model trained on vast text data that can understand and generate human language.

An open protocol that lets AI agents connect to external tools, data sources, and services in a standardized way.

A change in an AI model's behavior or performance over time, often without explicit notification.

A voluntary US framework providing structure for identifying, assessing, and managing AI-related risks.

An attack where malicious input manipulates an AI model into ignoring its instructions or producing unintended outputs.

An approach to AI development and deployment that prioritizes fairness, transparency, accountability, and safety.

A technique that combines AI text generation with real-time information retrieval from a knowledge base.

AI tools adopted by employees without security team review or approval.

The process of evaluating an AI tool vendor's security, privacy, and compliance practices before approving the tool for use.

An AI model's ability to perform a task it wasn't explicitly trained on, using only a natural language description.