Glossary

AI governance in plain language

A short explanation of the terms that keep coming up around AI agents and oversight. Each one is explained by what it means for governance.

AI agent

A software system built on a language model that does not only answer questions but takes actions in other systems: it sends messages, retrieves data, opens cases or initiates transactions.

Because an agent acts rather than merely suggests, a mistake turns into a real-world consequence, and that is where oversight becomes necessary.

Agentic AI

The term for AI that works through several steps towards a goal and makes its own intermediate decisions along the way, rather than a single question and answer.

The more steps an agent runs on its own, the more places oversight can go missing, and the more it matters that the control sits in the system rather than in good intentions.

Human-in-the-loop (HITL)

A workflow in which a human has to approve an AI action before it is carried out.

What matters for governance is not whether a human was in the loop, but whether that human could actually review the decision. A regulator distinguishes between oversight that could have taken place and oversight that actually did.

Human oversight

The requirement that a human keeps real control over consequential AI decisions and can intervene, halt or reverse them.

EU AI Act Article 14 requires effective human oversight of high-risk AI. Effective means the oversight has to be exercisable in practice, not merely present on paper.

Rubber-stamping

When an approval is given without genuine review, because there was no time, evidence or competence to assess the decision.

Rubber-stamping is the most common way human oversight fails, and it rarely leaves a trace unless the system is built to catch it.

Runtime enforcement

Checking an AI action at the moment it is attempted, and allowing or denying it by fixed rules, rather than relying on instructions or after-the-fact review.

Rules that live only in a document can be bypassed; rules enforced at runtime cannot. That is the difference between a policy and a control.

Model drift

When an AI model's behaviour changes over time, often after a provider update, so that it no longer responds as it did when it was approved.

A model that has drifted can start making wrong decisions without anyone changing anything on purpose, which is why behaviour has to be monitored rather than assumed constant.

Audit trail

A continuous record of what an AI system did, when, on whose behalf, and who approved it.

When a regulator asks why a decision was made, the answer is either a record or a reconstruction, and only the first holds up.

Fail-closed

A design principle where a system stops and denies actions if its control layer cannot be reached, rather than continuing unchecked.

The alternative, fail-open, means the AI keeps running without oversight exactly when the safety layer is down. Fail-closed makes the safe choice the default.

DARMA™

FluxAI's framework for the five things that must be enforced when an AI agent runs in production: Delegation, Authorization, Runtime, Model Integrity and Accountability.

The framework gives a shared language for where oversight can fail, so each layer can be enforced and proven rather than taken for granted.

Model risk management (MRM)

The established discipline in regulated finance for controlling the risk that a model is wrong or misused: a model inventory, independent validation, tiering by materiality, and defined human sign-off.

When AI decisions are treated as models, they fall under the same requirements, and the regulator expects to see them governed in that language.

If you are unsure where your own agents stand, we can walk through it on a call.

Book a conversation