AI Governance you own this product

Secure, privacy-preserving, ethical systems

Engin Bozdag and Stefano Bennati

MEAP began November 2025
Last updated November 2025
Publication in Summer 2026 (estimated)

ISBN 9781633436817
225 pages (estimated)

Included with a Manning Online subscription

printed in black & white

catalog / Data Science / Deep Learning / Generative AI

table of content

1 Governing Generative AI

1.1 Why Governance, Risk and Compliance (GRC) for GenAI Matters Now?

1.2 GRC for AI: More Than a Compliance Checklist

1.3 A Mental Model for GenAI GRC

1.4 Challenges in Practice: Illustrative Scenarios

1.5 Tools and Practices You’ll Need

1.6 Conclusion: Motivation and Map for What’s Ahead

2 Adoption Models for GenAI

2.1 SaaS or Application Consumers

2.2 API Integrators

2.2.1 Organization-Controlled Zone: Enhanced Customization and Governance

2.2.2 Vendor-Controlled Zone: Stability and Reliability

2.2.3 Governance and Risk Management Opportunities

2.2.4 Achieving Effective Governance for an API Integrator

2.3 Model Hosters

2.3.1 Architecture Overview: What’s Inside the Controlled Zone

2.3.2 Governance and Risk Management Opportunities

2.3.3 Achieving Effective Governance for a Model Hoster

2.4 Risk dimensions across deployment postures

2.5 Agentic AI

2.5.1 What Does “Agentic” Mean?

2.5.2 Common properties of Agentic AI

2.5.3 Why Agentic AI is still experimental

2.6 MediAssist: A case study in AI governance

2.7 Summary

3 The Six-Level GenAI Governance Framework

3.1 Practical Responsible AI Governance: Recap

3.2 Strategy & Policy (Level 1)

3.2.1 Key artifacts

3.2.2 Key Metrics

3.2.3 Common Failures

3.2.4 MediAssist at Level 1

3.3 Risk & Impact Assessment (Level 2)

3.3.1 Key artifacts

3.3.2 Key Metrics

3.3.3 Common Failures

3.3.4 MediAssist at Level 2

3.4 Implementation Review (Level 3)

3.4.1 Key Artifacts

3.4.2 Key metrics

3.4.3 Common Failures

3.4.4 MediAssist at Level 3

3.5 Acceptance Testing (Level 4)

3.5.1 Key artifacts

3.5.2 Key Metrics

3.5.3 Common Failures

3.5.4 MediAssist at Level 4

3.6 Operations & Monitoring (Level 5)

3.6.1 Key artifacts

3.6.2 Key Metrics

3.6.3 Common Failures

3.6.4 MediAssist at Level 5

3.7 Learning & Improvement (Level 6)

3.7.1 Key Artifacts

3.7.2 Key Metrics

3.7.3 Common Failures

3.7.4 MediAssist in Level 6

3.8 Maturity Levels Across the 6L-G Model

3.9 Summary

4 Securing GenAI

4.1 Real-World Scenarios

4.1.1 Why is Classical Security not enough?

4.2 SaaS Consumers

4.2.1 SaaS Consumer Threats

4.2.2 GenAI SaaS Provider threats

4.2.3 Reflection and Moving Forward

4.3 API Integrators

4.3.1 API Integrator threats

4.3.2 API Provider threats

4.4 Model Hosters

4.4.1 Model Artifacts & Provenance

4.4.2 Tuning & behavior drift

4.4.3 Serving & runtime surface

4.4.4 Access, misuse & theft

4.5 Summary

5 Privacy

5.1 Collection and Purpose

5.1.1 No Valid Legal Basis

5.1.2 Overcollection

5.1.3 Vendor’s Inappropriate Use of Organizational Data

5.2 Storage and Memorization

5.2.1 Memorization and Membership Inference

5.2.2 Insufficient deletion of embeddings

5.2.3 Insufficient Deletion of (Meta)data

5.3 Output Integrity

5.3.1 Hallucinations and Defamations

5.3.2 Overreliance and Automated Decision Making

5.4 User Rights & Governance

5.4.1 Making models forget and correct

5.4.2 Data Subject Access Requests (DSAR)

5.4.3 Transparency

5.5 Adoption Models: Where to Focus

5.5.1 SaaS consumers

5.5.2 API integrators

5.5.3 Model hosters

5.5.4 Top risks

5.5.5 What counts as evidence?

5.6 Summary

6 Ethical and trustworthy AI

7 Regulatory landscape

8 The road ahead

Appendix

Appendix A: A quick intro to Generative AI

Overview

1 Governing Generative AI

Generative AI is transforming everyday work, but its speed, scale, and open-ended behavior create failures that traditional controls can’t reliably prevent or fix. This chapter explains why governance, risk, and compliance (GRC) for GenAI is now a business-critical discipline: incidents are rising, adoption is widespread, and small mistakes can propagate instantly. Because GenAI blends the exploitability of software with the fallibility of humans—and operates probabilistically across unbounded domains—the old “patch later” playbook breaks. The result is a call to move from abstract principles to operational practices that reduce harm without stifling innovation.

The chapter maps the distinctive risk surface of GenAI—hallucinations, prompt injection and jailbreaks, data poisoning, model extraction, privacy and unlearning challenges, content memorization, and systemic bias—alongside intensifying regulatory and contractual pressures. It proposes a lifecycle, risk-informed governance model (6L-G) that assigns shared responsibilities across the AI supply chain and embeds controls end to end: Strategy & Policy (set principles, ownership, and boundaries), Risk & Impact Assessment (classify obligations and decide go/no-go), Implementation Review (design for security, privacy, transparency), Acceptance Testing (validate safety, robustness, fairness), Operations & Monitoring (guardrails, logging, drift and anomaly detection, incident response), and Learning & Improvement (feedback loops and continuous adaptation). This framework is designed for uncertainty: it favors continuous oversight, clear accountability, and explicit acceptance of residual risk where necessary.

Pragmatically, the chapter emphasizes proportional, “built-in” governance rather than heavyweight bureaucracy. It previews concrete tools and practices—threat modeling, red teaming, AI firewalls and output filters, bias and robustness testing, lineage and decision logging, drift dashboards, model documentation, and post-incident reviews—showing how to integrate them into existing product and risk routines. Illustrative scenarios demonstrate that governance gaps, not just technical flaws, drive many GenAI failures; conversely, disciplined GRC reduces legal, ethical, and reputational exposure while enabling confident deployment. The takeaway is clear: effective GRC is the operating system for responsible, sustainable GenAI innovation.

Generative models such as ChatGPT can often produce highly recognizable versions of famous artwork like the Mona Lisa. While this seems harmless, it illustrates the model's capacity to memorize and reconstruct images from its training data; a capability that becomes a serious privacy risk when the training data includes personal photographs.

Trust in AI: experts vs general population. Source: Pew Research Center[46].

Classic GRC compared with AI GRC and GenAI GRC

Six Levels of Generative AI Governance. Chapter 2 will expand into what control tasks attach to each checkpoint.

Conclusion: Motivation and Map for What’s Ahead

By now, you should be convinced that governing AI is both critically important and uniquely challenging. We stand at a moment in time where AI technologies are advancing faster than the governance surrounding them. There’s an urgency to act: to put frameworks in place before more incidents occur and before regulators force our hand in ways we might not anticipate. But there’s also an opportunity: organizations that get GenAI GRC right will enjoy more sustainable innovation and public trust, turning responsible AI into a strength rather than a checkbox.

In this opening chapter, we reframed GRC for generative AI not as a dry compliance exercise, but as an active, risk-informed, ongoing discipline. We introduced a structured governance model that spans the AI lifecycle and multiple layers of risk, making sure critical issues aren’t missed. We examined real (and realistic) examples of AI pitfalls: from hallucinations and prompt injections to model theft and data deletion dilemmas. We have also provided a teaser of the tools and practices that can address those challenges, giving you a sense that yes, this is manageable with the right approach.

As you proceed through this book, each chapter will dive deeper into specific aspects of AI GRC using case studies. We’ll tackle topics like establishing a GenAI Governance program (Chapter 2). We will then address different risk areas such as security & privacy (Chapter 3) and trustworthiness (Chapter 4). We’ll also devote time to regulatory landscapes, helping you stay ahead of laws like the EU AI Act, and to emerging standards (you’ll hear more about ISO 42001, NIST, and others). Along the way, we will keep the tone practical – this is about what you can do, starting now, in your organization or projects, to make AI safer and more reliable.

By the end of this book, you'll be equipped to:

Clearly understand and anticipate GenAI-related risks.
Implement structured, proactive governance frameworks.
Confidently navigate emerging regulatory landscapes.
Foster innovation within a secure and ethically sound AI governance framework.

Before we move on, take a moment to reflect on your own context. Perhaps you are a product manager eager to deploy AI and thinking about how the concepts here might change your planning. Or you might be an executive worried about AI risks and consider where your organization has gaps in this new form of governance. Maybe you are a compliance professional or lawyer and ponder how a company’s internal GRC efforts could meet or fall short of your expectations. Wherever you stand, the concepts in this book aim to bridge the gap between AI’s promise and its risks, giving you the knowledge to maximize the former and mitigate the latter. By embracing effective AI governance now, you not only mitigate risks. You position your organization to lead responsibly in the AI era.

FAQ

Why does Generative AI require Governance, Risk, and Compliance (GRC) now?

GenAI is being adopted at record speed while incident rates are rising. Unlike traditional software bugs that can be patched, GenAI failures (hallucinations, data leaks, misuse) can be hard to detect, remediate, or attribute—and they scale instantly and publicly. Effective GRC prevents reputational, legal, and safety crises before they metastasize.

How is GenAI different from traditional software in terms of risk and control?

GenAI is probabilistic, context-dependent, and susceptible to manipulation (prompt injection, data poisoning). Failures are harder to detect and remediate; root causes may be buried in model weights. Assurance shifts from point‑in‑time checks to continuous testing, monitoring, and adaptive guardrails.

What does “GRC for AI” include beyond a compliance checklist?

It blends three pillars: governance (direction, ownership, policy), risk management (continuous identification, assessment, mitigation), and compliance (laws, standards, and internal commitments). It’s about enabling innovation with guardrails—not box‑ticking. Controls are embedded across the lifecycle, not bolted on at the end.

What is the Six‑Level GenAI Governance (6L‑G) model?

The 6L‑G model operationalizes governance across the lifecycle: 1) Strategy & Policy; 2) Risk & Impact Assessment (go/no‑go, residual risk ownership); 3) Implementation Review (designs meet security/privacy requirements); 4) Acceptance Testing (independent V&V, red‑teaming, bias and safety tests); 5) Operations & Monitoring (runtime guardrails, drift/incident response, decommissioning); 6) Learning & Improvement (feedback loops, metrics, policy updates).

What real‑world incidents show why GenAI governance matters?

Examples include lawyers sanctioned for AI‑invented citations; prompt‑injection and memory‑abuse in chatbots; large‑scale exposure of private logs and keys; unsubstantiated medical hallucination claims leading to enforcement; deepfakes and targeted misinformation; biased hiring systems triggering regulatory action. Each maps to missed controls across multiple 6L‑G levels.

What are prompt injection and jailbreaks, and how can we defend against them?

Prompt injection hides instructions in content the model reads; jailbreaks coax models to ignore safety rules. Defenses include AI firewalls and output filters, least‑privilege tool access, content scanning and sanitization, isolation of high‑risk capabilities, red‑team suites, memory controls, rate‑limiting, anomaly detection, and human‑in‑the‑loop for sensitive actions.

How do privacy and data protection challenges change with GenAI?

Models can memorize and regurgitate sensitive data; “right to be forgotten” may require retraining or advanced unlearning. Risks include unauthorized data reuse, scraping without consent, and leakage via outputs. Governance needs data‑mapping, minimization, strict retention/TTL, vendor controls (e.g., CMEK), erasure playbooks, and testing for membership inference and memorization.

What is model extraction (model stealing) and how can organizations mitigate it?

Adversaries clone a model by harvesting API outputs at scale, eroding IP and enabling offline reconnaissance. Mitigations include anomaly detection on query patterns, per‑tenant usage fingerprints, adaptive rate‑limits, output perturbation or watermarking (where feasible), contractual restrictions and monitoring, and rapid takedown/escalation playbooks.

How can small or resource‑constrained organizations right‑size AI governance?

Apply proportionality: start with lightweight policies, a simple risk/impact worksheet, monthly cross‑functional reviews, and basic runtime monitoring. Focus on the highest‑risk use cases first. Use vendor capabilities where possible, and be prepared to decide “don’t use AI” when governance overhead outweighs benefits.

Which tools and practices support GenAI GRC across the lifecycle?

- Strategy & Policy: Responsible AI charters, accountability mapping. - Risk & Impact: Regulatory checklists, third‑party risk reviews. - Implementation: Threat modeling, privacy‑by‑design, AI firewalls, CMEK, model/system cards. - Acceptance: Red‑teaming and evaluation suites (e.g., Promptfoo, Garak, PyRIT, ART), bias and safety tests. - Operations: Output scanners, drift dashboards, MLflow tracking, incident playbooks. - Learning: Trust score dashboards, post‑incident reviews, policy refresh cycles.

pro $24.99 per month

access to all Manning books, MEAPs, liveVideos, liveProjects, and audiobooks!
choose one free eBook per month to keep
exclusive 50% discount on all purchases
renews monthly, pause or cancel renewal anytime

lite $19.99 per month

access to all Manning books, including MEAPs!

team

5, 10 or 20 seats+ for your team - learn more

eBook

pdf, ePub, online

$47.99 $31.19

you save $16.80 (35%)

pro $24.99 per month

access to all Manning books, MEAPs, liveVideos, liveProjects, and audiobooks!
choose one free eBook per month to keep
exclusive 50% discount on all purchases
renews monthly, pause or cancel renewal anytime

lite $19.99 per month

access to all Manning books, including MEAPs!

team

5, 10 or 20 seats+ for your team - learn more

eBook

$47.99 $31.19

you save $16.80 (35%)

eBook

pdf, ePub, online

$47.99 $31.19

you save $16.80 (35%)

pro $24.99 per month

access to all Manning books, MEAPs, liveVideos, liveProjects, and audiobooks!
choose one free eBook per month to keep
exclusive 50% discount on all purchases
renews monthly, pause or cancel renewal anytime

lite $19.99 per month

access to all Manning books, including MEAPs!

team

5, 10 or 20 seats+ for your team - learn more