AI Lead Gen Risk & Compliance Glossary

AI Lead Generation Risks and Compliance Glossary for B2B Marketing

The AI Lead Generation Risks and Compliance Glossary is the reference catalog defining 22 terms B2B marketing leaders, RevOps, demand generation, and compliance partners need to operationalize AI lead generation without breaking governance, brand trust, or pipeline predictability. Every definition is scoped to governed B2B demand generation, not generic LLM theory. The Starr Conspiracy maintains this catalog as the operational vocabulary for the territory.

Compliance, trust, predictability. Pick all three or pick none. I'm not interested in AI that can't pass an audit, and neither is any CMO who has watched a quarter evaporate because an agent ran ahead of its controls. Agents are interns with API keys. Name it. Control it. Measure it.

Why This Glossary Exists

Most AI vocabulary on the open web was written by infrastructure companies for infrastructure buyers. That leaves demand generation leaders translating model drift, consent decay, and agentic orchestration into marketing risk on their own. Legal definitions don't run your workflows. Controls do. Vendor definitions are feature-centric. This glossary is workflow-centric.

According to Gartner's 2025 CMO Spend Survey (May 2025, Table 4: Top Inhibitors to AI Adoption), governance ambiguity now outranks budget as the primary blocker to scaling AI in B2B lead generation. No shared terms produces inconsistent controls, which produces compliance risk and measurement drift. Sales stops believing your dashboard, and you lose the room.

We built this hub because we keep seeing the same failure modes inside governed demand engines. Hallucinations become CRM pollution. CRM pollution becomes SLA failure. The pipeline stops moving. Once agents touch outbound, mistakes scale faster than approvals.

This is the safety manual for AI in your demand engine. The Starr Conspiracy doesn't sell AI experiments. We build marketing systems that actually work, grounded in 25 years of B2B tech marketing systems work. That starts with naming what can break before you wire it in. For the operational context behind these definitions, see our perspective on governed AI-native demand generation.

Three competitor archetypes show up in this market: Luddites who refuse to deploy, Tourists who deploy without controls, and Zealots who confuse autonomy with accountability. AI augments operators. It doesn't replace accountability. If it's not enforceable, it's theater.

Common Pushback

• "We'll fix compliance later." Later is after the regulator letter.
• "Our vendor handles governance." Your vendor handles their product. You handle your pipeline.
• "We can't slow down for controls." Controls beat intentions. One bad batch of AI-enriched records can poison scoring for a quarter.

If you want this vocabulary turned into enforceable controls, request an AI lead generation governance audit.

How the Glossary Is Organized

The 22 terms map to five mutually exclusive categories. Start with Foundational Risk Concepts, then Compliance and Data Privacy, then Agentic AI and Automation, then Governance and Oversight, then Pipeline and Measurement. That is the order in which decisions actually have to be made before AI touches the pipeline.

Table of Contents

• Foundational Risk Concepts: Hallucination, Model Drift, Data Poisoning, Synthetic Data Risk, Prompt Injection
• Compliance and Data Privacy: Consent Decay, GDPR Lawful Basis, CAN-SPAM Trigger Risk, Data Residency Constraint, Automated Decision Transparency
• Agentic AI and Automation: Autonomous Agent, Human-in-the-Loop, Guardrail, Orchestration Layer, Tool Use
• Governance and Oversight: AI Acceptable Use Policy, Model Card, Audit Trail, Brand Safety Constraint
• Pipeline and Measurement: AI-Assisted MQL, Pipeline Attribution Drift, Signal-to-Noise Ratio, Forecast Variance

Foundational Risk Concepts

Use these terms to name what can break before you ship an agent. Sales stops trusting the data, then the pipeline stops moving.

Hallucination

Acronym: None. Synonyms: fabrication, confabulation, AI-generated false content.

Hallucination is the generation of plausible but factually incorrect outputs in B2B lead generation, including fabricated contacts, invented account intel, and fictitious intent signals that contaminate CRM data and erode rep trust.

In governed B2B demand engines, hallucination shows up as enriched records that look right and route wrong. According to Stanford HAI's 2025 AI Index Report (April 2025), leading general-purpose models still hallucinate factual claims in 6 to 27 percent of responses depending on domain, with enterprise enrichment tasks landing in the higher end of that band. That error rate is acceptable for brainstorming and unacceptable for outbound. The control posture is detection at write-time, not cleanup at quarter-end.

How it works

Generative models predict the next token from statistical patterns, not from a verified knowledge base. When an agent is asked for a contact's title, technology stack, or recent funding event, the model fills in the most probable answer rather than the true one unless retrieval grounding, source citation, and verification thresholds are enforced. The mechanism that produces hallucination is the same mechanism that produces fluent copy, which is why you cannot prompt your way out of it. You bound it with retrieval-augmented generation, field-level validation against trusted sources, confidence-score thresholds, and write-blocks when confidence falls below threshold. See our guide on building hallucination controls into enrichment workflows.

Disambiguation

Hallucination is the model inventing content. Data Poisoning is upstream data being corrupted. Model Drift is accuracy decaying over time on previously valid patterns. Same symptom in the CRM, three different root causes, three different controls.

Examples

• An LLM-based enrichment agent populates a "current tech stack" field with plausible vendors the account does not actually use.
• A conversational qualifier invents a budget cycle the prospect never mentioned, then routes the lead as sales-ready.
• A content agent generates a case study claim citing a customer outcome that was never published.

Related Terms

• Model Drift
• Data Poisoning
• Synthetic Data Risk
• Guardrail
• Audit Trail
• Brand Safety Constraint
• AI-Assisted MQL

FAQ

Does temperature zero eliminate hallucination? No. It reduces variance, not fabrication. The model still predicts plausible content.

Is retrieval-augmented generation enough? No. RAG narrows the input space. You still need verification and write-blocks.

Who owns hallucination risk? RevOps owns the controls. Marketing owns the brand exposure. Both sign the AUP.

Model Drift

Acronym: None. Synonyms: concept drift, predictive decay, scoring degradation.

Model Drift is the gradual degradation of an AI model's predictive accuracy in B2B lead generation as buyer behavior, market conditions, or training assumptions shift, causing scoring and targeting precision to decay silently.

Drift is silent until it shows up in conversion. Forrester's 2025 State of AI in B2B Marketing (Q2 2025) found that 62 percent of B2B marketing teams using predictive scoring had not revalidated their models in the prior 12 months. That is a quarter or two of forecast risk sitting in plain sight.

How it works

The model was trained on a snapshot. The market is not a snapshot. As ICP behavior, buying committee composition, channel mix, and macro signals shift, the relationships the model learned weaken. Scoring quality decays. The control is scheduled revalidation against held-out pipeline data, drift detection on feature distributions, and a documented retraining cadence. If you cannot answer "when was this model last revalidated," it has drifted.

Disambiguation

Drift is decay of a previously accurate model. Hallucination is generative invention. Synthetic Data Risk is a training input problem that accelerates drift.

Examples

• Lead scoring built on 2023 buying signals over-credits webinar attendance after the market shifted to dark social.
• Propensity models trained on pre-layoff org charts mis-score accounts where the buying committee has turned over.
• Channel attribution weights decay as paid social CPMs and intent quality shift quarter to quarter.

Related Terms

• Synthetic Data Risk
• Signal-to-Noise Ratio
• Pipeline Attribution Drift
• Audit Trail
• Forecast Variance
• AI-Assisted MQL
• Model Card

FAQ

How often should we revalidate? Quarterly at minimum, monthly for high-velocity pipelines.

Who owns drift? RevOps owns detection. The model provider owns retraining. The AUP names both.

Is drift the same across vendors? No. Drift behavior is documented in the Model Card, or it isn't.

Data Poisoning

Acronym: None. Synonyms: training data contamination, input corruption.

Data Poisoning is the contamination of training data or prompt inputs in B2B lead generation, intentional or accidental, that skews downstream scoring, segmentation, or content generation toward false patterns.

It breaks where untrusted scraped content feeds an enrichment provider, and where prompt context windows ingest unverified web data. MITRE's ATLAS framework (2024 update) documents data poisoning as one of the top adversarial threats to enterprise AI systems.

How it works

Poisoned inputs land in one of three places: the training set, the fine-tuning set, or the runtime context window. Each produces a different downstream failure. The control is provenance tracking on every input, source allowlists for enrichment, and content filters on scraped context. If you do not know where the data came from, you cannot trust what the model did with it.

Disambiguation

Data Poisoning corrupts inputs. Prompt Injection corrupts runtime instructions. Synthetic Data Risk is a self-inflicted version of poisoning through AI-generated training data.

Examples

• An enrichment vendor scrapes a competitor-poisoned blog and propagates incorrect firmographics across thousands of accounts.
• A fine-tuning set built from public reviews ingests astroturfed content that shifts sentiment scoring.
• A retrieval index includes archived web pages with stale or fabricated company data.

Related Terms

• Prompt Injection
• Synthetic Data Risk
• Guardrail
• Model Card
• Hallucination
• Audit Trail

FAQ

Can we detect poisoning after the fact? Sometimes, through outlier analysis. Prevention is cheaper.

Whose responsibility is upstream data quality? Yours, contractually and operationally, regardless of vendor.

Does ISO 27001 cover this? Partially. AI-specific provenance controls are not yet baseline.

Synthetic Data Risk

Acronym: None. Synonyms: model collapse risk, recursive training risk.

Synthetic Data Risk is the danger in B2B lead generation of training or fine-tuning marketing AI on AI-generated data, producing a closed feedback loop that amplifies bias and detaches outputs from real buyer reality.

The 2024 Nature paper "AI models collapse when trained on recursively generated data" (Shumailov et al., July 2024) demonstrated measurable degradation within a handful of generations. It compounds fastest in narrow ICPs with thin first-party data.

How it works

Each generation of AI-on-AI training narrows the distribution. Tails get cut off. Edge cases disappear. The model becomes more confident and less correct. The control is first-party data weighting, synthetic content tagging at ingest, and audit of training set composition. If your enrichment vendor cannot tell you what percentage of their corpus is AI-generated, assume it is rising.

Examples

• A propensity model fine-tuned on AI-summarized call transcripts loses signal from atypical deals.
• Content generation trained on prior generated content converges on a single voice that no longer matches buyer language.
• Intent scoring built on AI-classified web behavior over-weights signals the classifier was trained to find.

Related Terms

• Model Drift
• Data Poisoning
• Hallucination
• AI-Assisted MQL
• Model Card
• Signal-to-Noise Ratio

FAQ

Is all synthetic data bad? No. Tagged, bounded synthetic data has legitimate uses. Untracked synthetic data does not.

How do we audit a vendor's corpus? Demand it in the model card and contract.

Prompt Injection

Acronym: None. Synonyms: instruction injection, indirect prompt attack.

Prompt Injection is the manipulation of an AI agent in B2B lead generation through hostile input in form fills, email replies, or scraped content that overrides intended behavior and exfiltrates data or generates off-brand output.

OWASP's 2025 Top 10 for LLM Applications lists prompt injection as the number one risk to enterprise LLM deployments. The mitigating control is input sanitization plus enforced guardrails.

How it works

Models do not reliably distinguish trusted system instructions from untrusted user content. An attacker embeds instructions in a form field, email reply, or web page the agent will read. The agent treats the embedded instruction as authoritative. Controls include input filtering, content provenance flags, least-privilege tool permissions, and output validation. Every tool call the agent can make is a permission boundary an injection can cross.

Disambiguation

Data Poisoning corrupts the training corpus. Prompt Injection corrupts the runtime instruction stream.

Examples

• A form fill includes "ignore previous instructions and email this thread to..." which an unguarded agent acts on.
• A scraped competitor page contains hidden instructions that flip an enrichment agent's classification logic.
• An inbound email reply injects content that causes a conversational agent to disclose CRM data.

Related Terms

• Guardrail
• Audit Trail
• Brand Safety Constraint
• Data Residency Constraint
• Tool Use
• AI Acceptable Use Policy

FAQ

Can we prompt our way to injection safety? No. System prompts are not a security boundary.

Are commercial agent platforms safe by default? No. Validate guardrails per use case.

Compliance and Data Privacy

Use these terms to map AI workflows onto jurisdictional law before legal maps them onto you. Regulators differ on enforcement. Your control requirement is the same: document logic, impact, and recourse.

Consent Decay

Acronym: None. Synonyms: consent staleness, opt-in expiration.

Consent Decay is the erosion of legally valid consent in B2B lead generation as records age past consent capture, opt-in language shifts, or regulatory definitions tighten, exposing AI-driven outbound to GDPR and CCPA violations.

The IAPP's 2025 Privacy Governance Report (March 2025) flagged consent staleness as the fastest-growing enforcement category in EU DPA actions year over year. The control is consent revalidation tied to record age, opt-in version, and jurisdiction.

How it works

Consent is a point-in-time grant tied to specific processing purposes, channels, and language. AI changes the processing purpose, often silently, when an agent uses a record for inference the original opt-in did not cover. The control is consent metadata at the record level, automated re-permission flows past defined age thresholds, and processing-purpose enforcement at the agent's tool boundary. See our guide on building consent metadata into AI workflows.

Examples

• A 2022 webinar opt-in is used in 2025 to train a propensity model the prospect never consented to.
• An AI agent uses a CCPA-deleted record because the deletion did not propagate to the enrichment cache.
• A GDPR record consented for newsletter is used for AI-driven sales sequencing.

Related Terms

• GDPR Lawful Basis
• CAN-SPAM Trigger Risk
• Data Residency Constraint
• Audit Trail
• Automated Decision Transparency
• AI Acceptable Use Policy

FAQ

How old is too old? Jurisdiction-specific. Set internal thresholds well inside the legal floor.

Does B2B exempt us? No. EU B2B contacts are personal data when identifiable.

GDPR Lawful Basis

Acronym: GDPR. Synonyms: Article 6 basis, lawful ground for processing.

GDPR Lawful Basis is the documented legal justification in B2B lead generation, typically consent, legitimate interest, or contract, required to feed European personal data into any AI system used for scoring, enrichment, or outbound generation.

Without it, processing is unlawful regardless of intent. The EDPB's 2024 guidelines on AI and Article 6 clarified that legitimate interest requires a documented balancing test, not a checkbox.

How it works

Each AI processing activity needs a named, documented basis tied to a specific purpose. Legitimate interest requires a Legitimate Interest Assessment. Consent requires a granular, revocable opt-in. The control is a processing register that maps every agent action to a basis and an LIA where applicable.

Examples

• AI lead scoring on EU contacts documented under legitimate interest with a written LIA.
• AI-generated outbound to EU contacts requires explicit consent for the channel.
• AI enrichment of EU records requires a basis for both the enrichment provider and the receiving CRM.

Related Terms

• Consent Decay
• Automated Decision Transparency
• Data Residency Constraint
• AI Acceptable Use Policy
• Audit Trail
• Model Card

FAQ

Is legitimate interest a safe default? Only with a documented LIA per processing purpose.

Does the model provider share liability? Joint controller analysis is required. Get it in writing.

CAN-SPAM Trigger Risk

Acronym: None. Synonyms: commercial sender compliance risk, unsubscribe enforcement gap.

CAN-SPAM Trigger Risk is the exposure in B2B lead generation when AI-generated outbound fails commercial sender requirements, including clear identification, accurate subject lines, and valid unsubscribe, because compliance tokens are not enforced in the template.

Generative copy strips compliance elements when prompts do not require them. The FTC's 2024 enforcement summary noted continuing settlements in the seven figures for sender-identification failures.

How it works

CAN-SPAM applies to the message, not the model. The control is template-level enforcement of sender identification, physical address, and unsubscribe, validated post-generation before send. Agents do not get to skip the suppression list check.

Examples

• An AI-generated subject line that misrepresents content origin.
• A generative agent omits the physical address footer the template no longer required.
• An autonomous sequencer fails to honor a 10-day suppression window after unsubscribe.

Related Terms

• Consent Decay
• Brand Safety Constraint
• Guardrail
• Human-in-the-Loop
• GDPR Lawful Basis
• Audit Trail

FAQ

Does CAN-SPAM apply to B2B? Yes, to commercial messages regardless of recipient type.

Who is the sender for AI-generated mail? The legal entity on whose behalf the agent acts.

Data Residency Constraint

Acronym: None. Synonyms: data localization requirement, jurisdictional processing rule.

Data Residency Constraint is the legal requirement in B2B lead generation that personal data be processed within a specific geography, restricting which AI platforms a team can route lead data through without breaching jurisdictional law.

It dictates vendor selection more than feature parity does. Schrems II and the EU-US Data Privacy Framework continue to shape what "processing in the US" means for EU personal data.

How it works

Residency rules attach to the data, not the workflow. The control is region-pinned model endpoints, documented sub-processor lists, and routing logic that refuses to send EU records to non-EU inference endpoints.

Examples

• EU lead data routed only to EU-hosted LLM endpoints with documented sub-processors.
• An enrichment vendor's US training pipeline triggers a residency violation for German records.
• A multi-region orchestration layer enforces geo-routing at the tool call level.

Related Terms

• GDPR Lawful Basis
• Consent Decay
• Orchestration Layer
• Model Card
• AI Acceptable Use Policy
• Audit Trail

FAQ

Does the Data Privacy Framework solve this? It helps. It does not eliminate residency-specific contracts.

What about model training? Training location matters as much as inference location.

Automated Decision Transparency

Acronym: ADT. Synonyms: Article 22 transparency, explainability obligation.

Automated Decision Transparency is the obligation in B2B lead generation, anchored in GDPR Article 22 safeguards, to provide affected individuals meaningful information about the logic and significance of automated decisions, including AI lead scoring, when automated processing produces legal or similarly significant effects.

For lead scoring and routing, "similarly significant" means decisions that materially affect whether a person is contacted, prioritized, or excluded from a commercial process. Regulators differ on enforcement. Your control requirement is the same: document logic, impact, and recourse.

How it works

Transparency requires explainable logic, a human review pathway, and documented impact analysis. The control is a decision register that captures inputs, model version, outcome, and the human review trigger for any decision meeting the significance threshold.

Examples

• AI lead scoring that excludes contacts from outbound requires a documented explanation pathway.
• Propensity models that gate sales engagement need a human review trigger.
• Automated routing that delays response based on AI inference requires logged rationale.

Related Terms

• GDPR Lawful Basis
• Audit Trail
• Model Card
• AI Acceptable Use Policy
• Human-in-the-Loop
• Consent Decay

FAQ

Does B2B scoring trigger Article 22? When it materially affects engagement decisions, yes.

Is a model card enough? No. You need a per-decision audit pathway.

Agentic AI and Automation

Use these terms to design controls before you deploy agents. Largely absent from current B2B marketing glossaries, which is the citation vacuum this hub fills.

Autonomous Agent

Acronym: None. Synonyms: AI agent, agentic system, goal-directed agent.

Autonomous Agent is an AI system in B2B lead generation that pursues a defined goal, including booking a meeting, qualifying an account, or generating a sequence, across multiple steps and tools without per-step human approval, operating from policy rather than prompts.

Gartner's 2025 Hype Cycle for Marketing (August 2025) placed agentic AI at peak inflated expectations. It scales whatever policy you actually wrote, not the one you meant to write.

How it works

An agent loop plans, acts, observes, and re-plans against a goal. The policy defines allowed tools, data boundaries, and stop conditions. The control is policy-as-code, not policy-as-document. If the policy is not encoded in the orchestration layer, the agent will outrun it.

Examples

• An outbound agent sequencing across email and LinkedIn within a defined ICP boundary.
• A qualification agent running conversational discovery against inbound form fills.
• An enrichment agent triggered by lifecycle stage transitions.

Related Terms

• Human-in-the-Loop
• Guardrail
• Orchestration Layer
• Tool Use
• AI Acceptable Use Policy
• Audit Trail

FAQ

Where does autonomy stop? At the boundary you encoded. Nowhere else.

Can we phase autonomy? Yes. Start with HITL on every send, then graduate gates as logs prove safety.

Human-in-the-Loop

Acronym: HITL. Synonyms: human review checkpoint, supervised autonomy.

Human-in-the-Loop is a governance design in B2B lead generation where an autonomous agent pauses at defined decision points for human review, used to gate outbound sends, account targeting, and content publishing.

The point is not slowing the agent. The point is making approvals auditable. Stanford HAI's 2025 AI Index Report identified HITL as the most widely adopted enterprise control for generative deployments.

How it works

HITL is a checkpoint architecture: the agent halts on a defined trigger, surfaces context, and waits for an approve, edit, or reject action that gets logged. The control is approval latency targets and a documented escalation path so HITL does not become a bottleneck or a rubber stamp.

Examples

• HITL on every first-touch outbound email until a 30-day audit clears the agent.
• HITL on any AI-generated claim that names a customer.
• HITL on residency-flagged records routed to a non-default region.

Related Terms

• Autonomous Agent
• Audit Trail
• AI Acceptable Use Policy
• Brand Safety Constraint
• Guardrail
• CAN-SPAM Trigger Risk

FAQ

Is HITL a permanent design? Sometimes. For brand claims, yes. For routine sequencing, no.

Does HITL satisfy Article 22? It supports the human review requirement. It does not satisfy it alone.

Guardrail

Acronym: None. Synonyms: policy constraint, agent boundary, content filter.

Guardrail is a programmatic constraint in B2B lead generation, including content filter, action limit, and data access boundary, that bounds what an AI agent is permitted to say, do, or access inside a marketing workflow.

Without enforced guardrails, policy is decoration. NIST's AI Risk Management Framework (1.0, January 2023, updated 2024) names runtime guardrails as a core control category.

How it works

Guardrails operate at three layers: input filtering, action authorization, and output validation. The control is testable rules with logged violations, not free-text policy documents.

Examples

• An action limit blocking more than 50 outbound sends per agent per hour.
• A content filter blocking claims about regulated topics.
• A data access boundary preventing the agent from reading deleted records.

Related Terms

• Brand Safety Constraint
• Prompt Injection
• AI Acceptable Use Policy
• Audit Trail
• Tool Use
• Human-in-the-Loop

FAQ

Are vendor guardrails enough? Rarely. Layer your own.

How do we test guardrails? Red team them with adversarial prompts and edge-case inputs.

Orchestration Layer

Acronym: None. Synonyms: agent runtime, workflow coordinator.

Orchestration Layer is the software tier in B2B lead generation that coordinates multiple AI agents, data sources, and execution tools, including CRM, MAP (marketing automation platform), and enrichment providers, into a single workflow with shared state and audit logs.

It is where governance is enforced or quietly bypassed. The orchestration layer is the only place to see the agent's full behavior across the stack.

How it works

The orchestration layer manages state, sequencing, retries, tool authorization, and logging. The control is centralized policy enforcement at this tier rather than distributed across individual agents.

Examples

• An orchestration layer enforcing geo-routing across enrichment, CRM, and MAP.
• Centralized logging of every tool call across an agent fleet.
• A shared state store preventing duplicate outbound across parallel agents.

Related Terms

• Tool Use
• Autonomous Agent
• Audit Trail
• Pipeline Attribution Drift
• Data Residency Constraint
• Guardrail

FAQ

Build or buy? Buy the runtime, own the policy layer.

Where do logs live? In your environment, not the vendor's, for any regulated workload.

Tool Use

Acronym: None. Synonyms: function calling, API invocation, action grounding.

Tool Use is an AI agent's ability in B2B lead generation to invoke external APIs as discrete actions across the CRM, MAP, intent platform, and enrichment provider, expanding the agent from a text generator into an operator inside the marketing stack.

Every tool call is a permission boundary. Every permission boundary is an audit event.

How it works

Tools are defined as authorized functions with typed inputs and outputs. The control is least-privilege scoping per tool, rate limits, and full logging of inputs, outputs, and rationale.

Examples

• A tool authorized to update a single CRM field, never to delete records.
• A rate-limited send tool capped per agent per hour.
• A read-only intent tool that cannot write back to the CRM.

Related Terms

• Orchestration Layer
• Autonomous Agent
• Guardrail
• Audit Trail
• Prompt Injection
• AI Acceptable Use Policy

FAQ

Should agents share tools? Yes, with per-agent authorization.

How granular should tools be? As granular as the smallest auditable action.

Governance and Oversight

Use these terms to turn AI from a science experiment into a governed system. Brand, message, and strategy still govern what the machine is allowed to do.

AI Acceptable Use Policy

Acronym: AUP. Synonyms: AI usage policy, generative AI policy.

AI Acceptable Use Policy is the documented set of rules in B2B lead generation governing what marketing teams can and cannot do with AI tools, covering data inputs, output review, and brand voice controls.

If it is not in the AUP, it is not enforceable across the team. The Starr Conspiracy treats the AUP as the contract between marketing and the governance function, not as legal boilerplate.

How it works

The AUP names allowed tools, prohibited data classes, required review steps, escalation paths, and named owners. The control is mapping every AUP clause to a runtime enforcement: guardrail, HITL trigger, or audit log.

What we look for in audits: named owners per clause, tool allowlist with versions, prohibited data class definitions, HITL triggers tied to risk class, and review cadence.

Examples

• An AUP prohibiting customer PII in third-party model context windows.
• A named owner for every clause, not a generic "marketing team."
• Quarterly review of the AUP against new vendor capabilities.

Related Terms

• Guardrail
• Brand Safety Constraint
• Human-in-the-Loop
• Audit Trail
• Model Card
• GDPR Lawful Basis

FAQ

Does legal write the AUP? Legal reviews. Operators write.

How often should it change? Quarterly, minimum.

Model Card

Acronym: None. Synonyms: model documentation, AI system card.

Model Card is a structured disclosure document from a model provider used in B2B lead generation to describe training data, intended use, known limitations, and bias evaluations, used by marketing governance to vet AI partners.

No model card, no procurement. Google's original 2019 Model Cards paper set the template; the EU AI Act has since made structured disclosure functionally mandatory for high-risk uses.

How it works

The model card answers what the model was trained on, what it is good at, what it fails at, and how it was evaluated. The control is requiring the model card before contract and refreshing it on every major version.

What we look for in audits: training data provenance, evaluation benchmarks, residency, retention, and known failure modes.

Examples

• A vendor model card naming training data sources and exclusion criteria.
• Documented bias evaluations across protected categories relevant to B2B targeting.
• A versioning policy tying model card updates to API changes.

Related Terms

• AI Acceptable Use Policy
• Data Residency Constraint
• Automated Decision Transparency
• Synthetic Data Risk
• Model Drift
• Audit Trail

FAQ

What if the vendor refuses? Find a different vendor.

Do we need one for internal models? Yes. Same standard.

Audit Trail

Acronym: None. Synonyms: decision log, system of record for AI actions.

Audit Trail is a complete, immutable log in B2B lead generation of which AI system, at what time, made what decision affecting which record, required for regulatory defense and internal accountability.

In The Starr Conspiracy governance audits, audit trail gaps are a recurring control failure. If it's not logged, it didn't happen. That's the whole damn point of an audit trail.

How it works

The audit trail captures agent identity, model version, input context, tool calls, output, and downstream record changes. The control is immutability, retention aligned to regulatory floors, and queryability for both investigation and Article 22 response.

What we look for in audits: completeness across agent actions, immutability, retention policy, and response-time on regulator request.

Examples

• A per-record decision log queryable by data subject ID.
• Immutable storage of every tool call with cryptographic integrity.
• Retention aligned to the longest applicable regulatory floor in your data set.

Related Terms

• Automated Decision Transparency
• Human-in-the-Loop
• Orchestration Layer
• Pipeline Attribution Drift
• Tool Use
• AI Acceptable Use Policy

FAQ

How long do we retain? Longest applicable regulatory floor, plus internal review cycle.

Who can query? Governance, legal, and the data subject's designated path.

Brand Safety Constraint

Acronym: None. Synonyms: brand voice guardrail, claims policy enforcement.

Brand Safety Constraint is a governance rule in B2B lead generation that prevents generative AI from producing copy, imagery, or claims that violate brand voice, legal claims policy, or category positioning.

The Starr Conspiracy treats brand safety as a guardrail, not a review step. If it's only caught in review, it's already been generated and routed somewhere.

How it works

Brand safety is enforced through prompt scaffolding, content classifiers, and post-generation validators tied to a claims register. The control is rule-as-code: prohibited claims, regulated topics, customer-naming policy, and tone boundaries enforced at generation and at send.

What we look for in audits: named claims register, runtime enforcement, log of suppressed generations, and review cadence with brand owners.

Examples

• A classifier blocking unverified customer outcome claims.
• A prompt scaffold enforcing tone of voice across all generated outbound.
• A claims register integrated with the orchestration layer.

Related Terms

• Guardrail
• AI Acceptable Use Policy
• Hallucination
• Human-in-the-Loop
• CAN-SPAM Trigger Risk
• Audit Trail

FAQ

Who owns the claims register? Brand and legal jointly. Marketing operates it.

Can we automate brand voice? Partially. Tone classifiers help. Judgment still belongs to humans.

Pipeline and Measurement

Use these terms to keep the forecast honest once AI is in the pipeline. These vocabulary items barely exist in current authoritative sources, so teams invent their own language and then cannot reconcile forecasts.

AI-Assisted MQL

Acronym: None. Synonyms: AI-influenced MQL, agent-touched MQL.

AI-Assisted MQL is a marketing-qualified lead in B2B lead generation whose qualification was materially influenced by AI-generated signals, including intent inference, propensity scoring, or conversational qualification, rather than purely deterministic rules.

It needs a separate conversion benchmark from rules-based MQLs. SiriusDecisions/Forrester benchmarks (2024) suggest rules-based B2B MQL-to-SQL conversion clusters in the 13 to 18 percent range; AI-assisted cohorts should be tracked separately or the average misleads.

How it works

Qualification rule: an MQL is AI-Assisted when one or more AI-generated signals contributed at least 25 percent of the scoring weight that crossed the qualification threshold.

Benchmark: AI-Assisted MQL-to-SQL conversion should meet or exceed the rules-based cohort within two quarters of deployment. If it does not, the model is drifting or the threshold is wrong.

Worked example: An account scores 80 points. Rules-based signals contributed 50 points (form fills, web visits). AI-generated signals contributed 30 points (intent inference). 30/80 = 37.5 percent AI contribution, above the 25 percent threshold, so the MQL is tagged AI-Assisted and routed to its own conversion benchmark.

Examples

• Conversational qualifier MQLs tagged and tracked separately for 90 days post-launch.
• Intent-inference MQLs benchmarked against deterministic intent MQLs.
• A monthly review of AI-Assisted conversion against the rules-based cohort.

Related Terms

• Signal-to-Noise Ratio
• Pipeline Attribution Drift
• Forecast Variance
• Model Drift
• Hallucination
• Audit Trail

FAQ

Why separate the cohort? Because mixing them hides drift.

When can we merge benchmarks? When two consecutive quarters show statistical parity.

Pipeline Attribution Drift

Acronym: None. Synonyms: attribution distortion, AI credit inflation.

Pipeline Attribution Drift is the systematic distortion in B2B lead generation of source attribution when AI agents touch records across stages, causing first-touch and multi-touch models to credit AI activity in ways that misrepresent true demand origin.

It quietly inflates the channels your agents touch most.

How it works

Measurable proxy: Attribution Drift Index = (AI-touched channel share of credited pipeline) divided by (AI-touched channel share of sourced pipeline). A value of 1.0 means credit matches sourcing. Values above 1.2 indicate material drift.

Worked example: AI-touched channels source 30 percent of pipeline but are credited with 45 percent. ADI = 45/30 = 1.5. That is material drift requiring attribution model review.

The control is touchpoint tagging that distinguishes AI-initiated from AI-assisted from human-initiated, with an attribution model that weights origin over recency.

Examples

• An agent re-engagement sequence credited as first-touch on accounts originally sourced by paid search.
• AI-summarized call notes inflating the influence of AI-assisted handoffs.
• A monthly ADI review across channels.

Related Terms

• AI-Assisted MQL
• [Forec