Clear definitions of AI, security, compliance, and governance terms - from LLMs to SOC 2.
See every AI interaction across your organization. Start with the free desktop agent, scale with the platform.
151 terms
A list of permissions attached to a resource that specifies which users or system processes are granted access and what operations they can perform.
Techniques that manipulate inputs to machine learning models to cause misclassification or unexpected behavior, often through imperceptible perturbations.
AI systems that can autonomously perform tasks, make decisions, and take actions with minimal human intervention, often using tools and APIs to accomplish goals.
An autonomous AI system capable of perceiving its environment, making decisions, and taking actions to achieve specific goals with minimal human intervention.
The moral principles and guidelines that govern the development, deployment, and use of artificial intelligence systems to ensure they benefit humanity and minimize harm.
The framework of policies, procedures, and controls that organizations implement to ensure AI systems are developed, deployed, and operated responsibly, ethically, and in compliance with regulations.
The systematic process of identifying, assessing, mitigating, and monitoring risks associated with AI systems throughout their lifecycle.
The identification of patterns in data that deviate significantly from expected behavior, used for fraud detection, security monitoring, and system health checks.
A unique identifier used to authenticate requests to an API, serving as a simple form of access control to identify and authorize the calling application or user.
The total sum of vulnerabilities and entry points that an unauthorized user could potentially exploit to gain access to a system or network.
An access control method that evaluates attributes (user, resource, environment) against policies to make authorization decisions, enabling fine-grained access control.
A chronological record of system activities, user actions, and security events that provides accountability, supports compliance requirements, and enables forensic investigation.
The process of verifying the identity of a user, device, or system before granting access to resources or services.
The process of determining what actions, resources, or services an authenticated user or system is permitted to access.
The process of identifying and measuring unfair prejudices in AI models and their outputs that could lead to discriminatory outcomes for certain groups.
Security professionals responsible for defending an organization's information systems by maintaining security controls, detecting threats, and responding to incidents.
The legal requirement to inform affected individuals, regulators, and other parties when personal data has been compromised in a security breach.
The planning and preparation to ensure critical business functions can continue during and after a disaster or disruption.
The California Consumer Privacy Act is a state privacy law that gives California residents rights over their personal information and imposes obligations on businesses that collect or sell that data.
A trusted entity that issues digital certificates used to verify the identity of websites, organizations, or individuals in secure communications.
A prompting technique that encourages language models to break down complex problems into intermediate reasoning steps, improving accuracy on multi-step tasks.
Continuous Integration and Continuous Deployment - automated practices for frequently building, testing, and deploying software changes.
The three fundamental principles of information security: Confidentiality (protecting data from unauthorized access), Integrity (ensuring data accuracy), and Availability (ensuring authorized access when needed).
A category of security tools that continuously monitor cloud infrastructure for misconfigurations, compliance violations, and security risks across multi-cloud environments.
Security approaches and tools designed specifically for cloud-native architectures, including containers, microservices, serverless functions, and orchestration platforms.
The use of technology to streamline and automate compliance processes, including evidence collection, control monitoring, policy enforcement, and audit preparation.
A structured set of guidelines, controls, and best practices that organizations follow to meet regulatory, legal, or industry-specific requirements.
Technology that protects data while it's being processed by isolating computations in hardware-based trusted execution environments.
The maximum number of tokens a language model can process in a single request, determining how much text can be used as input and output combined.
The maximum amount of text (measured in tokens) that a language model can process at once, including both the input prompt and generated output.
An automated attack that uses stolen username/password pairs from data breaches to gain unauthorized access to user accounts through large-scale login attempts.
The practice of securing communication and data through mathematical techniques that ensure confidentiality, integrity, authentication, and non-repudiation.
Common Vulnerability Scoring System - a standardized framework for rating the severity of security vulnerabilities on a scale of 0 to 10.
A security incident where sensitive, protected, or confidential data is accessed, disclosed, or stolen by unauthorized individuals.
The process of categorizing data based on its sensitivity, value, and regulatory requirements to determine appropriate security controls and handling procedures.
The process of categorizing data based on its sensitivity, value, and regulatory requirements to determine appropriate handling and protection measures.
The process of converting data into an encoded format that can only be read by authorized parties who possess the decryption key.
The framework of policies, processes, and standards that ensure data is managed as a valuable asset, maintaining its quality, security, privacy, and compliance.
The tracking of data's origins, movements, and transformations throughout its lifecycle, enabling understanding of where data comes from and how it changes.
Security technologies and practices that detect and prevent unauthorized transmission, access, or exfiltration of sensitive data from an organization.
Technologies and processes that detect and prevent unauthorized transmission or leakage of sensitive data outside an organization.
A technique that replaces sensitive data with realistic but fictional data to protect it in non-production environments while maintaining data utility.
A privacy principle that limits the collection and retention of personal data to only what is necessary for a specific, stated purpose.
The right of individuals to control how their personal information is collected, used, shared, and stored, along with the organizational practices that protect this right.
Requirements specifying where data must be physically stored or processed, often driven by legal, regulatory, or sovereignty concerns.
An approach that integrates security practices into every phase of the software development lifecycle, making security a shared responsibility across development and operations teams.
A mathematical framework for sharing information about a dataset while protecting the privacy of individuals in that dataset through controlled noise addition.
A cryptographic mechanism that verifies the authenticity and integrity of digital messages or documents, providing proof of origin and non-repudiation.
The process and strategies for restoring IT systems, data, and infrastructure after a disruptive event to minimize downtime and data loss.
An approach to security that aligns security controls and policies with business domains and data sensitivity rather than technical boundaries.
Machine learning models that convert text, images, or other data into numerical vector representations that capture semantic meaning for similarity search and ML tasks.
Dense vector representations of data (text, images, etc.) that capture semantic meaning in a format that machine learning models can process and compare.
The process of converting data into a coded format that can only be read by authorized parties with the correct decryption key, protecting confidentiality.
Security solutions that monitor endpoint devices for suspicious activities, providing visibility, detection, investigation, and response capabilities for security threats.
The European Union's comprehensive regulatory framework for artificial intelligence, establishing rules based on risk levels and imposing requirements for high-risk AI systems.
The ability to describe and justify an AI system's decision-making process in terms that humans can understand, enabling transparency and accountability.
A machine learning approach where models are trained across decentralized devices or servers holding local data, without exchanging raw data.
The Federal Risk and Authorization Management Program is a US government program providing standardized security assessment and authorization for cloud products and services.
A machine learning approach where models learn to perform tasks from only a small number of examples, often by leveraging prior knowledge from pre-training.
The process of taking a pre-trained AI model and further training it on a specific dataset to adapt it for a particular task or domain.
A network security device or software that monitors and controls incoming and outgoing traffic based on predetermined security rules.
A capability that allows language models to generate structured outputs that invoke external functions or APIs based on user requests.
The General Data Protection Regulation is the EU's comprehensive data protection law that governs how organizations collect, process, store, and protect personal data of EU residents.
Governance, Risk, and Compliance - an integrated approach to managing an organization's governance structure, enterprise risk management, and regulatory compliance activities.
Techniques that connect AI model outputs to verifiable facts, external knowledge sources, or real-world data to improve accuracy and reduce hallucinations.
Safety mechanisms and constraints implemented in AI systems to prevent harmful outputs, ensure appropriate behavior, and maintain alignment with organizational policies.
When an AI model generates content that is factually incorrect, nonsensical, or not grounded in its training data or provided context, presenting false information as fact.
A one-way cryptographic function that converts input data into a fixed-size string of characters, used for data integrity verification and password storage.
The Health Insurance Portability and Accountability Act is US legislation that establishes standards for protecting sensitive patient health information from disclosure without consent.
A form of encryption that allows computations to be performed on encrypted data without decrypting it, preserving privacy while enabling data processing.
A framework of policies, processes, and technologies that manages digital identities and controls user access to critical information and systems within an organization.
A service that creates, maintains, and manages identity information while providing authentication services to applications and systems.
The process of identifying, analyzing, and resolving incidents that disrupt normal operations, minimizing impact and restoring services quickly.
The organized approach to addressing and managing a security breach or cyberattack, including preparation, detection, containment, eradication, recovery, and lessons learned.
The process of using a trained machine learning model to make predictions or generate outputs on new, unseen data.
A security system that monitors network traffic or system activities for malicious activities or policy violations and generates alerts.
An international standard for information security management systems (ISMS) that provides a systematic approach to managing sensitive company information securely.
An international standard that extends ISO 27001 to include privacy information management, helping organizations manage personal data protection.
Techniques used to bypass the safety guardrails and content policies of AI language models to generate restricted or harmful outputs.
A compact, URL-safe token format used to securely transmit information between parties as a JSON object, commonly used for authentication and information exchange.
The administration of cryptographic keys throughout their lifecycle, including generation, storage, distribution, rotation, and destruction.
A centralized repository of information used to store, organize, and retrieve knowledge, often used with AI systems for context and grounding.
A type of AI model trained on vast amounts of text data that can understand and generate human-like text, powering applications like chatbots, content generation, and code assistance.
The time delay between a request and its corresponding response, critical for measuring the performance of AI systems and APIs.
A security principle that limits users, applications, and systems to only the minimum permissions necessary to perform their required functions.
The practice of recording events, transactions, and activities in systems and applications for debugging, monitoring, security, and compliance purposes.
Malicious software designed to damage, disrupt, or gain unauthorized access to computer systems, including viruses, ransomware, trojans, and spyware.
The practice of applying DevOps principles to machine learning systems, encompassing model development, deployment, monitoring, and lifecycle management.
Standardized documentation that accompanies machine learning models, describing their intended use, performance characteristics, limitations, and ethical considerations.
An open protocol that standardizes how AI applications connect to external data sources and tools, enabling secure, structured interactions between LLMs and external systems.
The continuous observation and tracking of machine learning models in production to detect performance degradation, data drift, and anomalies.
The practice of identifying, measuring, monitoring, and controlling risks arising from the use of models in business decisions, particularly in financial services and AI applications.
A security mechanism that requires users to provide two or more verification factors to gain access, combining something they know, have, or are.
A security protocol where both client and server authenticate each other using certificates, providing stronger authentication than standard TLS.
The practice of dividing a computer network into smaller, isolated subnetworks to improve security, performance, and compliance.
A comprehensive catalog of security and privacy controls published by NIST that federal agencies and organizations use to protect information systems.
A voluntary framework from NIST providing guidance for organizations to manage risks associated with AI systems throughout their lifecycle.
An open authorization framework that enables applications to obtain limited access to user accounts on third-party services without exposing user credentials.
The ability to understand the internal state of a system by examining its external outputs, typically through logs, metrics, and traces.
Open Web Application Security Project - a nonprofit foundation that produces guidelines, tools, and resources for improving software security.
The process of identifying, acquiring, testing, and installing software updates to fix vulnerabilities and improve security and functionality.
The Payment Card Industry Data Security Standard is a set of security requirements designed to ensure all companies that process, store, or transmit credit card information maintain a secure environment.
A simulated cyberattack against a system, network, or application to identify vulnerabilities that could be exploited by malicious actors.
Any information that can be used to identify, contact, or locate a specific individual, either alone or combined with other sources.
A social engineering attack that attempts to deceive individuals into revealing sensitive information or taking harmful actions through fraudulent communications.
A software component that evaluates and enforces access control policies, making authorization decisions based on defined rules and attributes.
An approach to system development that embeds privacy considerations into the design and architecture from the outset, rather than treating privacy as an afterthought.
Security solutions and practices for controlling, monitoring, and auditing privileged access to critical systems and sensitive data.
The practice of designing and optimizing inputs (prompts) to AI language models to elicit desired outputs, improving accuracy, relevance, and usefulness of responses.
A security vulnerability where malicious inputs manipulate an AI system's behavior by overriding or bypassing its original instructions.
Any individually identifiable health information that is created, received, maintained, or transmitted by a HIPAA-covered entity or business associate.
Malware that encrypts a victim's files or systems and demands payment (ransom) in exchange for the decryption key or to prevent data publication.
A technique that controls the number of requests a user or system can make to an API or service within a specified time period.
A group of security professionals who simulate real-world attacks against an organization to test and improve its security defenses.
The practice of designing, developing, and deploying AI systems in a manner that is ethical, fair, transparent, accountable, and aligned with human values.
The process of finding and fetching relevant information from a knowledge base or document store to provide context for AI model responses.
An AI architecture that enhances language model outputs by retrieving relevant information from external knowledge sources before generating responses.
An access control method that assigns permissions to users based on their roles within an organization, simplifying permission management at scale.
A security technology that runs within an application to detect and prevent real-time attacks by monitoring application behavior and context.
Security Assertion Markup Language - an XML-based standard for exchanging authentication and authorization data between identity providers and service providers.
The practice of securely storing, accessing, and managing sensitive credentials like API keys, passwords, certificates, and encryption keys throughout their lifecycle.
A software development approach that integrates security activities throughout each phase of the development lifecycle, from requirements to deployment.
Educational programs designed to help employees recognize and respond appropriately to cybersecurity threats and follow security best practices.
A centralized unit that monitors, detects, investigates, and responds to cybersecurity incidents using people, processes, and technology.
Search that understands the meaning and context of queries rather than just matching keywords, using embeddings and vector similarity.
A commitment between a service provider and customer defining the expected level of service, including metrics, responsibilities, and remedies for failures.
A dedicated infrastructure layer that handles service-to-service communication in microservices architectures, providing features like encryption, observability, and traffic management.
Security Information and Event Management - a solution that collects, analyzes, and correlates security data from across an organization to detect threats and support incident response.
An authentication method that allows users to access multiple applications with one set of login credentials, improving user experience and security management.
A compliance framework developed by AICPA that evaluates an organization's controls related to security, availability, processing integrity, confidentiality, and privacy of customer data.
A comprehensive inventory of all components, libraries, and dependencies used in a software application, enabling transparency and vulnerability management.
A testing methodology that analyzes application source code, bytecode, or binaries for security vulnerabilities without executing the program.
The practice of securing all components, processes, and dependencies in the software development and delivery pipeline from malicious tampering or vulnerabilities.
Artificially generated data that mimics the statistical properties of real data, used for training ML models, testing, and privacy-preserving data sharing.
A parameter that controls the randomness of language model outputs, with higher values producing more creative responses and lower values producing more deterministic ones.
Evidence-based knowledge about existing or emerging cyber threats, including indicators, tactics, and context, used to inform security decisions.
A structured approach to identifying, quantifying, and addressing security threats to a system by analyzing its architecture, data flows, and potential attack vectors.
A cryptographic protocol that provides secure communication over computer networks, ensuring privacy, integrity, and authentication for data in transit.
The process of replacing sensitive data with non-sensitive placeholder values (tokens) that maintain the data's format and usability while protecting the original information.
The basic units of text that language models process, typically representing words, subwords, or characters, used to measure input/output length and pricing.
The five principles (security, availability, processing integrity, confidentiality, privacy) defined by AICPA that form the foundation of SOC 2 attestation engagements.
A specialized database designed to store, index, and query high-dimensional vector embeddings, enabling efficient similarity search for AI and machine learning applications.
A technology that creates an encrypted tunnel between a device and a network, providing secure remote access and privacy for internet communications.
The continuous process of identifying, evaluating, prioritizing, and remediating security vulnerabilities in systems, applications, and infrastructure.
A security solution that monitors, filters, and blocks HTTP/HTTPS traffic to and from web applications, protecting against attacks like SQL injection and XSS.
Security practices specific to decentralized applications, smart contracts, and blockchain technologies, addressing unique risks in the Web3 ecosystem.
A security model based on the principle of "never trust, always verify," requiring strict identity verification for every user and device attempting to access resources.
A software security flaw unknown to the vendor and for which no patch exists, potentially allowing attackers to exploit systems before defenses are available.