AI Governance you own this product

Secure, privacy-preserving, ethical systems

Engin Bozdag and Stefano Bennati

MEAP began November 2025
Last updated November 2025
Publication in Spring 2026 (estimated)

ISBN 9781633436817
225 pages (estimated)

Included with a Manning Online subscription

printed in black & white

table of content

1 Governing Generative AI

1.1 Why Governance, Risk and Compliance (GRC) for GenAI Matters Now?

1.2 GRC for AI: More Than a Compliance Checklist

1.3 A Mental Model for GenAI GRC

1.4 Challenges in Practice: Illustrative Scenarios

1.5 Tools and Practices You’ll Need

1.6 Conclusion: Motivation and Map for What’s Ahead

2 Adoption Models for GenAI

2.1 SaaS or Application Consumers

2.2 API Integrators

2.2.1 Organization-Controlled Zone: Enhanced Customization and Governance

2.2.2 Vendor-Controlled Zone: Stability and Reliability

2.2.3 Governance and Risk Management Opportunities

2.2.4 Achieving Effective Governance for an API Integrator

2.3 Model Hosters

2.3.1 Architecture Overview: What’s Inside the Controlled Zone

2.3.2 Governance and Risk Management Opportunities

2.3.3 Achieving Effective Governance for a Model Hoster

2.4 Risk dimensions across deployment postures

2.5 Agentic AI

2.5.1 What Does “Agentic” Mean?

2.5.2 Common properties of Agentic AI

2.5.3 Why Agentic AI is still experimental

2.6 MediAssist: A case study in AI governance

2.7 Summary

3 The Six-Level GenAI Governance Framework

3.1 Practical Responsible AI Governance: Recap

3.2 Strategy & Policy (Level 1)

3.2.1 Key artifacts

3.2.2 Key Metrics

3.2.3 Common Failures

3.2.4 MediAssist at Level 1

3.3 Risk & Impact Assessment (Level 2)

3.3.1 Key artifacts

3.3.2 Key Metrics

3.3.3 Common Failures

3.3.4 MediAssist at Level 2

3.4 Implementation Review (Level 3)

3.4.1 Key Artifacts

3.4.2 Key metrics

3.4.3 Common Failures

3.4.4 MediAssist at Level 3

3.5 Acceptance Testing (Level 4)

3.5.1 Key artifacts

3.5.2 Key Metrics

3.5.3 Common Failures

3.5.4 MediAssist at Level 4

3.6 Operations & Monitoring (Level 5)

3.6.1 Key artifacts

3.6.2 Key Metrics

3.6.3 Common Failures

3.6.4 MediAssist at Level 5

3.7 Learning & Improvement (Level 6)

3.7.1 Key Artifacts

3.7.2 Key Metrics

3.7.3 Common Failures

3.7.4 MediAssist in Level 6

3.8 Maturity Levels Across the 6L-G Model

3.9 Summary

4 Securing GenAI

4.1 Real-World Scenarios

4.1.1 Why is Classical Security not enough?

4.2 SaaS Consumers

4.2.1 SaaS Consumer Threats

4.2.2 GenAI SaaS Provider threats

4.2.3 Reflection and Moving Forward

4.3 API Integrators

4.3.1 API Integrator threats

4.3.2 API Provider threats

4.4 Model Hosters

4.4.1 Model Artifacts & Provenance

4.4.2 Tuning & behavior drift

4.4.3 Serving & runtime surface

4.4.4 Access, misuse & theft

4.5 Summary

5 Privacy

5.1 Collection and Purpose

5.1.1 No Valid Legal Basis

5.1.2 Overcollection

5.1.3 Vendor’s Inappropriate Use of Organizational Data

5.2 Storage and Memorization

5.2.1 Memorization and Membership Inference

5.2.2 Insufficient deletion of embeddings

5.2.3 Insufficient Deletion of (Meta)data

5.3 Output Integrity

5.3.1 Hallucinations and Defamations

5.3.2 Overreliance and Automated Decision Making

5.4 User Rights & Governance

5.4.1 Making models forget and correct

5.4.2 Data Subject Access Requests (DSAR)

5.4.3 Transparency

5.5 Adoption Models: Where to Focus

5.5.1 SaaS consumers

5.5.2 API integrators

5.5.3 Model hosters

5.5.4 Top risks

5.5.5 What counts as evidence?

5.6 Summary

6 Ethical and trustworthy AI

7 Regulatory landscape

8 The road ahead

Appendix

Appendix A: A quick intro to Generative AI

Overview

1 Governing Generative AI

Generative AI is being adopted at unprecedented speed across industries, offering powerful capabilities while introducing fast-moving, hard-to-predict risks. High-profile failures—from hallucinated legal citations to exploitable “memories,” leaked datasets, deepfakes, and data breaches—show that traditional software controls and patch cycles are not enough. Because GenAI blends software-like exploitability with human-like susceptibility to manipulation, errors can scale instantly, blur accountability across vendors and integrators, and collide with evolving legal obligations on privacy, safety, and fairness. The result is a clear mandate: organizations need rigorous, purpose-built governance, risk, and compliance (GRC) for GenAI to protect people, trust, and business continuity.

This chapter bridges principles and practice by introducing a lifecycle-based framework that integrates risk, compliance, privacy, and security from idea to decommissioning. The six-level governance (6L-G) model—Strategy & Policy, Risk & Impact Assessment, Implementation Review, Acceptance Testing, Operations & Monitoring, and Learning & Improvement—turns abstract values into concrete checkpoints with shared accountability across the AI supply chain. It emphasizes proportional, adaptive controls; continuous testing and monitoring; red-teaming and bias evaluation; robust documentation and logging; and clear go/no-go gates tied to risk appetite. Rather than a box-ticking exercise, GRC becomes the enabler that lets teams innovate quickly without courting avoidable harm.

Practical challenges covered include prompt injection and jailbreaks, data poisoning and model extraction, privacy exposures from model memorization and the difficulty of “unlearning,” and biased outcomes that trigger legal and ethical consequences. The chapter surveys controls and tools aligned to each lifecycle stage—impact assessments, threat modeling, AI firewalls and output filters, secure data pipelines, customer-managed encryption keys, audit-ready logs, drift detection, and incident playbooks—illustrated through realistic scenarios in finance, healthcare, and consumer apps. The takeaway is straightforward: unchecked GenAI invites preventable crises, while disciplined, lifecycle-driven GRC reduces risk, satisfies regulatory pressures, and builds the trust needed for durable, scalable AI-enabled value.

Generative models such as ChatGPT can often produce highly recognizable versions of famous artwork like the Mona Lisa. While this seems harmless, it illustrates the model's capacity to memorize and reconstruct images from its training data; a capability that becomes a serious privacy risk when the training data includes personal photographs.

Trust in AI: experts vs general population. Source: Pew Research Center[46].

Classic GRC compared with AI GRC and GenAI GRC

Six Levels of Generative AI Governance. Chapter 2 will expand into what control tasks attach to each checkpoint.

Conclusion: Motivation and Map for What’s Ahead

By now, you should be convinced that governing AI is both critically important and uniquely challenging. We stand at a moment in time where AI technologies are advancing faster than the governance surrounding them. There’s an urgency to act: to put frameworks in place before more incidents occur and before regulators force our hand in ways we might not anticipate. But there’s also an opportunity: organizations that get GenAI GRC right will enjoy more sustainable innovation and public trust, turning responsible AI into a strength rather than a checkbox.

In this opening chapter, we reframed GRC for generative AI not as a dry compliance exercise, but as an active, risk-informed, ongoing discipline. We introduced a structured governance model that spans the AI lifecycle and multiple layers of risk, making sure critical issues aren’t missed. We examined real (and realistic) examples of AI pitfalls: from hallucinations and prompt injections to model theft and data deletion dilemmas. We have also provided a teaser of the tools and practices that can address those challenges, giving you a sense that yes, this is manageable with the right approach.

As you proceed through this book, each chapter will dive deeper into specific aspects of AI GRC using case studies. We’ll tackle topics like establishing a GenAI Governance program (Chapter 2). We will then address different risk areas such as security & privacy (Chapter 3) and trustworthiness (Chapter 4). We’ll also devote time to regulatory landscapes, helping you stay ahead of laws like the EU AI Act, and to emerging standards (you’ll hear more about ISO 42001, NIST, and others). Along the way, we will keep the tone practical – this is about what you can do, starting now, in your organization or projects, to make AI safer and more reliable.

By the end of this book, you'll be equipped to:

Clearly understand and anticipate GenAI-related risks.
Implement structured, proactive governance frameworks.
Confidently navigate emerging regulatory landscapes.
Foster innovation within a secure and ethically sound AI governance framework.

Before we move on, take a moment to reflect on your own context. Perhaps you are a product manager eager to deploy AI and thinking about how the concepts here might change your planning. Or you might be an executive worried about AI risks and consider where your organization has gaps in this new form of governance. Maybe you are a compliance professional or lawyer and ponder how a company’s internal GRC efforts could meet or fall short of your expectations. Wherever you stand, the concepts in this book aim to bridge the gap between AI’s promise and its risks, giving you the knowledge to maximize the former and mitigate the latter. By embracing effective AI governance now, you not only mitigate risks. You position your organization to lead responsibly in the AI era.

FAQ

Why is Governance, Risk, and Compliance (GRC) for Generative AI urgent now?

GenAI is being adopted at unprecedented speed and across critical domains, while incidents (hallucinated legal citations, prompt-injection exploits, data leaks) are rising. Unlike traditional software bugs, GenAI failures can be hard to detect, propagate instantly, and play out publicly. Effective GRC reduces the likelihood and impact of these failures so organizations can innovate with confidence.

How does GenAI differ from traditional software and human operators from a governance perspective?

GenAI blends the vulnerabilities of both: it is exploitable via crafted inputs (like software) and is context-sensitive and fallible (like humans). Compared to classic IT, remediation is harder, behavior is probabilistic, failure attribution is opaque, and controls must extend beyond pre-release tests to continuous, post-launch monitoring and guardrails.

What are the main GenAI risks highlighted in this chapter?

- Hallucinations and misinformation at scale
- Prompt injection, jailbreaks, and adversarial inputs (including image-based attacks)
- Supply-chain and infrastructure risks (data leaks, weak runtime protections)
- Model extraction via API queries (IP theft and safety bypass rehearsal)
- Privacy harms (memorization, reidentification, hard-to-erase training influence)
- Bias, fairness, and discrimination leading to legal and reputational exposure

What is the six-level GenAI Governance (6L-G) model?

The 6L-G model is a lifecycle framework: (1) Strategy & Policy (principles, roles, oversight), (2) Risk & Impact Assessment (classify risks, legal obligations, go/no-go), (3) Implementation Review (threat modeling, privacy-by-design, architecture controls), (4) Acceptance Testing (safety, bias, security, performance validation), (5) Operations & Monitoring (runtime guardrails, drift and anomaly detection, incident response, decommissioning), (6) Learning & Improvement (feedback loops, KPIs, policy updates).

How can organizations mitigate hallucinations and inaccurate outputs?

- Use retrieval grounding to cite authoritative sources
- Add confidence scoring and surface uncertainty to users
- Apply selective human review for high-risk actions or decisions
- Enforce usage rules and disclaimers aligned to context (e.g., regulated domains)
- Red-team edge cases before launch; monitor and retrain based on real-world failures

What security threats are specific to GenAI and how do we defend against them?

- Prompt injection and jailbreaks: apply AI firewalls, adversarial prompt suites, and strict tool/agent permissions
- Model extraction: monitor API patterns, watermark/perturb outputs where feasible, rate-limit and detect anomalies
- Data poisoning/model inversion: curate and track data lineage, test with adversarial toolkits, restrict sensitive outputs
- Runtime exploits: log I/O comprehensively, isolate microservices, and continuously red-team

Which regulatory and legal pressures shape GenAI governance?

The EU AI Act regulates high-risk use cases and general-purpose models; U.S. enforcement relies on sectoral and cross-cutting laws (e.g., FTC, FDA, CFPB) plus state privacy statutes. Contracts increasingly pass obligations downstream. Misleading claims, unsafe deployments, or unlawful data use can trigger investigations, fines, or forced model remediation.

How should teams handle privacy, memorization, and the “right to be forgotten” in GenAI?

Because models can memorize data, deleting its influence is hard and may require retraining. Plan for erasure across the lifecycle: minimize and pseudonymize inputs, version models for selective retrain, test for membership inference, blacklist embeddings, and document completion. Build processes to evaluate scope, execute deletion, verify outcomes, and prevent reintroduction.

How can smaller organizations implement GRC without stifling innovation?

Apply proportionality. Embed essentials into existing workflows: simple AI usage policies, a lightweight impact assessment, a monthly cross-functional review, basic logging and output scanning, and targeted red teaming for high-risk features. Start with the riskiest use cases, then scale maturity as adoption grows.

What tools and practices support GenAI governance across the lifecycle?

- Procedural: Responsible AI charters, impact templates, threat modeling, go/no-go criteria, incident playbooks
- Technical: AI firewalls, model/system cards, CMEK, red-team toolkits (e.g., Promptfoo, Garak, PyRIT, ART), output scanners, drift dashboards, MLflow tracking
- Organizational: cross-functional committees, accountability mapping, external expert reviews, post-incident learning and KPI-driven improvements

pro $24.99 per month

access to all Manning books, MEAPs, liveVideos, liveProjects, and audiobooks!
choose one free eBook per month to keep
exclusive 50% discount on all purchases
renews monthly, pause or cancel renewal anytime

lite $19.99 per month

access to all Manning books, including MEAPs!

team

5, 10 or 20 seats+ for your team - learn more

Introductory offer
Save 50% for a limited time!

eBook

pdf, ePub, online

$47.99 $23.99

you save $24.00 (50%)

pro $24.99 per month

access to all Manning books, MEAPs, liveVideos, liveProjects, and audiobooks!
choose one free eBook per month to keep
exclusive 50% discount on all purchases
renews monthly, pause or cancel renewal anytime

lite $19.99 per month

access to all Manning books, including MEAPs!

team

5, 10 or 20 seats+ for your team - learn more

Introductory offer
Save 50% for a limited time!

eBook

$47.99 $23.99

you save $24.00 (50%)

Introductory offer
Save 50% for a limited time!

eBook

pdf, ePub, online

$47.99 $23.99

you save $24.00 (50%)

pro $24.99 per month

access to all Manning books, MEAPs, liveVideos, liveProjects, and audiobooks!
choose one free eBook per month to keep
exclusive 50% discount on all purchases
renews monthly, pause or cancel renewal anytime

lite $19.99 per month

access to all Manning books, including MEAPs!

team

5, 10 or 20 seats+ for your team - learn more