AI Governance Hub — The Ozkaya AI Governance Framework (AIGF)

AI Governance Hub — The Ozkaya AI Governance Framework (AIGF)

Related AI and CISO resources: Continue with the AI Security Hub, Zero Trust Strategy Guide, Free CISO Toolkit, and Cybersecurity Leadership Brief.

AI Governance · The AIGF Framework

AI Governance: Every CISO’s Most Urgent Unsolved Problem

AI is already reshaping the threat landscape — faster than most security programmes can adapt. The organisations winning at AI governance aren’t treating it as a separate workstream. They’ve integrated it into their existing security and risk frameworks.

Bottom line up front: The EU AI Act is in force. Your employees are using AI tools you haven’t approved. Your competitors are using AI to attack you. And 78% of organisations have no formal AI governance programme according to Microsoft. I’ve spent years developing the Ozkaya AI Governance Framework (AIGF) specifically because the generic frameworks weren’t built for the speed and complexity of what we’re dealing with. This hub gives you the substance — not the vendor marketing.
78%Have no AI governance programme — Microsoft
$30TAI economic value at stake by 2030 — PwC
65%Of orgs have uncontrolled AI use — IDC
Faster breach escalation via AI attacks — Cisco
2026EU AI Act high-risk compliance deadline
What You’ll Find in This Hub
  1. Why AI Governance Is Urgent Now
  2. The Data Every CISO Needs
  3. The AIGF: 5 Domains Explained
  4. AI as an Attack Vector
  5. AI Risk Classification Table
  6. EU AI Act: What CISOs Must Do
  7. Resources & Toolkit
Why AI Governance Is Urgent Right Now

Let me be honest about what I see in organisations today. The CISO is worried about ransomware and identity threats. The business is rolling out Copilot, ChatGPT Enterprise, and a dozen departmental AI tools — often without telling IT. And the legal team just found out about the EU AI Act. Nobody is coordinating.

This is the AI governance gap. It’s not theoretical — it’s happening right now in most organisations. IDC research from 2025 shows 65% of enterprise AI use is unsanctioned. That means sensitive data is entering external AI systems without data classification, consent analysis, or contractual protection. The organisation doesn’t know what’s being shared, with whom, or how it’s being used for model training.

At the same time, attackers are using AI to craft more convincing phishing, automate vulnerability discovery, accelerate malware development, and generate deepfake audio and video for social engineering. Cisco’s 2025 threat intelligence data shows AI-assisted attacks escalate 3× faster than traditional campaigns. The governance problem and the defensive problem are converging simultaneously.

The Data Every CISO Needs
78%
Of organisations have no formal AI governance programme despite widespread AI tool adoption across the business. The gap between deployment and governance is widest in mid-market enterprises where business units move fast and security moves slower.
Microsoft Digital Defense Report 2024
65%
Of enterprise AI use is unsanctioned — employees using personal AI accounts, free tiers of LLMs, or departmental tools procured without IT review. Your sensitive data is leaving the organisation through channels you cannot see or control.
IDC Future of Work Survey 2025
$30T
In economic value AI is projected to unlock by 2030 — which is exactly why the pressure to adopt AI quickly is overwhelming governance concerns in most organisations. The CISO’s job is not to block AI adoption. It is to make AI adoption secure.
PwC Global Digital Trust Insights 2026
Faster breach escalation in AI-assisted attacks — the dwell time from initial access to data exfiltration is compressing as attackers use AI for automated lateral movement, credential stuffing, and vulnerability exploitation at machine speed.
Cisco Cybersecurity Readiness Index 2025
40%
Of executives cannot identify which AI systems in their organisation process personal data — a critical gap for GDPR compliance and EU AI Act obligations. If you don’t know what your AI is processing, you cannot classify its risk level or apply appropriate controls.
PwC Global Digital Trust Insights 2026
The AIGF: 5 Domains of AI Governance

The Ozkaya AI Governance Framework (AIGF) organises AI governance into five domains that map directly to how security and risk teams already operate. It’s designed to be integrated into existing security programmes — not run as a separate initiative that nobody owns.

Domain 01

AI Inventory & Classification

Build a complete inventory of every AI system in use — sanctioned and shadow. Classify each by risk level: what data does it process? How autonomous are its decisions? What’s the business impact if it fails or is manipulated? You cannot govern what you cannot see, and most organisations cannot see most of their AI.

Domain 02

Data Governance for AI

AI systems are only as trustworthy as their training data and the data they process in operation. This domain covers data quality standards, consent for AI use, data residency requirements, and the critical question of whether sensitive data is flowing into external AI systems without adequate contractual and technical controls.

Domain 03

Model Security & Integrity

AI models face novel attack vectors that traditional security tools don’t address: adversarial inputs that manipulate outputs, model poisoning through corrupted training data, model inversion attacks that extract training data, and prompt injection attacks against LLM-based systems. The OWASP Top 10 for LLMs is your starting point.

Domain 04

Regulatory Compliance

EU AI Act risk classification is not optional for organisations operating in Europe. High-risk AI systems — covering employment decisions, credit scoring, critical infrastructure management, and law enforcement — require conformity assessments, transparency documentation, human oversight mechanisms, and registration in the EU database.

Domain 05

AI Incident Response

AI failures are different from traditional IT incidents. Model drift, bias amplification, and gradual output degradation can cause harm over weeks before anyone notices. AI incident response plans must include model monitoring thresholds, rollback procedures, harm assessment frameworks, and clear escalation paths for AI-related incidents.

AI as an Attack Vector: What You’re Actually Facing

The threat side of AI is moving faster than the governance side. Here’s what I’m seeing in the field and in the intelligence reports:

  • AI-generated phishing — hyper-personalised spear phishing at scale, using scraped LinkedIn, news, and social media data. Click rates are 3-5× higher than generic phishing. Your awareness training hasn’t kept up.
  • Deepfake voice and video — CEO fraud (Business Email Compromise) now includes deepfake audio calls impersonating executives. A UK engineering firm lost £20M in a single deepfake video call authorising a wire transfer.
  • AI-assisted vulnerability discovery — attackers use AI to scan target environments, correlate exposures, and prioritise attack paths faster than any human team can patch.
  • Prompt injection — attackers embed malicious instructions in content that gets processed by your LLM-based applications, causing the AI to exfiltrate data, bypass controls, or take unauthorised actions.
  • Model poisoning in supply chain — compromising AI models during training or through fine-tuning data poisoning to introduce backdoors or biases in models you then deploy.
AI Risk Classification: Quick Reference
AI Use Case EU AI Act Risk Key Requirement
HR recruitment & CV screening HIGH RISK Conformity assessment, human oversight, transparency
Credit scoring & loan decisions HIGH RISK Explainability, audit trail, bias testing
Critical infrastructure management HIGH RISK Full conformity assessment + registration
Customer service chatbot LIMITED RISK Disclosure that it is AI (transparency obligation)
Security anomaly detection LIMITED RISK Human review of high-impact decisions
Marketing personalisation MINIMAL RISK Good practice guidelines, voluntary code
Internal productivity tools (Copilot) MINIMAL RISK Data governance & acceptable use policy
Deepfake generation / manipulation PROHIBITED Banned outright under EU AI Act
The CISOs I see handling AI governance well are the ones who stopped treating it as a separate problem. AI risks map directly onto your existing risk framework — data risk, third-party risk, operational risk, compliance risk. Your existing governance structures can handle AI if you extend them intentionally. What you cannot do is ignore it and hope the business slows down its AI adoption. It won’t.
— Dr. Erdal Ozkaya, Author of 26 Cybersecurity Books & NATO Advisor
EU AI Act: What CISOs Actually Need to Do

The EU AI Act entered into force August 2024. The prohibited AI systems ban is already in effect. High-risk system obligations apply from August 2026. Here’s what your action plan should look like:

  1. Complete your AI inventory — every system, every use case, every vendor. This is non-negotiable and should have started yesterday.
  2. Classify each system against the EU AI Act risk categories. Your legal team needs to be in this conversation.
  3. For high-risk systems: begin conformity assessment, technical documentation, and human oversight design now — you have less time than you think.
  4. For all systems: ensure your AI acceptable use policy is in place, communicated, and enforced. This is your first line of defence against shadow AI.
  5. Appoint an AI governance owner — this cannot sit solely in legal, IT, or security. It needs cross-functional ownership with clear accountability.
AI Governance Resources
📋

CISO Toolkit

AI governance templates, risk assessment frameworks, and board reporting guides for AI risk.

Access Free →

📄

ISO 27001 Toolkit

Information security controls framework — the foundation for AI governance integration.

Download Free →

🎙️

Sentinels Talk Show

AI security and governance conversations with CISOs, regulators, and AI practitioners.

Watch Now →

📚

26 Cybersecurity Books

Dr. Ozkaya’s full published library including titles on AI security and digital transformation risk.

View Library →

🗓️

Book Dr. Ozkaya

Board-level AI governance workshops, CISO advisory sessions, and keynotes on AI risk.

Submit Enquiry →

Take to the Boardroom

What your board needs to hear about AI governance

Three talking points, one metric, one question. Screenshot this for your next board prep.

01

AI governance is not a future problem. Your employees are already pasting customer data into public AI tools today. The first board question is not “what is our AI strategy” — it is “what is currently leaving the building.”

02

Treat AI risk as a data classification problem first, model risk problem second. If you cannot answer where your sensitive data flows, no governance framework on top will save you.

03

The real exposure is third-party AI inside SaaS tools you already pay for. Every vendor is shipping AI features by default. Your existing contracts almost certainly do not cover this.

The Metric That MattersNumber of approved AI tools versus detected AI tool usage on the network — the gap is the shadow AI footprint.
Ask Your TeamWhich of our top 20 SaaS vendors have enabled AI features in the last 12 months, and did our security or privacy team review the change?

AI Governance Is a Board-Level Problem. Let’s Solve It Together.

Most organisations are 12–18 months behind where they need to be on AI governance. The EU AI Act compliance clock is running. I work with executive teams to build AI governance programmes that are practical, proportionate, and actually implemented — not just documented.
Start the Conversation →

AI Governance FAQ — Honest Answers to the Questions CISOs Actually Ask

What is AI governance, and why has it become a CISO problem instead of just a compliance problem?

AI governance is the organizational framework — policy, technical controls, accountability structures, and audit trails — that determines how AI systems are selected, deployed, monitored, and retired safely. It became a CISO problem the moment generative AI moved from research labs to every employee’s browser. Three forces converged in 2024–2025: regulators shipped binding rules (EU AI Act, US Executive Order 14110, ISO/IEC 42001), enterprises woke up to data exfiltration through public AI tools, and boards started asking “who is accountable when our AI gives wrong advice?” The answer is the security function, because nobody else has the operational muscle for continuous risk monitoring. Compliance teams write the policy; CISOs make sure it actually holds in production.

How does the EU AI Act actually affect organizations outside the EU?

Same way GDPR did — extraterritorially. If your AI system affects EU residents, processes EU data, or is offered to EU customers, you’re in scope regardless of where you’re headquartered. The Act categorizes AI systems by risk: prohibited (social scoring, real-time biometric ID in public), high-risk (employment, credit, critical infrastructure, law enforcement), limited-risk (chatbots, deepfakes — transparency obligations), and minimal-risk (most internal tools). High-risk systems require risk management systems, data governance, technical documentation, human oversight, and registration in the EU database. Penalties hit up to €35 million or 7% of global annual turnover — higher than GDPR. If you’re a US, UK, or APAC company touching the EU market, treat this as binding now.

What are the highest-priority controls I should implement for safe enterprise AI use today?

Five controls that compound: (1) inventory every AI system in use, including shadow AI — most organizations don’t know what employees have signed up for, (2) classify by data sensitivity so you know which use cases can touch crown-jewel data and which can’t, (3) enforce data loss prevention at the prompt layer — block sensitive data from leaving your environment via AI APIs or browser plugins, (4) require human review for AI-generated decisions in regulated workflows (hiring, lending, medical, legal), and (5) instrument continuous monitoring for prompt injection, model drift, and output anomalies. The single highest-leverage control is the inventory — you can’t govern what you can’t see, and most enterprises are flying blind on this.

How is ISO/IEC 42001 different from the NIST AI Risk Management Framework, and which should I adopt?

Both, but they serve different purposes. ISO/IEC 42001 is a certifiable management system standard — it tells you how to structure organizational accountability for AI, similar to ISO 27001 for security. NIST AI RMF is a voluntary framework giving you the risk taxonomy, threat modeling approach, and lifecycle controls. Use NIST AI RMF for the practical risk work and ISO 42001 for the governance structure that survives audits. Federal contractors and regulated industries should plan to be ISO 42001 certifiable within 18–24 months. The mistake organizations make is picking one and treating it as comprehensive; they’re complementary, not competing.

How do I handle the “shadow AI” problem — employees using ChatGPT, Claude, Gemini, or Copilot on work data without approval?

Banning doesn’t work. Employees have already adopted these tools, often productively, and prohibition just drives use underground. The realistic playbook: (1) survey honestly to understand what’s actually being used and for what — most organizations are shocked, (2) provide sanctioned alternatives with enterprise data agreements, SSO, and audit logging, so the legitimate path is also the easy path, (3) implement DLP browser controls and CASB policies to block sensitive data leaving via unsanctioned AI tools, (4) update acceptable-use policies with specific examples — vague language fails, and (5) train continuously, not annually. Treat shadow AI like shadow IT was a decade ago: a signal of unmet legitimate need, not a discipline problem.

What should the board be asking the CISO about AI risk, and how should I answer?

Boards should be asking five questions: (1) what AI systems are in use across the enterprise, and who approved them? (2) what is our exposure if an AI system makes a materially wrong decision? (3) how are we complying with applicable regulations and what’s our remediation timeline? (4) how would we know if our AI was being manipulated, and how fast could we respond? (5) what’s our incident response plan when an AI-driven decision causes customer harm? The honest answer to question 1 in most enterprises today is “we don’t fully know” — and that’s the moment the conversation shifts from technology to governance. If your board isn’t asking these yet, brief them. They’ll be asking by the next meeting whether you raised it or not.