AI Governance & Agent Security Glossary
69 plain-English definitions — from AI control plane and MCP to trust scores, guardrails, and the EU AI Act. Each term is self-contained and linkable.
No terms match your search. Try a different word or clear the filter.
A
Agent Identity #
Identity & AccessA verifiable, machine-readable identity assigned to an AI agent so its actions can be authenticated and attributed. Agent identity distinguishes one agent from another and from human users, enabling access control, audit trails, and revocation. Treating agents as first-class identities is foundational to securing autonomous systems.
Agent Orchestration #
AI StrategyThe coordination of multiple AI agents and tools to accomplish a complex goal, managing how tasks are routed, sequenced, and combined. Agent orchestration handles delegation, communication, and error handling across agents, turning individual capabilities into reliable multi-step processes while keeping the overall flow governable and observable.
Agent Trust Score #
AI Agent SecurityA dynamic rating that estimates how trustworthy an AI agent is based on signals such as identity verification, behavior history, attestation, and policy compliance. A trust score helps systems decide whether to grant an agent access or require additional checks, supporting risk-based, adaptive control over autonomous actors.
Agent-to-Agent Communication #
AI Agent SecurityDirect interaction between autonomous AI agents that exchange tasks, data, or results without a human intermediary. Agent-to-agent (A2A) communication enables multi-agent collaboration but expands the attack surface, so each agent must verify the identity and permissions of others before trusting their requests.
Agentic AI #
AI StrategyA class of AI systems that act with autonomy, breaking down goals into steps, using tools, and adapting based on results rather than producing a single response. Agentic AI can take real actions in the world, so it introduces new security, governance, and cost-control challenges compared with traditional request-response AI applications.
AI Agent #
AI Agent SecurityA software system that uses a large language model to pursue goals autonomously, making decisions and calling tools, APIs, or other agents with limited human direction. Unlike a simple chatbot, an agent plans multi-step actions and can change external state, which makes its identity, permissions, and oversight critical to manage.
AI Control Plane #
AI StrategyA centralized layer that authenticates, authorizes, governs, and monitors interactions between applications, AI agents, and external tools or services. It enforces consistent policy, identity, and observability across many models and integrations, giving organizations a single place to manage and secure AI usage rather than scattering controls across individual apps.
AI FinOps #
AI FinOpsThe practice of managing and optimizing the financial cost of AI workloads through visibility, accountability, and control. AI FinOps applies cloud cost-management discipline to model usage, attributing spend to teams and use cases, forecasting expenses, and enforcing budgets so organizations can scale AI without losing control of costs.
Attestation #
AI Agent SecurityA verifiable claim about the properties or state of a system, agent, or workload, often backed by cryptographic evidence. Attestation lets one party prove what code it is running or which identity it holds so another party can decide whether to trust it, strengthening security in distributed and agent-driven environments.
Attribute-Based Access Control #
Identity & AccessAn access model that decides permissions by evaluating attributes of the user, resource, action, and context, such as department, sensitivity, or time. Attribute-based access control (ABAC) enables fine-grained, dynamic policies that adapt to circumstances, going beyond static roles to express richer rules for who can access what and when.
Audit Log #
AI Governance & ComplianceA chronological, tamper-resistant record of significant events in a system, such as logins, access changes, and AI actions. Audit logs capture who did what, when, and from where, providing the evidence needed for security investigations, accountability, and compliance with frameworks that require traceability of decisions and access.
B
Bidirectional Guardrails #
AI Governance & ComplianceContent controls applied to both what an entity sends and what it receives. Inspecting both directions catches a malicious or malformed request before it reaches a downstream tool, and stops unsafe or non-compliant output — such as leaked secrets or PII — before it returns to the caller.
Blast Radius #
AI Agent SecurityThe extent of damage that can result if a system, credential, or AI agent is compromised. A smaller blast radius means a breach affects fewer resources. Limiting it through least privilege, isolation, and scoped permissions is a core defensive strategy, especially for autonomous agents that can act broadly.
Budget Policy #
AI FinOpsA rule that sets and enforces spending limits on AI usage for a team, project, or agent over a defined period. A budget policy can warn, throttle, or block activity when costs approach a cap, giving organizations predictable AI spend and preventing runaway expenses from autonomous or high-volume workloads.
BYOK #
AI FinOpsBring Your Own Key, a model in which customers supply and control their own encryption keys or third-party API credentials rather than relying solely on the provider's. For AI platforms, BYOK often means using your own model-provider keys, giving direct control over billing, data handling, and provider relationships.
C
Capability Token #
Identity & AccessA credential that grants the bearer specific, limited permissions to perform defined actions, often with an expiry and constrained scope. Rather than relying on broad identity, a capability token encodes exactly what is allowed. This fine-grained, short-lived approach is well suited to securing AI agents and tool access.
Connection #
AI StrategyIn an AI control plane, a connection is the governed relationship between two entities — for example an application and an agent, or an agent and an MCP server. The connection, not the individual entity, is where identity, guardrails, and policies are applied, so security travels with the interaction itself rather than living on any single component.
Context Window #
AI StrategyThe maximum amount of text, measured in tokens, that a model can consider at once — covering the prompt, any retrieved context, and the response. Larger windows let agents reason over more information, but they also raise cost and create more room for injected or malicious content.
Credential Rotation #
Identity & AccessThe practice of periodically replacing secrets such as keys, tokens, and passwords so that a leaked or stale credential has a limited useful lifetime. Automated rotation shrinks the window an attacker can exploit and is a baseline control for machine identities like agents.
D
Data Loss Prevention #
AI Governance & ComplianceControls that detect and stop sensitive information — credentials, personal data, regulated records — from leaving a trusted boundary. For AI agents, DLP commonly means inspecting prompts and responses to redact or block protected data before it is sent to a model or returned to a user.
Data Residency #
AI Governance & ComplianceThe requirement that data be stored and processed within a specific geographic or legal jurisdiction, such as the European Union. Data residency is a common condition of privacy regulations and enterprise contracts, and it shapes where a platform can run and which sub-processors it may use.
Dunning #
AI FinOpsThe automated process of recovering failed or overdue payments — for example retrying a declined card and notifying the customer — before suspending access. In a usage-based AI platform, dunning protects revenue while giving customers a chance to fix billing problems without an abrupt cutoff.
E
Entity #
Platform & OperationsA first-class participant in an AI system that can be registered, credentialed, and governed — typically an application, an AI agent, or an MCP server. Treating each as an entity lets a control plane apply identity, permissions, and monitoring uniformly, no matter which one is acting as the caller or the callee.
EU AI Act #
AI Governance & ComplianceA European Union regulation that governs artificial intelligence using a risk-based approach, imposing stricter obligations on higher-risk systems. The EU AI Act sets requirements for transparency, human oversight, documentation, and risk management, and applies to providers and deployers whose AI affects people in the EU, shaping global AI compliance practices.
F
Federation #
AI Agent SecurityAn arrangement in which separate organizations or systems establish mutual trust so identities and agents from one domain can interact securely with another. Federation relies on agreed standards and verifiable credentials, enabling cross-boundary collaboration, such as agents working across companies, without merging directories or sharing raw secrets.
G
GDPR #
AI Governance & ComplianceThe General Data Protection Regulation, a European Union law governing how personal data is collected, processed, and protected. GDPR grants individuals rights over their data and requires lawful basis, transparency, and safeguards. For AI, it constrains how personal information may be used in prompts, training, and storage, with significant penalties for violations.
Guardrail #
AI Governance & ComplianceA policy or technical control that constrains what an AI model or agent can input, output, or do. Guardrails block harmful, unsafe, or out-of-scope behavior, such as leaking secrets or executing forbidden actions. They turn high-level safety and compliance requirements into enforceable limits around AI systems.
H
Hallucination #
AI Governance & ComplianceWhen a language model produces confident output that is factually wrong, fabricated, or unsupported by its inputs. Hallucinations are a core reliability risk for agents that act on their own output, which is why grounding, verification, and human review matter for high-stakes decisions.
Human-in-the-Loop #
AI Governance & ComplianceA design where a person reviews, approves, or can override an AI system's decisions before or during execution. Human-in-the-loop oversight is used for high-risk or irreversible actions, balancing automation with accountability and providing a control point required by many AI governance frameworks and regulations.
I
Indirect Prompt Injection #
AI Agent SecurityA prompt injection where malicious instructions are hidden in external content an AI agent retrieves, such as a web page, document, or email, rather than typed by the attacker directly. When the agent reads that content, it may execute the embedded commands, making this attack stealthy and dangerous for tool-using agents.
ISO 42001 #
AI Governance & ComplianceAn international standard that specifies requirements for an AI management system, helping organizations govern the development and use of AI responsibly. ISO 42001 provides a certifiable framework covering risk, accountability, and continual improvement, letting organizations demonstrate structured oversight of their AI systems to customers, regulators, and partners.
J
Jailbreak #
AI Agent SecurityAn attempt to manipulate a model into ignoring its safety instructions or policy constraints, often through crafted prompts that reframe, role-play around, or override the system rules. Jailbreaks are a primary way attackers try to make an agent perform forbidden actions or reveal protected information.
L
Least Privilege #
Identity & AccessA security principle that grants each user, service, or AI agent only the minimum permissions needed to perform its task, and nothing more. Limiting privileges shrinks the blast radius of a compromised account or agent and is a cornerstone of zero-trust and modern access design.
LLM Configuration #
Platform & OperationsThe settings that determine how a large language model is invoked, including the model choice, provider, credentials, temperature, token limits, and routing rules. Centralizing LLM configuration lets an organization standardize behavior, swap providers, and apply governance consistently instead of hardcoding model details inside individual applications.
M
MCP Server #
Platform & OperationsA service that exposes tools, data, or resources to AI applications using the Model Context Protocol. An MCP server advertises the actions a model can invoke and handles their execution. Because these servers grant agents real capabilities, they must enforce authentication, scoped permissions, and logging to prevent misuse.
Merkle Tree #
AI Governance & ComplianceA data structure that hashes records in pairs up to a single root hash, so any change to a record changes the root. Merkle trees enable efficient verification that a piece of data belongs to a set and that a log has not been altered, underpinning tamper-evident logs and transparency systems.
Model Context Protocol #
Platform & OperationsAn open standard that defines how AI applications connect to external data sources and tools through a common interface. Model Context Protocol (MCP) lets models discover and call capabilities exposed by servers in a uniform way, reducing custom integration work and creating a consistent surface to secure, audit, and govern.
Model-Agnostic #
AI StrategyA design that is not tied to any single model or provider, letting teams switch or combine LLMs without re-architecting. Model-agnostic platforms govern the agent and its behavior rather than the model, so bring-your-own-key and multi-vendor strategies stay possible.
Multi-Factor Authentication #
Identity & AccessAn authentication method that requires two or more independent factors to verify identity, typically something you know, have, or are. Multi-factor authentication (MFA) sharply reduces account takeover risk because a stolen password alone is not enough to gain access, making it a baseline control for sensitive systems.
Multi-Tenancy #
Platform & OperationsAn architecture in which a single software instance serves multiple customers, or tenants, while keeping each tenant's data and configuration logically separate. Multi-tenancy improves efficiency and scalability but demands strict isolation controls so that one tenant can never access another's data, the central trust requirement for SaaS platforms.
N
NIST AI RMF #
AI Governance & ComplianceThe NIST AI Risk Management Framework, a voluntary guidance from the U.S. National Institute of Standards and Technology for identifying, assessing, and managing risks of AI systems. It organizes practices around governing, mapping, measuring, and managing risk, helping organizations build trustworthy AI in a structured, repeatable way.
O
Observability #
Platform & OperationsThe ability to understand a system's internal state from the data it emits, typically logs, metrics, and traces. For AI systems, observability reveals what agents did, how models performed, and where costs or errors arise, enabling debugging, monitoring, and accountability across complex, distributed, autonomous workloads.
OpenID Connect #
Identity & AccessAn identity layer built on top of the OAuth 2.0 authorization framework that lets applications verify a user's identity and obtain basic profile information. OpenID Connect (OIDC) issues signed identity tokens, making it a modern, JSON-based standard for single sign-on across web, mobile, and API-driven services.
OWASP LLM Top 10 #
AI Governance & ComplianceA community-maintained list from the OWASP project cataloguing the most critical security risks specific to large-language-model applications — including prompt injection, sensitive-information disclosure, and excessive agency. It gives security teams a shared vocabulary for assessing and hardening AI systems.
P
Passkey #
Identity & AccessA passwordless credential based on public-key cryptography that authenticates users with a device-bound private key, often unlocked by biometrics. Built on the WebAuthn standard, passkeys resist phishing and credential theft because no shared secret is transmitted or stored on the server, offering stronger and simpler authentication than passwords.
PII Redaction #
AI Governance & ComplianceThe automatic detection and removal or masking of personally identifiable information, such as names, emails, or card numbers, from data flowing to or from AI models. PII redaction reduces privacy risk and helps meet regulations like GDPR by preventing sensitive personal data from being exposed, stored, or used to train models.
Policy Enforcement #
AI Governance & ComplianceThe runtime application of rules that decide whether an action is allowed, denied, or modified. Policy enforcement evaluates each request against defined controls, for access, content, spending, or safety, and acts on the result. It turns written governance into automated, consistent behavior that cannot be bypassed by individual users or agents.
Prompt Injection #
AI Agent SecurityAn attack that embeds malicious instructions into the input an AI model processes, tricking it into ignoring its original directives or performing unintended actions. Because models follow natural-language instructions, prompt injection can hijack agents, exfiltrate data, or bypass guardrails, making it a top security risk for AI applications.
R
Rate Limiting #
Platform & OperationsA control that caps how many requests a client, user, or agent can make to a service in a given time window. Rate limiting protects systems from overload and abuse, ensures fair resource sharing, and helps contain runaway costs from automated callers such as AI agents.
Retrieval-Augmented Generation #
AI StrategyA technique that grounds a model response in relevant documents fetched at query time, instead of relying only on what the model memorized during training. RAG improves accuracy and freshness and reduces hallucination, but it also widens the input surface that guardrails must inspect.
Role-Based Access Control #
Identity & AccessAn access model that grants permissions based on roles assigned to users or services rather than to individuals directly. Role-based access control (RBAC) simplifies administration by bundling related permissions, making it easier to enforce least privilege and audit who can do what across an organization.
Row-Level Security #
Platform & OperationsA database capability that restricts which rows a query can read or modify based on the identity or attributes of the requester. Row-level security enforces data access rules close to the data itself, providing a strong, hard-to-bypass mechanism for tenant isolation and fine-grained authorization in multi-tenant systems.
S
SAML #
Identity & AccessSecurity Assertion Markup Language, an XML-based open standard for exchanging authentication and authorization data between an identity provider and a service provider. SAML is widely used for enterprise single sign-on, letting users authenticate once and access multiple applications without sharing passwords with each one.
Sandboxing #
AI Agent SecurityRunning an agent or its tool calls in a restricted environment that limits what it can access, change, or reach on the network. Sandboxing contains the damage a compromised or misbehaving agent can do, keeping its blast radius small.
SCIM #
Identity & AccessSystem for Cross-domain Identity Management, an open standard for automatically provisioning and deprovisioning user accounts across applications. SCIM lets an identity provider create, update, and disable users in connected systems through a common API, keeping access current and removing stale accounts that pose security risks.
Scope #
Identity & AccessThe defined boundary of permissions or access that a token, credential, or agent is granted. Scope specifies which resources and actions are permitted, limiting what the holder can do even if authenticated. Narrow scopes enforce least privilege and reduce the impact of leaked or misused credentials.
Service Discovery #
Platform & OperationsThe mechanism by which agents and tools find and connect to one another, often through a registry that lists available services and how to reach them. Discoverable services make it possible to compose multi-agent systems, while access controls decide who may actually connect.
Shadow AI #
AI StrategyThe use of AI tools, models, or agents by employees without the knowledge or approval of the organization's security and governance teams. Shadow AI creates blind spots where sensitive data may leak, costs go untracked, and policies go unenforced, making discovery and centralized control a priority for enterprises.
Single Sign-On #
Identity & AccessAn authentication method that lets users access multiple applications with one set of credentials and a single login. Single sign-on (SSO) reduces password fatigue and centralizes authentication policy, so organizations can enforce strong controls and quickly revoke access across all connected services from one place.
SOC 2 #
AI Governance & ComplianceAn auditing standard and report that evaluates how a service organization manages data according to trust principles such as security, availability, confidentiality, and privacy. A SOC 2 report, produced by an independent auditor, gives customers assurance that a provider has effective controls, and is widely expected of SaaS and AI vendors.
Spend Cap #
AI FinOpsA hard upper limit on how much can be spent on AI services within a scope or time window. When the cap is reached, further usage is paused or denied. Spend caps protect against billing surprises from runaway agents, abuse, or unexpected demand, and are a key control in AI cost governance.
T
Tamper-Evident Log #
AI Governance & ComplianceA log designed so that any alteration, deletion, or insertion of past entries can be detected. Tamper-evident logs commonly use cryptographic hashing to chain records together, so changing one entry breaks the chain. They provide stronger integrity guarantees than ordinary logs for audits, forensics, and regulatory evidence.
Tenant Isolation #
Platform & OperationsThe set of controls that prevent one customer in a multi-tenant system from accessing, modifying, or even observing another customer's data and resources. Tenant isolation can be enforced at the data, network, and application layers, and is essential to maintaining trust, privacy, and compliance in shared platforms.
Token Bucket #
Platform & OperationsA common rate-limiting algorithm in which requests consume tokens from a bucket that refills at a fixed rate; when the bucket is empty, further requests are throttled or rejected. It allows short bursts while bounding sustained throughput — useful for protecting downstream models and tools from overload.
Token Cost #
AI FinOpsThe price incurred for the tokens, units of text, that a language model reads as input and produces as output. Because providers bill per token, token cost drives the economics of AI applications. Tracking it per request, user, or agent is essential for forecasting, optimizing, and controlling AI spend.
Trigger #
Platform & OperationsAn event or condition that automatically starts a workflow or agent action. Triggers can be scheduled by time, fired by an incoming webhook, or raised by an event such as a new record. They let automation respond to the world without manual initiation, which makes securing and validating their sources important.
W
Webhook #
Platform & OperationsAn HTTP callback that delivers an event from one system to another as it happens, so the receiver does not have to poll. Signing webhooks lets the receiver verify each event genuinely originated from the sender and was not forged or replayed.
Workflow #
Platform & OperationsA defined sequence of steps, decisions, and actions that automates a process from start to finish. In AI platforms, workflows connect agents, tools, triggers, and approvals into repeatable pipelines, making complex automation predictable, auditable, and easier to govern than ad hoc, one-off agent invocations.
Z
Zero Trust #
AI Agent SecurityA security model that assumes no user, device, or agent is trusted by default, even inside the network. Zero trust requires every request to be authenticated, authorized, and continuously verified against policy. Applied to AI, it means treating each agent as untrusted until its identity and permissions are proven for that action.
Want the controls behind these concepts? Explore the cornerstone guides, take the maturity assessment, or get started with Praesidia.