AI Governance you own this product

Secure, privacy-preserving, ethical systems

Engin Bozdag and Stefano Bennati

MEAP began November 2025
Last updated April 2026
Publication in Summer 2026 (estimated)

ISBN 9781633436817
225 pages (estimated)

Included with a Manning Online subscription

printed in black & white

catalog / Data Science / Deep Learning / Generative AI

resources: Book forum

table of content

1 Governing Generative AI

1.1 Why Governance, Risk and Compliance (GRC) for GenAI Matters Now?

1.2 GRC for AI: More Than a Compliance Checklist

1.3 A Mental Model for GenAI GRC

1.4 Challenges in Practice: Illustrative Scenarios

1.5 Tools and Practices You’ll Need

1.6 Conclusion: Motivation and Map for What’s Ahead

2 Adoption Models for GenAI

2.1 SaaS or Application Consumers

2.2 API Integrators

2.2.1 Organization-Controlled Zone: Enhanced Customization and Governance

2.2.2 Vendor-Controlled Zone: Stability and Reliability

2.2.3 Governance and Risk Management Opportunities

2.2.4 Achieving Effective Governance for an API Integrator

2.3 Model Hosters

2.3.1 Architecture Overview: What’s Inside the Controlled Zone

2.3.2 Governance and Risk Management Opportunities

2.3.3 Achieving Effective Governance for a Model Hoster

2.4 Risk dimensions across deployment postures

2.5 Agentic AI

2.5.1 What Does “Agentic” Mean?

2.5.2 Common properties of Agentic AI

2.5.3 Why Agentic AI is still experimental

2.5.4 Governance Challenges

2.6 MediAssist: A case study in AI governance

2.7 Summary

3 The Six-Level Governance Framework

3.1 Practical Responsible AI Governance: Recap

3.2 Strategy & Policy (Level 1)

3.2.1 Key artifacts

3.2.2 Common Failures

3.2.3 MediAssist at Level 1

3.3 Risk & Impact Assessment (Level 2)

3.3.1 Key artifacts

3.3.2 Key Metrics

3.3.3 Common Failures

3.3.4 MediAssist at Level 2

3.4 Implementation Review (Level 3)

3.4.1 Integrating with Existing Review Processes

3.4.2 Key Artifacts

3.4.3 Key metrics

3.4.4 Common Failures

3.4.5 Mediassist at Level 3

3.5 Acceptance Testing (Level 4)

3.5.1 Key artifacts

3.5.2 Key Metrics

3.5.3 Common Failures

3.5.4 MediAssist at Level 4

3.6 Operations & Monitoring (Level 5)

3.6.1 Key artifacts

3.6.2 Key Metrics

3.6.3 Common Failures

3.6.4 Mediassist at Level 5

3.7 Learning & Improvement (Level 6)

3.7.1 Key Artifacts

3.7.2 Key Metrics

3.7.3 Common Failures

3.7.4 MediAssist in Level 6

3.8 Maturity Levels Across the 6L-G Model

3.9 Summary

4 Securing GenAI

4.1 ClaimAssist

4.2 Risk Factors

4.2.1 ClaimAssist and How Risk Factors Stack

4.3 Insecure Environments

4.3.1 Insufficient Logging

4.3.2 Vendor security gaps

4.3.3 Supply-Chain Risks

4.3.4 Uncontrolled usage and denial of service

4.3.5 Improper secret management

4.3.6 Shadow AI

4.4 Model Risks

4.4.1 Model Weight Risks

4.4.2 Backdoors, Poisoning and Malicious Models

4.4.3 Model Theft

4.4.4 Mitigating Model-Level Risks

4.5 Untrustworthy Input

4.5.1 Beyond Chat-Based Attacks

4.6 Data Security

4.6.1 The Confused Deputy Problem

4.6.2 When Existing Permissions Are Too Broad

4.6.3 Poisoning the Well

4.7 The Ability to Make Changes

4.7.1 Building Controls for AI That Can Act

4.8 Agency

4.8.1 Why Autonomy Changes the Threat Landscape

4.8.2 Agentic Browsers

4.8.3 MCP and the New Tool Ecosystem

4.8.4 Managing What Tools the Agent Can Use

4.8.5 Tool Authorization

4.8.6 When Humans Need to Stay in the Loop

4.8.7 Containment and Detection

4.8.8 Baseline and Advanced Practices

4.9 ClaimAssist: From FAQ Bot to Agentic System

4.10 Summary

5 Privacy

5.1 The Four Pillars of GenAI Privacy

5.2 Collection and Purpose

5.2.1 No Valid Legal Basis

5.2.2 Overcollection

5.2.3 Vendor’s Inappropriate Use of Organizational Data

5.2.4 Adoption Model Differences

5.3 Storage and Memorization

5.3.1 Memorization and Membership Inference

5.3.2 Insufficient deletion of embeddings

5.3.3 Insufficient Deletion of (Meta)data

5.3.4 Adoption Model Differences

5.4 Output Integrity

5.4.1 Hallucinations and Defamations

5.4.2 Overreliance and Automated Decision Making

5.4.3 Adoption Model Differences

5.5 User Rights & Governance

5.5.1 Making models forget and correct

5.5.2 Data Subject Access Requests (DSAR)

5.5.3 Transparency

5.5.4 Adoption Model Differences

5.6 Agentic AI and Privacy

5.6.1 Purpose Limitation (and Data Minimization) Under Strain

5.6.2 Lawful Basis Challenges for Autonomous Processing

5.6.3 Storage Limitation and Erasure Rights in an Agent Context

5.6.4 Governance and Operational Challenges in the Long Term

5.6.5 Summary of Privacy Risks and Mitigations in Agentic AI

5.7 Summary

6 Ethical and trustworthy GenAI

7 Regulatory landscape

8 The road ahead

Appendix

Appendix A: A quick intro to Generative AI

Overview

1 Governing Generative AI

Generative AI is transforming work across industries, but its speed, scale, and open-ended behavior amplify familiar risks into urgent governance challenges. High-profile failures—hallucinated legal citations, prompt-injection exploits, leaked chat logs, and memory manipulation—show why traditional software controls and “fix it later” approaches no longer suffice. Adoption is racing ahead while harms can propagate instantly and publicly, stretching detection, attribution, and remediation far beyond legacy playbooks. As regulators tighten expectations (from the EU AI Act to U.S. sectoral oversight), organizations need a practical way to translate Responsible AI principles into daily decisions that protect people, reputation, and value creation.

The chapter frames Governance, Risk, and Compliance (GRC) for GenAI as an enabler of safe innovation rather than a box-ticking burden, and proposes a lifecycle-based model that integrates privacy, security, and compliance from concept to retirement. The six-level framework—Strategy & Policy; Risk & Impact Assessment; Implementation Review; Acceptance Testing; Operations & Monitoring; and Learning & Improvement—adapts classic PDCA cycles and aligns with emerging standards like ISO/IEC 42001. It clarifies ownership across the AI supply chain (model providers, integrators, and end users), embeds continuous monitoring and red-teaming, and makes room for residual-risk decisions with explicit executive sign-off. The result is governance tuned for probabilistic systems, vendor dependence, evolving threats, and real-time content generation.

Concrete risks discussed include hallucinations and misinformation, prompt injection and jailbreaks, data poisoning and adversarial content, model extraction, memorization and privacy violations, and bias that can trigger legal and ethical fallout. Illustrative scenarios—from bank copilots to healthcare claims to consumer chat assistants—show how gaps across multiple levels of governance compound harms. To operationalize controls, the chapter previews tools and practices such as threat modeling, AI firewalls and output filters, adversarial and bias testing, detailed logging and lineage, drift detection, anomaly alerting, vendor due diligence, and post-incident learning loops and trust metrics. The central message is pragmatic: disciplined, lifecycle GRC is the price of sustainable GenAI innovation, reducing the frequency and impact of failures while preserving the speed and flexibility that make these systems valuable.

Generative models such as ChatGPT can often produce highly recognizable versions of famous artwork like the Mona Lisa. While this seems harmless, it illustrates the model's capacity to memorize and reconstruct images from its training data; a capability that becomes a serious privacy risk when the training data includes personal photographs.

Trust in AI: experts vs general population. Source: Pew Research Center[46].

Classic GRC compared with AI GRC and GenAI GRC

Six Levels of Generative AI Governance. Chapter 2 will expand into what control tasks attach to each checkpoint.

Conclusion: Motivation and Map for What’s Ahead

By now, you should be convinced that governing AI is both critically important and uniquely challenging. We stand at a moment in time where AI technologies are advancing faster than the governance surrounding them. There’s an urgency to act: to put frameworks in place before more incidents occur and before regulators force our hand in ways we might not anticipate. But there’s also an opportunity: organizations that get GenAI GRC right will enjoy more sustainable innovation and public trust, turning responsible AI into a strength rather than a checkbox.

In this opening chapter, we reframed GRC for generative AI not as a dry compliance exercise, but as an active, risk-informed, ongoing discipline. We introduced a structured governance model that spans the AI lifecycle and multiple layers of risk, making sure critical issues aren’t missed. We examined real (and realistic) examples of AI pitfalls: from hallucinations and prompt injections to model theft and data deletion dilemmas. We have also provided a teaser of the tools and practices that can address those challenges, giving you a sense that yes, this is manageable with the right approach.

As you proceed through this book, each chapter will dive deeper into specific aspects of AI GRC using case studies. We’ll tackle topics like establishing a GenAI Governance program (Chapter 2). We will then address different risk areas such as security & privacy (Chapter 3) and trustworthiness (Chapter 4). We’ll also devote time to regulatory landscapes, helping you stay ahead of laws like the EU AI Act, and to emerging standards (you’ll hear more about ISO 42001, NIST, and others). Along the way, we will keep the tone practical – this is about what you can do, starting now, in your organization or projects, to make AI safer and more reliable.

By the end of this book, you'll be equipped to:

Clearly understand and anticipate GenAI-related risks.
Implement structured, proactive governance frameworks.
Confidently navigate emerging regulatory landscapes.
Foster innovation within a secure and ethically sound AI governance framework.

Before we move on, take a moment to reflect on your own context. Perhaps you are a product manager eager to deploy AI and thinking about how the concepts here might change your planning. Or you might be an executive worried about AI risks and consider where your organization has gaps in this new form of governance. Maybe you are a compliance professional or lawyer and ponder how a company’s internal GRC efforts could meet or fall short of your expectations. Wherever you stand, the concepts in this book aim to bridge the gap between AI’s promise and its risks, giving you the knowledge to maximize the former and mitigate the latter. By embracing effective AI governance now, you not only mitigate risks. You position your organization to lead responsibly in the AI era.

FAQ

Why does GRC for Generative AI matter right now?

GenAI is being adopted at unprecedented speed and its failures are unpredictable, fast-moving, and public. Hallucinations can fabricate convincing falsehoods, privacy and security weaknesses can be exploited (e.g., prompt injection, data leaks), and model theft can erode IP. Regulators are responding, customers are skeptical, and reputational damage can be severe. A disciplined GRC program reduces the likelihood and impact of these risks so organizations can innovate safely.

How does GenAI break traditional control models?

Unlike deterministic software, GenAI is probabilistic, context-sensitive, and susceptible to emergent behavior. Failures are harder to attribute and remediate; you can’t always “patch” a model the way you patch code. It combines software-like exploitability (injection, poisoning) with human-like fallibility (being misled by context). Pre- and post-launch controls must therefore shift to adversarial testing, continuous monitoring, and guardrails tailored to generative outputs.

What kinds of GenAI failures and attacks should we expect?

Key risks include hallucinations and defamation, prompt injection and jailbreaks, training-data poisoning, and model extraction (stealing model behavior via API queries). Privacy threats arise from memorization and the difficulty of deleting learned data. Additional concerns include bias and discrimination, disinformation at scale, and supply-chain exposures when upstream vendors or datasets are weakly governed.

Which laws and regulators are most relevant today?

In the EU, the AI Act regulates both high-risk use cases and certain general-purpose models, with documentation and transparency duties (and extra checks for systemic risk). In the U.S., existing regulators apply: FTC (deceptive practices), FDA (medical safety), CFPB (consumer finance), plus state privacy and AI laws (e.g., CPRA, Colorado). Buyers increasingly embed these obligations in contracts, pushing accountability through the supply chain.

What is the six-level GenAI governance (6L-G) model?

The 6L-G model is a lifecycle playbook: 1) Strategy & Policy, 2) Risk & Impact Assessment, 3) Implementation Review, 4) Acceptance Testing, 5) Operations & Monitoring, and 6) Learning & Improvement. It ties concrete controls and ownership to each phase, requires explicit go/no-go decisions, and escalates residual risk for executive sign-off. It aligns with standards like ISO/IEC 42001 and emphasizes continuous oversight, not one-time audits.

How do we apply the 6L-G model to GDPR’s right to erasure?

Start with policies that forbid training on identifiable data without consent and require model-level deletion outcomes. Map personal data and vendors, pseudonymize before fine-tunes, version-tag models for selective retraining, and design pipelines that prevent reintroduction. Validate with tests (e.g., membership-inference resistance), automate erasure workflows (including embedding blacklists), monitor completion, and continuously improve (e.g., exploring machine unlearning as it matures).

What testing and monitoring are needed before and after launch?

Before launch: threat modeling, adversarial prompt suites, red-teaming, bias/fairness evaluations, privacy and retention checks, and load tests. After launch: AI firewalls and output filters, rate limiting, toxicity/PII/drift monitoring, detailed input–output logging, anomaly detection, and incident response playbooks. Evidence from these controls should be reviewable by a governance body for approval and ongoing accountability.

How should organizations manage bias and fairness risks?

Test for disparate performance and outcomes across protected groups and high-risk contexts. Improve data quality and balance, guide annotators, and apply targeted guardrails; then audit regularly post-deployment for drift. Real cases show legal exposure when screening or advice systems disadvantage specific demographics, so fairness must be engineered, measured, and governed continuously.

What is the role of vendors and the AI supply chain in accountability?

Upstream providers (models, cloud, data brokers) hold the first line of accountability—documentation, disclosures, and safeguards. Integrators must configure guardrails, logging, privacy controls, and monitoring appropriate to their use case. Buyers should contractually require transparency, incident handling, and compliance; residual risk acceptance belongs with business leadership, informed by these obligations.

How do we decide go/no-go on a GenAI use case without stalling innovation?

Use a proportional, risk-informed assessment that weighs expected benefits against governance overhead and downside risks. Define the task clearly, map risks to funded mitigations, and escalate residual risks for executive approval. Sometimes “don’t use AI” is the right answer; starting small with high-impact, governable use cases builds capacity and trust while avoiding costly missteps.

pro $24.99 per month

access to all Manning books, MEAPs, liveVideos, liveProjects, and audiobooks!
choose one free eBook per month to keep
exclusive 50% discount on all purchases
renews monthly, pause or cancel renewal anytime

lite $19.99 per month

access to all Manning books, including MEAPs!

team

5, 10 or 20 seats+ for your team - learn more

eBook

pdf, ePub, online

$47.99 $23.99

you save $24.00 (50%)

pro $24.99 per month

access to all Manning books, MEAPs, liveVideos, liveProjects, and audiobooks!
choose one free eBook per month to keep
exclusive 50% discount on all purchases
renews monthly, pause or cancel renewal anytime

lite $19.99 per month

access to all Manning books, including MEAPs!

team

5, 10 or 20 seats+ for your team - learn more

eBook

$47.99 $23.99

you save $24.00 (50%)

eBook

pdf, ePub, online

$47.99 $23.99

you save $24.00 (50%)

pro $24.99 per month

access to all Manning books, MEAPs, liveVideos, liveProjects, and audiobooks!
choose one free eBook per month to keep
exclusive 50% discount on all purchases
renews monthly, pause or cancel renewal anytime

lite $19.99 per month

access to all Manning books, including MEAPs!

team

5, 10 or 20 seats+ for your team - learn more