The data and AI governance glossary.
Plain, quotable definitions for the vocabulary of semantic governance and enterprise AI: grouped by system, one page each.
Context
Governed RAG
Governed RAG is retrieval-augmented generation in which retrieval and context assembly are policy-controlled: chunks/elements/information are filtered, redacted or annotated by role, intent and sensitivity before reaching the model and every answer carries citations and lineage.
Semantic Governance
Semantic governance is the practice of controlling information by its meaning, governing what an AI is allowed to understand, infer, remember and say, rather than only by where data is stored or who can access the file.
Sensitivity Classification
Sensitivity classification is the assignment of sensitivity levels to data, for example a five-tier scale from Public to Regulated; so that access and inference policy can be applied appropriately, including during AI retrieval and reasoning.
Control
ABAC vs RBAC vs FGAC
RBAC (role-based), ABAC (attribute-based) and FGAC (fine-grained access control) are complementary models for deciding access: RBAC by role, ABAC by attributes and context, FGAC down to the individual element such as a section, chunk or a column.
Dynamic Policy Engine
A dynamic policy engine is a runtime component that evaluates each AI retrieval, reasoning step and output against context-aware rules based on role, intent and sensitivity and enforces the decision before the result is returned.
Enterprise AI Control Plane
An Enterprise AI Control Plane is the governance infrastructure layer that controls how AI systems access context, use models, call tools, manage memory and take action with policy enforcement and structured audit.
Purpose-Based Access Control
Purpose-based access control governs data by the purpose of its use, permitting or denying access based on why it is being accessed, rather than solely on the identity or role of the requester.
Observability
AI Bill of Materials (AI-BOM)
An AI Bill of Materials (AI-BOM) is a structured inventory of the components of an AI system like data sources, models, tools, agents and memory; used to understand, govern and assess its risk.
Data Lineage for AI
Data lineage for AI is the end-to-end record of which sources, retrievals and reasoning steps produced a given AI output, enabling explainability, audit and regulatory evidence.
Standards
ISO/IEC 42001
ISO/IEC 42001 is the first international, certifiable standard for an AI Management System (AIMS), defining how an organization governs the responsible development, deployment and operation of AI.
NIST AI RMF
The NIST AI Risk Management Framework (AI RMF) is a voluntary, widely-adopted framework for managing AI risk through four functions: Govern, Map, Measure and Manage; designed to overlay an organization's existing risk processes.
Risk
AI TRiSM
AI TRiSM (AI Trust, Risk and Security Management) is an industry framing for the set of capabilities that ensure AI systems are trustworthy, governed, secure and compliant; spanning governance, runtime enforcement, information governance and infrastructure.
Aggregation Risk
Aggregation risk is the exposure that arises when multiple individually-harmless pieces of data are combined often by an AI system, to produce sensitive or restricted information.
Inference (Semantic) Leakage
Semantic leakage (or inference leakage) occurs when an AI system reveals sensitive information by inferring or combining it, surfacing a restricted conclusion even though no individually-restricted file was accessed.
Shadow AI
Shadow AI is any AI system, tool or agent used within an organization without sanctioned oversight or governance consuming enterprise data outside the controls security and data teams can see.
See Kynexa govern your AI — in 30 minutes.
Bring a real use case. We'll show governed retrieval, reasoning and audit on your stack.