← Back to glossary
Glossary

Three Lines of Defence (AI)

Reviewed 20 March 2026 Canonical definition

The three lines of defence model applied to AI assigns risk ownership to the teams building agents (first line), independent risk and compliance functions (second line), and internal audit (third line). It ensures separation of duties in AI governance.

Related articles

Security How to Monitor Access Control in AI Pipelines Developer Experience CI/CD Integration for AI Agents: Q&A

Related terms

TemperatureThird-Party AI RiskThreat Modelling (AI)TokenToken EconomicsToken Exchange (OAuth)