Clear definitions of AI, security, compliance, and governance terms. From LLMs to SOC 2.
See every AI interaction across your organization. Start with the free desktop agent, scale with the platform.
151 terms
A list of permissions attached to a resource that specifies which users or system processes are granted access and what operations they can perform.
Read definitionTechniques that manipulate inputs to machine learning models to cause misclassification or unexpected behavior, often through imperceptible perturbations.
Read definitionAI systems that can autonomously perform tasks, make decisions, and take actions with minimal human intervention, often using tools and APIs to accomplish goals.
Read definitionAn autonomous AI system capable of perceiving its environment, making decisions, and taking actions to achieve specific goals with minimal human intervention.
Read definitionThe moral principles and guidelines that govern the development, deployment, and use of artificial intelligence systems to ensure they benefit humanity and minimize harm.
Read definitionThe framework of policies, procedures, and controls that organizations implement to ensure AI systems are developed, deployed, and operated responsibly, ethically, and in compliance with regulations.
Read definitionThe systematic process of identifying, assessing, mitigating, and monitoring risks associated with AI systems throughout their lifecycle.
Read definitionThe identification of patterns in data that deviate significantly from expected behavior, used for fraud detection, security monitoring, and system health checks.
Read definitionA unique identifier used to authenticate requests to an API, serving as a simple form of access control to identify and authorize the calling application or user.
Read definitionThe total sum of vulnerabilities and entry points that an unauthorized user could potentially exploit to gain access to a system or network.
Read definitionAn access control method that evaluates attributes (user, resource, environment) against policies to make authorization decisions, enabling fine-grained access control.
Read definitionA chronological record of system activities, user actions, and security events that provides accountability, supports compliance requirements, and enables forensic investigation.
Read definitionThe process of verifying the identity of a user, device, or system before granting access to resources or services.
Read definitionThe process of determining what actions, resources, or services an authenticated user or system is permitted to access.
Read definitionThe process of identifying and measuring unfair prejudices in AI models and their outputs that could lead to discriminatory outcomes for certain groups.
Read definitionSecurity professionals responsible for defending an organization's information systems by maintaining security controls, detecting threats, and responding to incidents.
Read definitionThe legal requirement to inform affected individuals, regulators, and other parties when personal data has been compromised in a security breach.
Read definitionThe planning and preparation to ensure critical business functions can continue during and after a disaster or disruption.
Read definitionThe California Consumer Privacy Act is a state privacy law that gives California residents rights over their personal information and imposes obligations on businesses that collect or sell that data.
Read definitionA trusted entity that issues digital certificates used to verify the identity of websites, organizations, or individuals in secure communications.
Read definitionA prompting technique that encourages language models to break down complex problems into intermediate reasoning steps, improving accuracy on multi-step tasks.
Read definitionContinuous Integration and Continuous Deployment - automated practices for frequently building, testing, and deploying software changes.
Read definitionThe three fundamental principles of information security: Confidentiality (protecting data from unauthorized access), Integrity (ensuring data accuracy), and Availability (ensuring authorized access when needed).
Read definitionA category of security tools that continuously monitor cloud infrastructure for misconfigurations, compliance violations, and security risks across multi-cloud environments.
Read definitionSecurity approaches and tools designed specifically for cloud-native architectures, including containers, microservices, serverless functions, and orchestration platforms.
Read definitionThe use of technology to streamline and automate compliance processes, including evidence collection, control monitoring, policy enforcement, and audit preparation.
Read definitionA structured set of guidelines, controls, and best practices that organizations follow to meet regulatory, legal, or industry-specific requirements.
Read definitionTechnology that protects data while it's being processed by isolating computations in hardware-based trusted execution environments.
Read definitionThe maximum number of tokens a language model can process in a single request, determining how much text can be used as input and output combined.
Read definitionThe maximum amount of text (measured in tokens) that a language model can process at once, including both the input prompt and generated output.
Read definitionAn automated attack that uses stolen username/password pairs from data breaches to gain unauthorized access to user accounts through large-scale login attempts.
Read definitionThe practice of securing communication and data through mathematical techniques that ensure confidentiality, integrity, authentication, and non-repudiation.
Read definitionCommon Vulnerability Scoring System - a standardized framework for rating the severity of security vulnerabilities on a scale of 0 to 10.
Read definitionA security incident where sensitive, protected, or confidential data is accessed, disclosed, or stolen by unauthorized individuals.
Read definitionThe process of categorizing data based on its sensitivity, value, and regulatory requirements to determine appropriate security controls and handling procedures.
Read definitionThe process of categorizing data based on its sensitivity, value, and regulatory requirements to determine appropriate handling and protection measures.
Read definitionThe process of converting data into an encoded format that can only be read by authorized parties who possess the decryption key.
Read definitionThe framework of policies, processes, and standards that ensure data is managed as a valuable asset, maintaining its quality, security, privacy, and compliance.
Read definitionThe tracking of data's origins, movements, and transformations throughout its lifecycle, enabling understanding of where data comes from and how it changes.
Read definitionSecurity technologies and practices that detect and prevent unauthorized transmission, access, or exfiltration of sensitive data from an organization.
Read definitionTechnologies and processes that detect and prevent unauthorized transmission or leakage of sensitive data outside an organization.
Read definitionA technique that replaces sensitive data with realistic but fictional data to protect it in non-production environments while maintaining data utility.
Read definitionA privacy principle that limits the collection and retention of personal data to only what is necessary for a specific, stated purpose.
Read definitionThe right of individuals to control how their personal information is collected, used, shared, and stored, along with the organizational practices that protect this right.
Read definitionRequirements specifying where data must be physically stored or processed, often driven by legal, regulatory, or sovereignty concerns.
Read definitionAn approach that integrates security practices into every phase of the software development lifecycle, making security a shared responsibility across development and operations teams.
Read definitionA mathematical framework for sharing information about a dataset while protecting the privacy of individuals in that dataset through controlled noise addition.
Read definitionA cryptographic mechanism that verifies the authenticity and integrity of digital messages or documents, providing proof of origin and non-repudiation.
Read definitionThe process and strategies for restoring IT systems, data, and infrastructure after a disruptive event to minimize downtime and data loss.
Read definitionAn approach to security that aligns security controls and policies with business domains and data sensitivity rather than technical boundaries.
Read definitionMachine learning models that convert text, images, or other data into numerical vector representations that capture semantic meaning for similarity search and ML tasks.
Read definitionDense vector representations of data (text, images, etc.) that capture semantic meaning in a format that machine learning models can process and compare.
Read definitionThe process of converting data into a coded format that can only be read by authorized parties with the correct decryption key, protecting confidentiality.
Read definitionSecurity solutions that monitor endpoint devices for suspicious activities, providing visibility, detection, investigation, and response capabilities for security threats.
Read definitionThe European Union's comprehensive regulatory framework for artificial intelligence, establishing rules based on risk levels and imposing requirements for high-risk AI systems.
Read definitionThe ability to describe and justify an AI system's decision-making process in terms that humans can understand, enabling transparency and accountability.
Read definitionA machine learning approach where models are trained across decentralized devices or servers holding local data, without exchanging raw data.
Read definitionThe Federal Risk and Authorization Management Program is a US government program providing standardized security assessment and authorization for cloud products and services.
Read definitionA machine learning approach where models learn to perform tasks from only a small number of examples, often by leveraging prior knowledge from pre-training.
Read definitionThe process of taking a pre-trained AI model and further training it on a specific dataset to adapt it for a particular task or domain.
Read definitionA network security device or software that monitors and controls incoming and outgoing traffic based on predetermined security rules.
Read definitionA capability that allows language models to generate structured outputs that invoke external functions or APIs based on user requests.
Read definitionThe General Data Protection Regulation is the EU's comprehensive data protection law that governs how organizations collect, process, store, and protect personal data of EU residents.
Read definitionGovernance, Risk, and Compliance - an integrated approach to managing an organization's governance structure, enterprise risk management, and regulatory compliance activities.
Read definitionTechniques that connect AI model outputs to verifiable facts, external knowledge sources, or real-world data to improve accuracy and reduce hallucinations.
Read definitionSafety mechanisms and constraints implemented in AI systems to prevent harmful outputs, ensure appropriate behavior, and maintain alignment with organizational policies.
Read definitionWhen an AI model generates content that is factually incorrect, nonsensical, or not grounded in its training data or provided context, presenting false information as fact.
Read definitionA one-way cryptographic function that converts input data into a fixed-size string of characters, used for data integrity verification and password storage.
Read definitionThe Health Insurance Portability and Accountability Act is US legislation that establishes standards for protecting sensitive patient health information from disclosure without consent.
Read definitionA form of encryption that allows computations to be performed on encrypted data without decrypting it, preserving privacy while enabling data processing.
Read definitionA framework of policies, processes, and technologies that manages digital identities and controls user access to critical information and systems within an organization.
Read definitionA service that creates, maintains, and manages identity information while providing authentication services to applications and systems.
Read definitionThe process of identifying, analyzing, and resolving incidents that disrupt normal operations, minimizing impact and restoring services quickly.
Read definitionThe organized approach to addressing and managing a security breach or cyberattack, including preparation, detection, containment, eradication, recovery, and lessons learned.
Read definitionThe process of using a trained machine learning model to make predictions or generate outputs on new, unseen data.
Read definitionA security system that monitors network traffic or system activities for malicious activities or policy violations and generates alerts.
Read definitionAn international standard for information security management systems (ISMS) that provides a systematic approach to managing sensitive company information securely.
Read definitionAn international standard that extends ISO 27001 to include privacy information management, helping organizations manage personal data protection.
Read definitionTechniques used to bypass the safety guardrails and content policies of AI language models to generate restricted or harmful outputs.
Read definitionA compact, URL-safe token format used to securely transmit information between parties as a JSON object, commonly used for authentication and information exchange.
Read definitionThe administration of cryptographic keys throughout their lifecycle, including generation, storage, distribution, rotation, and destruction.
Read definitionA centralized repository of information used to store, organize, and retrieve knowledge, often used with AI systems for context and grounding.
Read definitionA type of AI model trained on vast amounts of text data that can understand and generate human-like text, powering applications like chatbots, content generation, and code assistance.
Read definitionThe time delay between a request and its corresponding response, critical for measuring the performance of AI systems and APIs.
Read definitionA security principle that limits users, applications, and systems to only the minimum permissions necessary to perform their required functions.
Read definitionThe practice of recording events, transactions, and activities in systems and applications for debugging, monitoring, security, and compliance purposes.
Read definitionMalicious software designed to damage, disrupt, or gain unauthorized access to computer systems, including viruses, ransomware, trojans, and spyware.
Read definitionThe practice of applying DevOps principles to machine learning systems, encompassing model development, deployment, monitoring, and lifecycle management.
Read definitionStandardized documentation that accompanies machine learning models, describing their intended use, performance characteristics, limitations, and ethical considerations.
Read definitionAn open protocol that standardizes how AI applications connect to external data sources and tools, enabling secure, structured interactions between LLMs and external systems.
Read definitionThe continuous observation and tracking of machine learning models in production to detect performance degradation, data drift, and anomalies.
Read definitionThe practice of identifying, measuring, monitoring, and controlling risks arising from the use of models in business decisions, particularly in financial services and AI applications.
Read definitionA security mechanism that requires users to provide two or more verification factors to gain access, combining something they know, have, or are.
Read definitionA security protocol where both client and server authenticate each other using certificates, providing stronger authentication than standard TLS.
Read definitionThe practice of dividing a computer network into smaller, isolated subnetworks to improve security, performance, and compliance.
Read definitionA comprehensive catalog of security and privacy controls published by NIST that federal agencies and organizations use to protect information systems.
Read definitionA voluntary framework from NIST providing guidance for organizations to manage risks associated with AI systems throughout their lifecycle.
Read definitionAn open authorization framework that enables applications to obtain limited access to user accounts on third-party services without exposing user credentials.
Read definitionThe ability to understand the internal state of a system by examining its external outputs, typically through logs, metrics, and traces.
Read definitionOpen Web Application Security Project - a nonprofit foundation that produces guidelines, tools, and resources for improving software security.
Read definitionThe process of identifying, acquiring, testing, and installing software updates to fix vulnerabilities and improve security and functionality.
Read definitionThe Payment Card Industry Data Security Standard is a set of security requirements designed to ensure all companies that process, store, or transmit credit card information maintain a secure environment.
Read definitionA simulated cyberattack against a system, network, or application to identify vulnerabilities that could be exploited by malicious actors.
Read definitionAny information that can be used to identify, contact, or locate a specific individual, either alone or combined with other sources.
Read definitionA social engineering attack that attempts to deceive individuals into revealing sensitive information or taking harmful actions through fraudulent communications.
Read definitionA software component that evaluates and enforces access control policies, making authorization decisions based on defined rules and attributes.
Read definitionAn approach to system development that embeds privacy considerations into the design and architecture from the outset, rather than treating privacy as an afterthought.
Read definitionSecurity solutions and practices for controlling, monitoring, and auditing privileged access to critical systems and sensitive data.
Read definitionThe practice of designing and optimizing inputs (prompts) to AI language models to elicit desired outputs, improving accuracy, relevance, and usefulness of responses.
Read definitionA security vulnerability where malicious inputs manipulate an AI system's behavior by overriding or bypassing its original instructions.
Read definitionAny individually identifiable health information that is created, received, maintained, or transmitted by a HIPAA-covered entity or business associate.
Read definitionMalware that encrypts a victim's files or systems and demands payment (ransom) in exchange for the decryption key or to prevent data publication.
Read definitionA technique that controls the number of requests a user or system can make to an API or service within a specified time period.
Read definitionA group of security professionals who simulate real-world attacks against an organization to test and improve its security defenses.
Read definitionThe practice of designing, developing, and deploying AI systems in a manner that is ethical, fair, transparent, accountable, and aligned with human values.
Read definitionThe process of finding and fetching relevant information from a knowledge base or document store to provide context for AI model responses.
Read definitionAn AI architecture that enhances language model outputs by retrieving relevant information from external knowledge sources before generating responses.
Read definitionAn access control method that assigns permissions to users based on their roles within an organization, simplifying permission management at scale.
Read definitionA security technology that runs within an application to detect and prevent real-time attacks by monitoring application behavior and context.
Read definitionSecurity Assertion Markup Language - an XML-based standard for exchanging authentication and authorization data between identity providers and service providers.
Read definitionThe practice of securely storing, accessing, and managing sensitive credentials like API keys, passwords, certificates, and encryption keys throughout their lifecycle.
Read definitionA software development approach that integrates security activities throughout each phase of the development lifecycle, from requirements to deployment.
Read definitionEducational programs designed to help employees recognize and respond appropriately to cybersecurity threats and follow security best practices.
Read definitionA centralized unit that monitors, detects, investigates, and responds to cybersecurity incidents using people, processes, and technology.
Read definitionSearch that understands the meaning and context of queries rather than just matching keywords, using embeddings and vector similarity.
Read definitionA commitment between a service provider and customer defining the expected level of service, including metrics, responsibilities, and remedies for failures.
Read definitionA dedicated infrastructure layer that handles service-to-service communication in microservices architectures, providing features like encryption, observability, and traffic management.
Read definitionSecurity Information and Event Management - a solution that collects, analyzes, and correlates security data from across an organization to detect threats and support incident response.
Read definitionAn authentication method that allows users to access multiple applications with one set of login credentials, improving user experience and security management.
Read definitionA compliance framework developed by AICPA that evaluates an organization's controls related to security, availability, processing integrity, confidentiality, and privacy of customer data.
Read definitionA comprehensive inventory of all components, libraries, and dependencies used in a software application, enabling transparency and vulnerability management.
Read definitionA testing methodology that analyzes application source code, bytecode, or binaries for security vulnerabilities without executing the program.
Read definitionThe practice of securing all components, processes, and dependencies in the software development and delivery pipeline from malicious tampering or vulnerabilities.
Read definitionArtificially generated data that mimics the statistical properties of real data, used for training ML models, testing, and privacy-preserving data sharing.
Read definitionA parameter that controls the randomness of language model outputs, with higher values producing more creative responses and lower values producing more deterministic ones.
Read definitionEvidence-based knowledge about existing or emerging cyber threats, including indicators, tactics, and context, used to inform security decisions.
Read definitionA structured approach to identifying, quantifying, and addressing security threats to a system by analyzing its architecture, data flows, and potential attack vectors.
Read definitionA cryptographic protocol that provides secure communication over computer networks, ensuring privacy, integrity, and authentication for data in transit.
Read definitionThe process of replacing sensitive data with non-sensitive placeholder values (tokens) that maintain the data's format and usability while protecting the original information.
Read definitionThe basic units of text that language models process, typically representing words, subwords, or characters, used to measure input/output length and pricing.
Read definitionThe five principles (security, availability, processing integrity, confidentiality, privacy) defined by AICPA that form the foundation of SOC 2 attestation engagements.
Read definitionA specialized database designed to store, index, and query high-dimensional vector embeddings, enabling efficient similarity search for AI and machine learning applications.
Read definitionA technology that creates an encrypted tunnel between a device and a network, providing secure remote access and privacy for internet communications.
Read definitionThe continuous process of identifying, evaluating, prioritizing, and remediating security vulnerabilities in systems, applications, and infrastructure.
Read definitionA security solution that monitors, filters, and blocks HTTP/HTTPS traffic to and from web applications, protecting against attacks like SQL injection and XSS.
Read definitionSecurity practices specific to decentralized applications, smart contracts, and blockchain technologies, addressing unique risks in the Web3 ecosystem.
Read definitionA security model based on the principle of "never trust, always verify," requiring strict identity verification for every user and device attempting to access resources.
Read definitionA software security flaw unknown to the vendor and for which no patch exists, potentially allowing attackers to exploit systems before defenses are available.
Read definition