AI Glossary for Marketers

Governance
AI Glossary for Marketers

This AI glossary for marketers covers the key AI terms relevant to marketing professionals. Use it to clarify terminology, sense-check vendor claims, or get up to speed at your own pace.

Terms range from foundational concepts such as Large Language Models and Retrieval-Augmented Generation, through to governance, data management, and marketing applications including AEO and GEO. Common misconceptions and risks are noted throughout.

Key Terms

These are the AI terms that come up most often in marketing contexts.

What is a Large Language Model (LLM)?

A Large Language Model (LLM) is the technology behind most AI tools marketing teams use today. LLMs are trained on large amounts of text and can write, summarise, answer questions, and hold a conversation.

Example: ChatGPT drafting a campaign brief, or Microsoft Copilot summarising a meeting, are both LLMs in use.

Common misconception: LLMs do not understand content. They predict likely outputs based on patterns in training data, which is why they can produce confident but incorrect responses. This is known as hallucination.

What is Agentic AI?

Agentic AI is AI that works towards a goal independently, carrying out a series of actions without step-by-step instructions from a user.

Example: Instead of asking an AI to write a subject line, you set a goal of improving email open rates. The AI analyses past campaigns, generates and tests variations, and returns a recommendation without further prompting.

Risk: Agentic AI can take actions inside business systems, such as sending emails, updating records, or running campaigns. Without governance and review checkpoints, errors can spread before anyone notices.

What is AI hallucination?

AI hallucination is when an AI produces incorrect information confidently, including fabricated facts, statistics, or sources. Human review should be part of any process that uses AI-generated content.

Example: An AI tool returns industry statistics complete with a cited source. The source does not exist and the figures are fabricated. Without a review step, the content could be published.

Risk: Plausible-sounding hallucinations are the hardest to catch. Verification is particularly important for statistics and any attributed claims.

What is AI Governance?

AI governance is the set of policies and processes that control how AI is used within an organisation. This covers which tools are approved, how data is handled, who is accountable, and how AI decisions are documented.

Example: A governance policy might state that no customer data can be entered into a public AI tool, that AI-generated content requires review before publication, and that new AI tools need IT approval before use.

What Is Human-In-The-Loop (HITL)?

Human-in-the-Loop (HITL) means a human reviews and approves AI output before it reaches a customer or is published. The AI handles volume; the human checks quality, accuracy, and tone.

Example: An AI drafts responses to customer enquiries, but a team member reviews and approves each one before it is sent.

Note: HITL is an accountability mechanism under GDPR and ICO guidelines, not only a quality check.

What Is Shadow AI?

Shadow AI is the use of AI tools by employees without official approval, typically adopted to save time and outside the organisation’s governance framework.

Example: A team member uses a free AI writing tool that is not on the approved software list. No one has checked how the tool handles data entered into it, including any customer information used in prompts.

Risk: Many consumer AI tools train on user inputs. Confidential briefs, customer data, and internal strategies may be incorporated into a model’s training data. A Cloud Access Security Broker (CASB) can identify tools being used without approval.

What is a Customer Data Platform (CDP)?

A Customer Data Platform (CDP) collects customer data from multiple sources and builds a single, unified profile for each individual. It is the data foundation for personalised, AI-driven marketing.

Example: A customer visits your website, opens your email newsletter, and buys in store. A CDP links those three interactions into one profile, which AI tools can use to personalise future communications.

Common misconception: A CDP is often confused with a CRM. A CRM manages active customer relationships and sales. A CDP pulls in data from all sources, including anonymous behaviour, to build a unified profile. Many organisations use both.

What is First-party data?

First-party data is data collected directly from customers through your own channels: your website, emails, CRM, or point of sale. It is given with consent and belongs to your organisation.

Example: A customer completes a preference form on your website. That data belongs to your organisation, was given with consent, and is more reliable than purchased data.

Risk: First-party data is only as useful as the consent framework behind it. Using it in ways customers did not expect still constitutes a GDPR risk.

What is Retrieval-Augmented Generation (RAG)?

Retrieval-Augmented Generation (RAG) connects an AI tool to internal knowledge sources such as documents, databases, or brand guidelines. The AI draws on that material when generating responses, rather than relying on general training data alone.

Why it matters: RAG allows AI to give relevant, business-specific answers. A RAG-enabled chatbot can respond using your actual product catalogue or internal processes.

Risk: If an AI tool can access internal documents, access controls are required. Without them, users may retrieve content they should not have access to.

What is Multimodal AI?

Multimodal AI can process multiple content types at once, including text, images, audio, and video.

Example: A travel brand uploads a 60-second customer video. A multimodal AI transcribes the audio, identifies key moments, pulls a quote for a written testimonial, and drafts an Instagram caption, all in one pass.

What is a context window in AI?

The context window is the amount of information an AI can process in a single interaction. A larger window means you can provide more content at once, such as a full campaign brief or a lengthy document.

Common misconception: A larger context window does not mean the AI gives equal attention to all of it. Research indicates AI models can underweight content in the middle of long inputs. Place critical instructions at the start or end of a prompt.

What is AI orchestration?

AI orchestration is the coordination of multiple AI tools, systems, and data sources within a single automated workflow.

Why it matters: Value comes from connecting AI tools across a marketing stack, CRM, and analytics platforms, not from using any one tool in isolation.

To check whether your tools can connect: look for native integrations in the platforms you already use. If none exist, middleware tools such as Zapier or Make can often bridge the gap. For more complex setups, ask vendors whether their tool supports API access and what that involves.

What is Tool use is AI (Model Context Protocol)?

Tool use is an AI’s ability to interact with external systems such as a CRM, analytics platform, or email tool, rather than only producing text. Model Context Protocol (MCP) is an emerging standard for connecting AI to these systems.

Why it matters: Tool use enables AI to take actions inside business systems, not just generate content.

Risk: An AI with tool use capabilities can modify records, send communications, or trigger workflows. Access permissions should be limited to what the AI genuinely needs.

What is Prompt engineering?

Prompt engineering is the practice of structuring inputs to an AI system to produce reliable, useful outputs. It does not require technical knowledge.

Common misconception: Prompt engineering is not a specialist skill. It is closer to clear written communication: being specific, providing context, and stating the output you want.

 

What is Fine-tuning an AI model?

Fine-tuning is the process of training an existing AI model on your own data so it performs better for specific tasks, such as writing in your brand voice or understanding your product range.

Risk: Fine-tuning carries data compliance implications. Any data used must be handled under the same GDPR obligations as any other processing activity.

Agentic Ai and Workflows

What is the difference between a copilot and an AI agent?

Copilot: An AI assistant that responds when prompted. It supports decisions but does not act independently. Suited to tasks where human judgement should stay central, such as drafting, reviewing, and researching.

Agent: An AI system that works towards a goal with minimal human input. It plans and executes its own steps using the tools it has access to, checking back only when it encounters a significant obstacle.

Risk: A copilot produces an incorrect draft and a human catches it. An agent may have already sent emails, updated records, or published content before the error is noticed. Governance and rollback processes are essential.

What are Autonomous workflows in AI?

Autonomous workflows link multiple AI agents to manage a process from end to end without continuous human input. For example, an SEO agent identifies keyword opportunities, passes them to a content agent, who briefs a social agent to schedule and publish.

Risk: Errors made early in a chain carry through to every subsequent step. Review points between agents, not only at the end, help catch problems before they compound.

What is AI observability?

AI observability is the ability to monitor and audit how AI systems perform over time, including tracking outputs, flagging anomalies, and recording decisions.

Why it matters: Necessary for compliance, performance management, and identifying problems early.

What is Shadow data?

Shadow data is sensitive data held within an organisation that is not formally tracked or governed. It is often created unintentionally by AI tools generating logs, caching responses, or duplicating records.

Risk: Under GDPR, organisations must know what personal data they hold and be able to delete it on request. Data that is not tracked cannot be protected.

What is Prompt injection?

Prompt injection is an attack technique where hidden instructions are embedded in user inputs to manipulate an AI system into bypassing its guidelines or exposing sensitive information.

Example: A support request contains hidden text instructing the AI to ignore its guidelines and return confidential system data.

Risk: A real threat for any AI tool that accepts free-text input from external users. Security testing and input validation are required safeguards.

What is an AI gateway?

An AI gateway is a security layer between your internal systems and external AI platforms. It checks data before it is sent to a third-party tool and blocks or removes sensitive content, such as customer PII or confidential business information, before it leaves your network.

What is Zero Trust in the context of AI?

Zero Trust is a security model where no tool, system, or user is given automatic access. All access must be verified. As AI tools connect to more business systems, Zero Trust defines what each tool can and cannot access.

What are Zombie APIs?

Zombie APIs are connections between software tools that are still active but no longer monitored. They can become entry points into your systems, particularly as AI tools connect to more of your infrastructure.

Risk: Integrations added during campaigns or technology trials are often not closed when the work ends. Each open connection is a potential vulnerability.

What is the ICO and why does it matter for AI?

The Information Commissioner’s Office (ICO) is the UK regulator for data and privacy. Where AI systems make decisions affecting UK citizens, including personalisation, targeting, or automated communications, the ICO expects organisations to be able to explain how those decisions are made.

Risk: Non-compliance can result in significant fines and reputational damage.

What is GDPR and how does it apply to AI in Marketing?

GDPR (General Data Protection Regulation) is the legal framework for how personal data is collected, stored, and used in the UK and EU. Any AI tool that processes customer data must comply with GDPR. Fines for breaches can reach £17.5 million or 4% of global annual turnover.

Common misconception: Using a reputable AI vendor does not transfer GDPR responsibility. The organisation using the tool remains the data controller and is responsible for what data is sent, how it is processed, and whether customers have consented to that use.

What is a Data Protection Impact Assesment (DPIA)?

A Data Protection Impact Assessment (DPIA) is a formal review carried out before deploying any system that processes personal data. It identifies and addresses privacy risks in advance.

Risk: A DPIA is a legal requirement in many cases, not a procedural formality. It should be completed before deployment, not after.

What is Data residency?

Data residency is the legal requirement to store and process data within a specific country or region. When assessing a cloud-based AI platform, confirm where customer data is stored. Storing UK customer data in a country with weaker protections can create compliance problems.

Common misconception: Many AI platforms default to US-based storage. This is not automatically a breach, but it requires safeguards such as Standard Contractual Clauses to be in place.