AI Governance you own this product

Secure, privacy-preserving, ethical systems

Engin Bozdag and Stefano Bennati

MEAP began November 2025
Last updated November 2025
Publication in Summer 2026 (estimated)

ISBN 9781633436817
225 pages (estimated)

Included with a Manning Online subscription

printed in black & white

catalog / Data Science / Deep Learning / Generative AI

resources: Book forum

table of content

1 Governing Generative AI

1.1 Why Governance, Risk and Compliance (GRC) for GenAI Matters Now?

1.2 GRC for AI: More Than a Compliance Checklist

1.3 A Mental Model for GenAI GRC

1.4 Challenges in Practice: Illustrative Scenarios

1.5 Tools and Practices You’ll Need

1.6 Conclusion: Motivation and Map for What’s Ahead

2 Adoption Models for GenAI

2.1 SaaS or Application Consumers

2.2 API Integrators

2.2.1 Organization-Controlled Zone: Enhanced Customization and Governance

2.2.2 Vendor-Controlled Zone: Stability and Reliability

2.2.3 Governance and Risk Management Opportunities

2.2.4 Achieving Effective Governance for an API Integrator

2.3 Model Hosters

2.3.1 Architecture Overview: What’s Inside the Controlled Zone

2.3.2 Governance and Risk Management Opportunities

2.3.3 Achieving Effective Governance for a Model Hoster

2.4 Risk dimensions across deployment postures

2.5 Agentic AI

2.5.1 What Does “Agentic” Mean?

2.5.2 Common properties of Agentic AI

2.5.3 Why Agentic AI is still experimental

2.6 MediAssist: A case study in AI governance

2.7 Summary

3 The Six-Level GenAI Governance Framework

3.1 Practical Responsible AI Governance: Recap

3.2 Strategy & Policy (Level 1)

3.2.1 Key artifacts

3.2.2 Key Metrics

3.2.3 Common Failures

3.2.4 MediAssist at Level 1

3.3 Risk & Impact Assessment (Level 2)

3.3.1 Key artifacts

3.3.2 Key Metrics

3.3.3 Common Failures

3.3.4 MediAssist at Level 2

3.4 Implementation Review (Level 3)

3.4.1 Key Artifacts

3.4.2 Key metrics

3.4.3 Common Failures

3.4.4 MediAssist at Level 3

3.5 Acceptance Testing (Level 4)

3.5.1 Key artifacts

3.5.2 Key Metrics

3.5.3 Common Failures

3.5.4 MediAssist at Level 4

3.6 Operations & Monitoring (Level 5)

3.6.1 Key artifacts

3.6.2 Key Metrics

3.6.3 Common Failures

3.6.4 MediAssist at Level 5

3.7 Learning & Improvement (Level 6)

3.7.1 Key Artifacts

3.7.2 Key Metrics

3.7.3 Common Failures

3.7.4 MediAssist in Level 6

3.8 Maturity Levels Across the 6L-G Model

3.9 Summary

4 Securing GenAI

4.1 Real-World Scenarios

4.1.1 Why is Classical Security not enough?

4.2 SaaS Consumers

4.2.1 SaaS Consumer Threats

4.2.2 GenAI SaaS Provider threats

4.2.3 Reflection and Moving Forward

4.3 API Integrators

4.3.1 API Integrator threats

4.3.2 API Provider threats

4.4 Model Hosters

4.4.1 Model Artifacts & Provenance

4.4.2 Tuning & behavior drift

4.4.3 Serving & runtime surface

4.4.4 Access, misuse & theft

4.5 Summary

5 Privacy

5.1 Collection and Purpose

5.1.1 No Valid Legal Basis

5.1.2 Overcollection

5.1.3 Vendor’s Inappropriate Use of Organizational Data

5.2 Storage and Memorization

5.2.1 Memorization and Membership Inference

5.2.2 Insufficient deletion of embeddings

5.2.3 Insufficient Deletion of (Meta)data

5.3 Output Integrity

5.3.1 Hallucinations and Defamations

5.3.2 Overreliance and Automated Decision Making

5.4 User Rights & Governance

5.4.1 Making models forget and correct

5.4.2 Data Subject Access Requests (DSAR)

5.4.3 Transparency

5.5 Adoption Models: Where to Focus

5.5.1 SaaS consumers

5.5.2 API integrators

5.5.3 Model hosters

5.5.4 Top risks

5.5.5 What counts as evidence?

5.6 Summary

6 Ethical and trustworthy AI

7 Regulatory landscape

8 The road ahead

Appendix

Appendix A: A quick intro to Generative AI

Overview

1 Governing Generative AI

Generative AI is transforming work across sectors, but its speed, scale, and unpredictability create risks that outstrip traditional controls. The chapter shows how incidents such as hallucinated legal citations, prompt-injection attacks, insecure integrations, model extraction, and persistent privacy issues (memorization and hard-to-undo training) are no longer edge cases. Because generative models are probabilistic, easily manipulated, and hard to remediate after failure, mistakes can spread instantly and publicly. Coupled with intensifying regulatory and contractual pressures (from data protection to sector rules and the EU AI Act), these factors make disciplined AI governance an immediate necessity rather than a future aspiration.

GRC for AI is presented as an enabler of innovation, not a box‑ticking brake. Governance sets direction and accountability; risk management continuously identifies, tests, and mitigates evolving technical and societal harms; compliance meets external rules and internal commitments, while recognizing that “formally compliant” is not the same as safe or trustworthy. The chapter argues for probabilistic, lifecycle-based oversight that adapts as systems learn and contexts shift, with responsibilities shared across the supply chain (model providers, integrators, and users). It introduces a practical six-level model that embeds controls end to end: Strategy & Policy; Risk & Impact Assessment; Implementation Review; Acceptance Testing; Operations & Monitoring; and Learning & Improvement—each a checkpoint to align value, document limits, harden designs, validate safety, monitor behavior, and feed lessons back.

Real and plausible cases—from call‑center copilots that misstate policy, to youth-facing chat assistants that bypass safeguards, to healthcare and security failures—illustrate how gaps at any level can trigger ethical, legal, and reputational damage. The chapter previews concrete practices that operationalize governance: threat modeling, red teaming, confidence scoring, grounding and selective human review, AI firewalls and output scanners, drift and anomaly detection, data and model lineage, bias and toxicity testing, retention controls, incident response, and continuous metrics (including trust signals). Anchored by emerging standards like ISO 42001 and risk frameworks, the message is clear: early, proportionate, and continuous GRC reduces likelihood and impact of failures, protects privacy and IP, sustains regulatory readiness, and—most importantly—makes innovation with generative AI reliable and defensible.

Generative models such as ChatGPT can often produce highly recognizable versions of famous artwork like the Mona Lisa. While this seems harmless, it illustrates the model's capacity to memorize and reconstruct images from its training data; a capability that becomes a serious privacy risk when the training data includes personal photographs.

Trust in AI: experts vs general population. Source: Pew Research Center[46].

Classic GRC compared with AI GRC and GenAI GRC

Six Levels of Generative AI Governance. Chapter 2 will expand into what control tasks attach to each checkpoint.

Conclusion: Motivation and Map for What’s Ahead

By now, you should be convinced that governing AI is both critically important and uniquely challenging. We stand at a moment in time where AI technologies are advancing faster than the governance surrounding them. There’s an urgency to act: to put frameworks in place before more incidents occur and before regulators force our hand in ways we might not anticipate. But there’s also an opportunity: organizations that get GenAI GRC right will enjoy more sustainable innovation and public trust, turning responsible AI into a strength rather than a checkbox.

In this opening chapter, we reframed GRC for generative AI not as a dry compliance exercise, but as an active, risk-informed, ongoing discipline. We introduced a structured governance model that spans the AI lifecycle and multiple layers of risk, making sure critical issues aren’t missed. We examined real (and realistic) examples of AI pitfalls: from hallucinations and prompt injections to model theft and data deletion dilemmas. We have also provided a teaser of the tools and practices that can address those challenges, giving you a sense that yes, this is manageable with the right approach.

As you proceed through this book, each chapter will dive deeper into specific aspects of AI GRC using case studies. We’ll tackle topics like establishing a GenAI Governance program (Chapter 2). We will then address different risk areas such as security & privacy (Chapter 3) and trustworthiness (Chapter 4). We’ll also devote time to regulatory landscapes, helping you stay ahead of laws like the EU AI Act, and to emerging standards (you’ll hear more about ISO 42001, NIST, and others). Along the way, we will keep the tone practical – this is about what you can do, starting now, in your organization or projects, to make AI safer and more reliable.

By the end of this book, you'll be equipped to:

Clearly understand and anticipate GenAI-related risks.
Implement structured, proactive governance frameworks.
Confidently navigate emerging regulatory landscapes.
Foster innovation within a secure and ethically sound AI governance framework.

Before we move on, take a moment to reflect on your own context. Perhaps you are a product manager eager to deploy AI and thinking about how the concepts here might change your planning. Or you might be an executive worried about AI risks and consider where your organization has gaps in this new form of governance. Maybe you are a compliance professional or lawyer and ponder how a company’s internal GRC efforts could meet or fall short of your expectations. Wherever you stand, the concepts in this book aim to bridge the gap between AI’s promise and its risks, giving you the knowledge to maximize the former and mitigate the latter. By embracing effective AI governance now, you not only mitigate risks. You position your organization to lead responsibly in the AI era.

FAQ

Why does GenAI governance matter right now?

Because GenAI failures can be fast, large-scale, and public. Incidents like hallucinated legal citations, injected “memories” in assistants, data exposures, and disinformation are rising while adoption accelerates. Governance reduces the likelihood and impact of these failures, protecting people, reputation, and compliance—and avoids costly “fix later” scenarios that may be impossible with models.

How does GenAI differ from classical software or human processes, and why do old controls break?

GenAI is probabilistic, context-dependent, and susceptible to both software-style exploits (prompt injection, data poisoning) and human-like manipulation. Compared to classical software, remediation is harder, behavior is less predictable, and failures can look convincing. Detection is opaque (root causes buried in model weights), so traditional point-in-time tests and static controls aren’t enough.

What is GRC in the context of GenAI?

- Governance: Leadership, policies, and accountability that align AI with strategy and acceptable risk.
- Risk Management: Continuously identifying, assessing, and mitigating technical, ethical, and societal risks across the lifecycle.
- Compliance: Adhering to laws, regulations, and internal policies. Compliance is the floor, not the ceiling; being “formally compliant” doesn’t guarantee safety or trust.

What is the six-level GenAI Governance (6L-G) model?

- Strategy & Policy: Charters, principles, and executive ownership of AI risk.
- Risk & Impact Assessment: Classify use-case risk, map mitigations, and make go/no-go decisions (including “don’t use AI”).
- Implementation Review: Threat modeling, privacy-by-design, secure architectures, and documentation before build.
- Acceptance Testing: Independent verification—red teaming, safety/bias testing, privacy checks—before launch.
- Operations & Monitoring: Runtime guardrails, drift/toxicity monitoring, incident response, and decommissioning.
- Learning & Improvement: Feedback loops, KPIs, audits, and policy/process updates.

What GenAI failure modes does the chapter highlight?

- Hallucinations: Confident but false output (e.g., fabricated crimes or legal citations).
- Prompt attacks: Jailbreaks and injections that hijack behavior or actions (e.g., hidden instructions in content or memory).
- Data poisoning/adversarial inputs: Subtle changes that mislead models (e.g., medical imaging pixel tweaks).
- Model extraction: API query harvesting to clone models and steal IP.
- Privacy leakage/memorization: Models reproducing training data (text or images) verbatim.
- Bias/discrimination: Unequal outcomes in hiring, services, or content generation.
- Disinformation: Rapid creation and spread of synthetic media.

How should organizations handle privacy and data protection with GenAI?

- Expect memorization and leakage risks; anonymization is hard to guarantee.
- “Right to be forgotten” is challenging—machine unlearning is immature; retraining may be required.
- Avoid repurposing personal data without a valid legal basis and clear notice/consent.
- Build for erasure end-to-end (data maps, pseudonymization, model versioning, retraining plans, audit logs).
- Treat vendor data retention, logs, and model checkpoints as in-scope for privacy.

What does the chapter say about regulations and accountability?

- EU AI Act: Regulates high-risk uses and certain general-purpose models; requires technical documentation and training-data summaries; adds checks for systemic-risk models.
- U.S.: Patchwork enforcement (e.g., FTC, FDA, CFPB, state privacy and AI laws).
- Upstream vendors must govern models; downstream buyers inherit and contractually enforce obligations—market and regulators punish weak upstream governance.

When should teams say “don’t use AI,” and how are go/no-go decisions made?

During Risk & Impact Assessment, weigh value versus governance overhead and downside risk. If mitigations are unfunded or risks remain unacceptable (e.g., regulated domains like healthcare without controls), choose “no-go” or redesign. Any residual risk must be explicitly accepted and escalated to leadership.

Which tools and practices help operationalize GenAI GRC?

- Strategy & Policy: Responsible AI charters, risk tiers, cross-functional committees.
- Risk & Impact Assessment: Regulatory checklists, impact templates, third-party risk reviews.
- Implementation Review: Threat modeling, AI firewalls, data minimization, CMEK, model/system cards.
- Acceptance Testing: Red-teaming and eval tools (e.g., Promptfoo, Garak, PyRIT, ART), load tests, bias tests.
- Operations & Monitoring: Output scanners, drift dashboards, MLFlow, incident playbooks.
- Learning & Improvement: Trust-score dashboards, calibration/robustness metrics, lessons-learned.

How should we monitor and improve GenAI systems after launch?

Apply runtime guardrails (filters, rate limits), live metrics (toxicity, drift, anomalies on embeddings), and thorough logging. Investigate gaps across micro-services (e.g., a lightly protected summarizer) and run post-incident reviews. Close the loop with KPIs, user feedback, audits, and policy/process updates to keep governance adaptive.

pro $24.99 per month

access to all Manning books, MEAPs, liveVideos, liveProjects, and audiobooks!
choose one free eBook per month to keep
exclusive 50% discount on all purchases
renews monthly, pause or cancel renewal anytime

lite $19.99 per month

access to all Manning books, including MEAPs!

team

5, 10 or 20 seats+ for your team - learn more

eBook

pdf, ePub, online

$47.99 $28.79

you save $19.20 (40%)

pro $24.99 per month

access to all Manning books, MEAPs, liveVideos, liveProjects, and audiobooks!
choose one free eBook per month to keep
exclusive 50% discount on all purchases
renews monthly, pause or cancel renewal anytime

lite $19.99 per month

access to all Manning books, including MEAPs!

team

5, 10 or 20 seats+ for your team - learn more

eBook

$47.99 $28.79

you save $19.20 (40%)

eBook

pdf, ePub, online

$47.99 $28.79

you save $19.20 (40%)

pro $24.99 per month

access to all Manning books, MEAPs, liveVideos, liveProjects, and audiobooks!
choose one free eBook per month to keep
exclusive 50% discount on all purchases
renews monthly, pause or cancel renewal anytime

lite $19.99 per month

access to all Manning books, including MEAPs!

team

5, 10 or 20 seats+ for your team - learn more