AI model governance in production - are your controls keeping up?

TL;DR: Many organisations cannot reliably say how many AI models are running in production, which Collibra frames as a governance failure that also creates regulatory exposure. The core issue is that AI governance policies without production-level model controls leave blind spots in ownership, monitoring, lineage and retirement.

NHIMG editorial — based on content published by Collibra: AI model governance in production

By the numbers:

• 72% of organisations have experienced or suspect they have experienced a breach of non-human identities.

Questions worth separating out

Q: How should security teams govern AI models that are already in production?

A: They should treat production models as controlled assets with named ownership, documented purpose, approval history, monitoring thresholds and a clear retirement path.

Q: What breaks when AI model governance stops at the registry?

A: The organisation loses visibility into what is actually running, who owns it and whether its behaviour still matches the approved state.

Q: How do teams know whether model governance is working?

A: They can prove it when every live model is mapped to an owner, a model card, lineage data, monitoring thresholds and a retirement decision trail.

Practitioner guidance

• Reconcile live models against registry records Compare the model registry, deployment logs and application dependencies to find models that are still active but no longer documented or owned.
• Assign durable ownership for every production model Name one accountable business or technical owner per model and force ownership changes when teams or roles change.
• Tie drift thresholds to governance decisions Define the performance threshold that triggers review, restriction, retraining or retirement, and route those alerts to the accountable owner.

What's in the full article

Collibra's full blog post covers the operational detail this post intentionally leaves for the source:

• The model card fields and approval artefacts Collibra expects for production governance.
• How lineage data is connected to model metadata and downstream applications in practice.
• The workflow for drift-triggered escalation, review and retirement decisions.
• How Collibra positions its platform integration for model metadata and audit evidence.

👉 Read Collibra's analysis of AI model governance in production →

AI model governance in production - are your controls keeping up?

Explore further

View Full Forum →  |  NHI Foundation Course →