Artificial intelligence is no longer a side project. It is inside financial decisioning systems, clinical support tools, procurement workflows, customer-facing interfaces, and operational control systems that run 24 hours a day. As AI moves from the experimental layer into the core of enterprise operations, a question that once seemed abstract is becoming urgently practical: who, inside an organisation, is responsible for making sure these systems behave with integrity?
The honest answer, in most enterprises today, is: nobody — or rather, several different groups simultaneously, each with a partial view, each speaking a different language, and none of them accountable for the full picture.
This article maps the landscape of competing disciplines, explains why fragmentation is becoming operationally dangerous, and sets out the case — carefully and without triumphalism — for why an integrated function called AI Integrity Management may be where this is heading.
Four disciplines, four blind spots
The compliance and governance faction
Driven by the EU AI Act, the NIST AI Risk Management Framework, and ISO/IEC 42001, corporate legal and compliance teams have moved quickly to expand their AI remit. Their terminology — AI Governance, AI Compliance, Model Risk Management — frames AI primarily as a regulatory and liability problem. This faction has significant institutional momentum: the Big Four have built practices around it, and regulatory bodies have invested in the vocabulary.
The structural limitation: compliance frameworks answer "does this system have a policy?" far more readily than "is this system currently behaving in accordance with that policy?" A model that drifts operationally, hallucinates a regulatory clause, or produces outputs inconsistent with its documented values may remain perfectly compliant on paper. The gap between documentation and runtime behaviour is where the governance framing runs out.
The cybersecurity faction
CISOs and their teams argue that AI is fundamentally a software and data system, and software gets attacked. The adversarial risks are real — model poisoning, unauthorised extraction, prompt injection, training data manipulation. Major cybersecurity firms have forecast that "model integrity is the new data integrity" for 2026, and AISPM platforms are being positioned as essential infrastructure.
The structural limitation: traditional security tools detect and block intentional malicious activity. A model that produces inconsistent outputs under edge-case inputs, or exhibits value drift over time, is not a hacked endpoint. These are integrity failures of a different kind — and the security framing has no native vocabulary for them.
The ethics and responsible AI faction
More than 160 published guidelines from governments and corporations have emerged from this tradition. The principles are broadly shared: fairness, transparency, accountability, non-maleficence. The structural limitation — acknowledged by practitioners inside this tradition — is operationalisation. Translating "be fair" into a measurable engineering constraint or a runtime monitoring signal is genuinely difficult. Ethics teams frequently find themselves isolated from the engineers building the systems they are supposed to govern, with no shared toolchain and no common working language.
The operational reliability faction
MLOps practitioners and site reliability engineers frame AI as a performance problem. Their concerns — drift detection, 99.9x availability, catastrophic forgetting, hallucination rates — are technically precise and directly measurable. The limitation is scope: these teams are expert at measuring whether the system works but are not equipped — by training or mandate — to evaluate whether the system is behaving in accordance with its stated values, or whether it is compliant under regulatory scrutiny.
Why fragmentation is becoming dangerous
Each faction captures something real. None captures the whole. And real-world AI failures do not respect departmental boundaries.
When an enterprise AI agent begins producing erratic financial recommendations — is that a compliance violation? A cybersecurity breach? An ethics failure? An operational breakdown? In most cases: all four, depending on the root cause. Determining the root cause requires expertise from all four domains simultaneously. When no single function owns the full picture, investigations stall, accountability diffuses, and the spaces between the silos go unmanaged.
Surveys of AI leaders consistently show that while nearly all organisations now articulate responsible AI commitments, fewer than one in four has a formal AI model governance programme in place. The ambition is cross-functional. The accountability remains fragmented.
The case for AI Integrity Management as an integrating concept
This is the context in which the Tegrity.ai working group at The Integral Management Society — a Swiss non-profit bringing together specialists in decision-support systems, operational intelligence, complex systems governance, and multi-jurisdictional enterprise management — has been developing the hypothesis of AI Integrity Management as the integrating discipline.
Why "integrity"? The word already does meaningful conceptual work across all four domains:
-
- In systems engineering: integrity means the system does what it is designed to do, consistently and verifiably
- In cybersecurity: integrity is a named technical property — the I in the CIA triad
- In corporate governance: integrity describes coherence between stated values and actual behaviour
- In asset management: asset integrity management is an established discipline in critical infrastructure, covering the reliability and safe operation of assets whose failure would be catastrophic
Critically, "integrity" implies something that can be measured, audited, and reported. It points towards a verifiable property rather than a set of aspirational principles. A board can ask "what is the state of our AI systems' integrity?" and reasonably expect a quantitative answer.
What AI Integrity Management would actually cover
In practice, an AI Integrity Management function would span five domains:
1. Operational integrity: Consistent model behaviour, drift detection and response, protection against catastrophic forgetting and hallucination, and incident response tailored to AI failures rather than generic IT outages.
2. Security integrity: Defence against adversarial manipulation — model poisoning, unauthorised extraction, prompt injection, provenance loss, and continuous posture management.
3. Compliance and governance integrity: Alignment with the EU AI Act, NIST AI RMF, ISO/IEC 42001, and sector-specific rules; auditable policy enforcement, risk tiering, and regulatory reporting.
4. Ethical integrity: Consistency between the system's stated values and its actual behaviour — fairness, explainability, bias management, and human-in-the-loop controls that are functional realities rather than compliance checkboxes.
5. Organisational integrity: The human dimension — the change management, the coexistence protocols, and the organisational design required for humans and AI systems to work together in ways that are genuinely integrated rather than merely adjacent. This domain is the one most frequently underweighted in governance discussions, and arguably the most consequential for long-term success.
An honest assessment of the naming question
The working group acknowledges the risks in proposing a new term.
The case for adoption: "AI Ethics" reads as academic to CFOs. "AISPM" is too vendor-specific. "AI Governance" carries the connotation of documentation-heavy process. "Integrity" resonates across corporate governance contexts — data integrity, financial integrity, business integrity are established concepts everywhere. If the term can be attached to concrete, auditor-friendly metrics (integrity hallucination rate, model-provenance latency, Authority-Stack consistency score), it has a credible path to becoming the vocabulary boards use when they want a single indicator of AI system health.
The case against adoption: "AI Governance" has massive institutional inertia — the EU AI Act, NIST, ISO/IEC 42001, and the Big Four have all committed to that vocabulary. Cybersecurity vendors are investing heavily to establish "AI Security" as the dominant frame. There is a real risk that "AI Integrity Management" gets absorbed as a chapter heading inside a governance framework rather than recognised as the overarching concept.
The cybersecurity precedent is instructive. "Cybersecurity" won the naming contest over "information assurance" not just because it was a better term, but because catalysing incidents, regulatory mandates, and vendor ecosystem formation created the conditions for a new function to crystallise. For AI Integrity Management, the analogous conditions are not implausible. None is certain.
The structural argument holds regardless of the name
Whether "AI Integrity Management" becomes the standard term or whether enterprises settle on something else, the structural argument is independent of the naming question.
The organisations that succeed will not be those that wrote the most comprehensive AI ethics charter, or bought the most capable AI security platform, or produced the most detailed AI governance documentation — in isolation. The winners will be those that built a genuinely integrated, cross-functional capability to ensure the holistic integrity of their automated decision-making systems — before a failure forced them to.
The governance gap between aspiration and implementation is real and documented. The question is not whether an integrated function will become necessary. It is whether organisations will build it proactively or reactively.
Top comments (0)