Acceptable-Use Policy
A document that specifies which AI tools may be used within an organization, by whom, and for what purposes.
Appendix
Terms, References, and Further Reading
Plain-language definitions and authoritative references for the guide.
Terms are defined here in plain language and at the point of first use in the relevant module. References appear here and as inline callouts where they are most relevant.
Glossary
Automation Drift
The gradual degradation of AI output reliability as the conditions around the task change over time.
Authority Confusion
A failure mode in which AI produces confident-sounding output in areas where it has no verified basis or recognized authority.
Context Collapse
A failure mode in which an AI forgets or distorts instructions, constraints, or facts established earlier in a conversation.
Data Exposure
The risk that sensitive information pasted into an AI system may be stored, logged, reviewed, or used in future training.
False Precision
A failure mode in which AI states specific numbers, dates, citations, or claims with apparent confidence but without a verified basis.
Governance
The policies, controls, oversight procedures, and accountabilities that determine how AI is used.
Hallucination
A failure in which an AI generates output that sounds correct but is factually wrong.
Human-in-the-Loop
A design requirement in which a human must review and approve AI output before it causes real-world action.
Large Language Model
A type of AI system trained on vast amounts of text to generate responses to prompts.
Omission
A failure mode in which an AI response leaves out an important constraint, exception, or caveat.
Prompt
The text input you provide to an AI system: a question, instruction, or task.
Prompt Injection
An attack in which malicious content embedded in input is designed to override instructions or cause unsafe behavior.
Prompt Sensitivity
The tendency of AI systems to produce meaningfully different outputs when the same question is phrased slightly differently.
Risk Ladder
The five-level framework used to categorize AI tasks by potential harm and determine the appropriate review level.
Rollback Procedure
A documented process for disabling or reverting an automated AI system.
Scoped Permissions
Access rights deliberately limited to only what a system needs to perform its task.
Security Failure
AI-specific security risks including prompt injection attacks, unsafe access to connected tools, and credential leakage.
Training Data
The large collection of text and other content used to teach an AI system to generate responses.
Reference List
NIST AI Risk Management Framework
Provides a structured framework for identifying, assessing, and managing risk in AI systems.
OWASP Top 10 for Large Language Model Applications
Documents common and critical security risks in deployed AI systems, including prompt injection and excessive agency.
owasp.org/www-project-top-10-for-large-language-model-applications
EU AI Act
Establishes a risk-based regulatory framework for AI systems used in or affecting EU markets.
Primary source: eur-lex.europa.eu (Official EU legislative text)
Mata v. Avianca, Inc. (S.D.N.Y. 2023)
Federal court order sanctioning attorneys who submitted a legal brief containing AI-generated case citations that did not exist. Illustrates hallucination in a professional legal context: the output was polished and looked authoritative; the cases were fabricated.
Case record: CourtListener (free public access) — No. 22-cv-1461 (PKC) (S.D.N.Y. June 22, 2023)
Verify current versions directly with each source. Regulatory and technical standards are updated over time.