The AI security & governance glossary
Plain-language definitions of the terms that decide whether an enterprise AI deployment succeeds: security threats, governance frameworks, and the regulations that now apply to them.
Prompt injection
Prompt injection is an attack that hides malicious instructions inside content an AI system processes, such as an email, a document or a web page. The model then treats the attacker’s text as instructions and ignores the rules it was given. The OWASP Top 10 for LLM applications ranks it as the leading security risk for this type of system.
What is prompt injection?AI governance
AI governance is the set of policies, roles, processes and technical controls an organisation puts in place so that AI is used safely, legally and accountably. It defines which tools are approved, who may use them with which data, how usage is monitored, and how risks are assessed before a use case goes to production.
What is AI governance?EU AI Act
The EU AI Act (Regulation (EU) 2024/1689) is the world’s first comprehensive law regulating artificial intelligence. It entered into force in August 2024 and applies in stages. The Act classifies AI systems by risk level, from prohibited practices to strictly regulated high-risk systems, with lighter transparency duties for uses such as chatbots.
What is the EU AI Act?Shadow AI
Shadow AI is the use of AI tools inside an organisation without the knowledge or approval of IT and security teams. Typical examples include employees pasting company data into personal chatbot accounts, unvetted AI browser extensions, and AI features wired into business workflows outside any oversight.
What is shadow AI?Retrieval-augmented generation (RAG)
Retrieval-augmented generation (RAG) is a technique that connects a language model to your own knowledge sources. When a user asks a question, the system first retrieves the most relevant documents, then passes them to the model alongside the question. The answer is grounded in your data instead of relying only on what the model learned during training.
What is retrieval-augmented generation (RAG)?LLM red teaming
LLM red teaming is the structured, adversarial testing of AI systems. Testers deliberately attack a model or AI application with jailbreaks, prompt-injection payloads, data-extraction attempts and abuse scenarios in order to find failures before real users or attackers do.
What is LLM red teaming?
Deploy AI with confidence
Code75 implements production AI across enterprise teams, with the security testing and governance to match. You will talk to an engineer.