AI agent governance terms, explained clearly
A practical reference for security, engineering, and AI teams working on agent identity, runtime control, access, observability, and compliance in production systems.
A/B Testing (Agent)
Agent A/B testing compares two versions of an agent — differing in model, prompt, tools, or configuration — by routing a portion of traffic to each and measuring performance, quality, and user satisfaction differences.
Defined termA2A Protocol (Agent-to-Agent Protocol)
The Agent-to-Agent (A2A) protocol is an emerging open protocol for agents to describe capabilities, exchange tasks, and return results across different frameworks and vendors.
Defined termAccess Certification (AI)
Access certification is the periodic review process in which human reviewers — typically data owners or security teams — verify that AI agents still require the permissions they hold and revoke any that are no longer needed. Regular certification prevents permission accumulation and is a common requirement under SOC 2, ISO 27001, and enterprise security standards.
Defined termAccess Token
An access token is a credential an application or agent uses to call a protected API. It represents a specific grant of access and should be scoped and short-lived.
Defined termAdversarial Attack
An adversarial attack is a deliberate attempt to manipulate an AI system's behavior through carefully crafted inputs. In agentic systems, this can mean tricking an agent into taking unauthorized actions or bypassing safety controls.
Defined termAdversarial Example (AI)
An adversarial example is a carefully crafted input — often imperceptibly different from a legitimate input — designed to cause an AI model to produce a wrong or harmful output. In agentic AI, adversarial examples can be embedded in documents, web pages, or tool outputs that an agent processes, causing it to take unintended actions.
Defined termAgent Approval Workflow
An agent approval workflow is a defined process that requires designated reviewers to authorize an agent before it is deployed to production. Approvals may gate on risk classification, security review, compliance sign-off, and evaluation results.
Defined termAgent Autonomy Level
Agent autonomy level describes how much independent decision-making authority an agent has — from fully supervised (every action approved) to fully autonomous (acts without human checkpoints). Higher autonomy requires stronger governance controls.
Defined termAgent Behavior Policy
An agent behavior policy is a set of rules that define how an agent should act in specific situations — what it can say, what tools it can use, what data it can access, and when it should escalate. Behavior policies are the bridge between business intent and runtime enforcement.
Defined termAgent Boundary
An agent boundary is a hard constraint that an agent cannot cross regardless of its reasoning or the user's instructions. Boundaries are distinct from guidelines in that they are enforced at the runtime layer, not merely suggested in the prompt.
Defined termAgent Broadcast
An agent broadcast is a communication pattern where one agent sends the same message to all agents subscribed to a channel or topic — useful for coordination signals, shutdown commands, and policy updates that need to reach an entire fleet of agents simultaneously.
Defined termAgent Budget
An agent budget is the predefined allocation of compute, tokens, API calls, or financial spend granted to an AI agent for a task or time period. Budgets function as a hard governance control — when an agent reaches its limit, execution stops, escalates, or requires reauthorisation rather than continuing unchecked.
Defined termAgent Capability
An agent capability is a specific skill or function an agent can perform, such as searching a database, calling an API, writing code, or sending a message. Governance controls should be scoped per capability rather than per agent.
Defined termAgent Card
An agent card is a machine-readable description of an agent's identity, capabilities, endpoints, and authentication requirements. Other systems use it to discover what the agent can do and how to call it.
Defined termAgent CI/CD
Agent CI/CD is the practice of applying continuous integration and continuous delivery principles to AI agent development — automatically testing agents on every change, gating production releases on evaluation results, and automating deployment pipelines for agent code, prompts, and configuration. It brings the reliability practices of software engineering to agent lifecycle management.
Defined termAgent Classification
Agent classification is the process of categorising an AI agent by its risk level, autonomy, data sensitivity, and business impact. Classification determines which governance controls, monitoring intensity, and approval processes apply.
Defined termAgent Composition
Agent composition is the practice of combining multiple specialised agents into a larger workflow. Unlike monolithic agents, composed systems let teams govern, test, and scale each component independently.
Defined termAgent Configuration Management
Agent configuration management is the governed tracking and deployment of all parameters that shape agent behavior — including model selection, temperature, system prompts, tool lists, and policy bindings. Configurations should be versioned and auditable.
Defined termAgent Context Isolation
Agent context isolation is the enforcement of boundaries between the execution contexts of different agents, ensuring that one agent's memory, credentials, tool state, and intermediate data cannot be read or modified by another agent without explicit permission. It is the agent-level equivalent of process isolation in operating systems, and is essential for preventing cross-agent contamination and side-channel attacks in shared infrastructure.
Defined termAgent Control Plane
An agent control plane is a centralized layer that gives teams visibility into all AI agents, enforces runtime policies, manages approvals, and maintains audit trails across frameworks. It acts as the operational governance layer for production agents.
Defined termAgent Control Plane
The agent control plane is the management layer responsible for configuring, governing, and monitoring AI agents at runtime — distinct from the data plane on which agents execute their work. The control plane enforces policies, collects telemetry, manages agent identity and access, routes approval decisions, and provides the operator interface for governing agent behaviour across an enterprise fleet.
Defined termAgent Cost Governance
Agent cost governance is the set of policies, budgets, and controls that prevent AI agents from consuming excessive compute, API calls, or token spend. It typically includes per-agent budgets, alerts, and automatic throttling.
Defined termAgent Data Plane
The agent data plane is the runtime layer through which AI agents make tool calls, read from data sources, write outputs, and exchange messages. Governing the data plane — by intercepting and inspecting traffic, enforcing policies, and logging every operation — is the operational layer of agent governance.
Defined termAgent Decommissioning
Agent decommissioning is the governed process of retiring an AI agent from production — revoking its credentials, archiving its logs and audit trails, removing its integrations, and updating the AI inventory to reflect its retired status.
Defined termAgent Delegation
Agent delegation is when one agent assigns a subtask to another agent, transferring responsibility for that portion of the work. Delegated permissions should be scoped down from the delegating agent's own permissions.
Defined termAgent Deployment
Agent deployment is the process of releasing an agent version into a production or staging environment. Governed deployments include identity provisioning, permission assignment, policy binding, and rollback capability.
Defined termAgent Discovery
Agent discovery is the process of identifying and cataloguing all AI agents operating within an organisation, including agents that were deployed without central approval. It is the first step in building an agent registry and closing governance gaps caused by shadow agents.
Defined termAgent Ecosystem
An agent ecosystem is the broader environment of agents, tools, identity systems, protocols, and policies that let many agents operate together.
Defined termAgent Escalation
Agent escalation is the process of an agent transferring control to a human operator or higher-authority system when it encounters a situation outside its competence, confidence threshold, or policy boundaries.
Defined termAgent Evaluation
Agent evaluation is the systematic assessment of an agent's quality, accuracy, safety, and policy compliance across a representative set of tasks. It should be automated, repeatable, and run before every deployment.
Defined termAgent Fabric
An agent fabric is the underlying infrastructure and middleware that enables multiple AI agents to discover each other, communicate, share context, and coordinate tasks across an enterprise — similar to a service mesh but designed for the communication patterns and governance requirements of AI agents.
Defined termAgent Framework
An agent framework is a software library or platform that provides the building blocks for constructing AI agents — including reasoning loops, tool calling interfaces, memory management, and multi-agent coordination. Popular frameworks include LangChain, LangGraph, AutoGen, CrewAI, and Semantic Kernel. Governance platforms sit above frameworks to enforce consistent identity, policy, and observability regardless of which framework an agent uses.
Defined termAgent Governance
Agent governance is the set of policies, controls, review workflows, and monitoring practices that determine how AI agents are approved, deployed, observed, and constrained in production. It covers identity, access, behavior boundaries, auditability, and compliance.
Defined termAgent Grading Rubric
An agent grading rubric is a structured scoring guide that defines the criteria and weighting used to evaluate agent outputs — covering dimensions such as accuracy, completeness, format compliance, safety, and tone. A well-defined rubric enables consistent automated scoring and gives development teams clear targets for improvement.
Defined termAgent Graph
An agent graph is a directed structure defining the possible states, transitions, and branching logic of an agentic workflow. Nodes represent agents or actions; edges represent handoffs, conditions, or data flows.
Defined termAgent Grounding
Agent grounding is the practice of anchoring an agent's responses and decisions in verified, authoritative data rather than relying solely on the model's parametric knowledge. Grounding reduces hallucination and improves factual accuracy.
Defined termAgent Handoff
An agent handoff is the transfer of a task, context, and control from one agent to another during a workflow. Secure handoffs must preserve identity chain, carry forward permissions, and log the transfer for audit.
Defined termAgent Health Check
An agent health check is an automated probe that verifies an agent instance is running, responsive, and producing outputs within expected quality and latency bounds. Failed health checks should trigger alerting and traffic rerouting.
Defined termAgent Hijacking
Agent hijacking is the takeover of an active AI agent session by an attacker, allowing them to redirect the agent's actions, extract its credentials, or use it as a proxy to access protected systems. It can occur through session token theft, MCP transport interception, or exploitation of insufficient authentication in the agent's control interface.
Defined termAgent Identity
An agent identity is the unique, verifiable identifier assigned to a specific AI agent that distinguishes it from every other agent or service in the system. It is the foundation for access control, attribution, and audit — every action an agent takes is recorded against its identity, enabling traceability back to the agent, its owner, and the task it was executing.
Defined termAgent Identity Management
Agent identity management is the practice of issuing, tracking, rotating, and revoking identities for AI agents and other non-human actors. It ensures each agent has a distinct identity, scoped permissions, lifecycle controls, and auditable access history.
Defined termAgent Impersonation
Agent impersonation is an attack in which a malicious agent or service presents false identity credentials to appear as a trusted, authorised agent. It exploits weak authentication between agents in multi-agent systems, allowing the attacker to receive delegated permissions, access sensitive tools, or inject malicious instructions into a workflow. Prevention requires cryptographic agent identity and strict verification at every agent-to-agent handoff.
Defined termAgent Incident Response
Agent incident response is the process of detecting, triaging, containing, and resolving events where an AI agent behaves unexpectedly, violates policy, or causes harm. It should include playbooks, escalation paths, and post-incident review.
Defined termAgent Lifecycle
The agent lifecycle is the full sequence of stages an AI agent passes through, from initial design and registration through deployment, active operation, updates, and eventual retirement. Governing the lifecycle ensures that identities, permissions, and ownership records stay current and that decommissioned agents cannot continue acting after they are no longer needed.
Defined termAgent Lifecycle Management
Agent lifecycle management is the process of governing an agent from registration through deployment, rotation, suspension, and retirement. It ensures identities, permissions, and ownership stay current over time.
Defined termAgent Load Balancing
Agent load balancing distributes incoming requests across multiple instances of an agent to optimise throughput and reliability. Load balancers may also route based on agent version, model, or compliance requirements.
Defined termAgent Marketplace
An agent marketplace is a platform where pre-built agents, tools, or plugins can be discovered, evaluated, and deployed. Governance requires vetting marketplace offerings for security, compliance, and quality before they enter production environments.
Defined termAgent Memory
Agent memory is the mechanism that lets an agent retain information across interactions, either within a session (short-term) or across sessions (long-term). Memory systems must be governed for data retention, access scope, and compliance.
Defined termAgent Mesh
An agent mesh is a network architecture where multiple agents discover, communicate with, and invoke each other through a shared protocol layer — similar to a service mesh in microservices. Governance is applied at the mesh layer rather than per-agent.
Defined termAgent Middleware
Agent middleware is software that sits between AI agents and the systems they interact with, providing cross-cutting services such as authentication, logging, policy enforcement, retry handling, and protocol translation. It allows governance controls to be applied consistently without embedding them in every agent.
Defined termAgent Observability
Agent observability is the ability to understand what AI agents are doing through metrics, logs, traces, and runtime events. It extends traditional monitoring by showing decision paths, tool calls, data access patterns, and policy outcomes.
Defined termAgent Observability Pipeline
An agent observability pipeline collects, processes, and routes telemetry data from running agents — including traces, logs, metrics, and governance events — to monitoring, alerting, and compliance systems.
Defined termAgent Onboarding
Agent onboarding is the process of registering a new AI agent with the governance system before it is permitted to run in production. It typically includes assigning an identity, declaring ownership, binding a policy set, confirming compliance with deployment standards, and creating the initial audit record.
Defined termAgent Orchestration
Agent orchestration is the coordination of multiple AI agents working together on a shared task. It usually involves a supervising workflow that routes subtasks, manages state, and enforces identity and permission boundaries across the chain.
Defined termAgent Owner
An agent owner is the person or team accountable for an AI agent's behavior, compliance, and operational health throughout its lifecycle. Ownership should be recorded in the AI inventory and reviewed when teams or responsibilities change.
Defined termAgent Passport
An agent passport is a portable package of identity and trust information for an agent, such as identifiers, credentials, or attestations. The term is conceptual rather than a universal standard, but it describes how an agent proves who it is across systems.
Defined termAgent Performance Monitoring
Agent performance monitoring tracks an AI agent's operational metrics — latency, throughput, error rates, task completion rates, and user satisfaction — to ensure it meets service level expectations and detect degradation early.
Defined termAgent Persona
An agent persona is the defined identity, tone, and behavioral profile assigned to an AI agent. In governance terms, the persona constrains how the agent communicates and what commitments it can make on behalf of the organisation.
Defined termAgent Policy Enforcement
Agent policy enforcement is the runtime application of governance rules to AI agent actions as they happen — blocking, throttling, sandboxing, or escalating requests that violate defined policies. Unlike static configuration, runtime enforcement adapts to real-time context such as the data being accessed, the identity of the user, and the sensitivity of the task.
Defined termAgent Protocol
An agent protocol is a standardised interface that defines how agents communicate, exchange tasks, report status, and share results. Examples include A2A and MCP. Protocols reduce integration friction and enable interoperability.
Defined termAgent Quality Score
An agent quality score is a composite metric that evaluates an agent's output accuracy, relevance, safety, and policy compliance across a set of representative tasks. Quality scores inform deployment decisions and ongoing governance.
Defined termAgent Quota
An agent quota is a hard or soft limit on how many requests, tool calls, tokens, or actions an agent can perform within a time period. Quotas prevent runaway agents and help enforce fair resource sharing across teams.
Defined termAgent Reasoning
Agent reasoning is the process by which an AI agent interprets a task, evaluates options, and decides what action to take next. Governance systems may inspect or constrain reasoning to prevent unsafe or non-compliant action plans.
Defined termAgent Registry
An agent registry is a central catalog of all deployed agents within an organisation, recording each agent's identity, owner, model, tools, permissions, version, and operational status.
Defined termAgent Release Pipeline
An agent release pipeline is the automated sequence of stages — build, evaluate, gate, deploy, monitor — that an agent change must pass through before reaching production. It enforces quality gates, captures evaluation evidence for governance, and provides a full audit trail of every production change.
Defined termAgent Retirement
Agent retirement is the governed process of permanently decommissioning an AI agent — revoking its credentials, removing its permissions, archiving its audit trail, and removing it from the active agent registry. A defined retirement process prevents zombie agents from retaining access after they are no longer maintained.
Defined termAgent Rollback
An agent rollback reverts a deployed agent to a previous known-good version of its model, prompt, tools, or configuration. Fast rollback is a critical safety net when a new release introduces regressions or policy violations.
Defined termAgent Router
An agent router is a component that examines an incoming request and decides which specialised agent or model should handle it. Routing decisions can be based on intent classification, cost, latency, or compliance requirements.
Defined termAgent Sandboxing
Agent sandboxing is the practice of running an AI agent in an isolated environment with restricted access to systems, networks, and data. It reduces the blast radius when an agent is compromised, misconfigured, or behaving unpredictably.
Defined termAgent Scaffolding
Agent scaffolding is the surrounding infrastructure and code that wraps an AI model to give it agentic capabilities — including the loop that calls tools, manages context, handles errors, and decides when to stop. Scaffolding sits between the raw model and the task, and is where most runtime governance controls — policy enforcement, logging, credential injection — are applied.
Defined termAgent Scaling
Agent scaling is the process of increasing or decreasing the compute resources allocated to AI agents based on demand. Scaling decisions affect cost, latency, and availability — and governance must ensure that scaling does not bypass security or policy controls.
Defined termAgent Scope
Agent scope defines the boundaries of what an agent is authorised to do — which tools it can call, what data it can access, which systems it can interact with, and under what conditions. Narrow scope reduces risk; broad scope requires stronger controls.
Defined termAgent SLA (Service Level Agreement)
An agent SLA defines the expected performance, availability, and quality thresholds for an AI agent in production — such as response latency, uptime, accuracy, and policy compliance rate.
Defined termAgent Spend Controls
Agent spend controls are runtime limits that cap how much an AI agent can consume in compute, tokens, API calls, or financial cost within a defined period or task. They prevent runaway agents from generating unexpected costs and allow teams to set per-agent, per-team, or global budgets that are enforced at execution time.
Defined termAgent Telemetry
The collection and transmission of operational data from running agents — including latency, token usage, error rates, tool calls, and policy decisions — to centralized monitoring systems for observability and cost management.
Defined termAgent Testbed
An agent testbed is an isolated environment that simulates the full runtime context of a production agent deployment — including connected tools, APIs, databases, and identity infrastructure — for testing and validation purposes. Unlike a benchmark, a testbed tests integration and end-to-end behaviour rather than isolated capability.
Defined termAgent Tracing
Agent tracing is the collection of distributed trace data across every step an AI agent takes — including reasoning steps, tool calls, API requests, and sub-agent invocations. Traces give engineers and governance teams a detailed, chronological view of exactly what an agent did and how long each step took, enabling both debugging and compliance review.
Defined termAgent Trust Level
An agent trust level is a classification that determines how much authority, access, and autonomy an agent is granted. Trust levels are typically assigned based on the agent's track record, the sensitivity of its tasks, and the controls surrounding it.
Defined termAgent Versioning
Agent versioning is the practice of tagging each release of an agent's model, prompt, tools, and configuration so that any past behavior can be reproduced. It is essential for audit, rollback, and compliance evidence.
Defined termAgent-as-a-Service
Agent-as-a-Service is a deployment and commercial model where AI agent capabilities are offered over an API — allowing organisations to consume agent workflows without building or operating the underlying infrastructure. Governance of third-party agent services includes vendor risk assessment, data processing agreements, and monitoring of service behaviour.
Defined termAgentic AI
AI systems that can autonomously plan, reason, use tools, and take actions to achieve goals with minimal human intervention. Unlike simple chatbots, agentic AI actively interacts with external systems and makes decisions that affect real-world outcomes.
Defined termAgentic IDE
An agentic IDE is a software development environment that integrates AI agents to assist with coding, debugging, testing, and deployment. Governance concerns include code provenance, intellectual property, and ensuring the agent does not introduce vulnerabilities.
Defined termAgentic Loop
An agentic loop is the core execution cycle of an autonomous agent: observe the environment, reason about the next step, take an action, and evaluate the result. Governance controls can be inserted at each stage of the loop.
Defined termAgentic Memory
Agentic memory refers to the mechanisms by which an AI agent retains and retrieves information across steps within a task or across multiple sessions. It includes working memory (the active context window), short-term memory (task-scoped storage), and long-term memory (persistent vector stores or databases). Governance of agentic memory must address what data is retained, who can access it, how long it is kept, and whether it can be audited or erased.
Defined termAgentic RAG
Agentic RAG combines retrieval-augmented generation with autonomous agent capabilities, allowing the agent to decide what to retrieve, from which sources, and how to synthesize results. Governance must control which data sources the agent can query.
Defined termAgentic Workflow
An agentic workflow is a multi-step process where one or more AI agents make decisions, call tools, and pass results between stages to achieve a business outcome. Governance must span the entire workflow, not just individual agent actions.
Defined termAI Accountability
AI accountability is the principle that identifiable individuals or teams are responsible for the outcomes of AI systems they develop, deploy, or operate. It requires clear ownership, documentation, and mechanisms for redress when things go wrong.
Defined termAI Agent
An AI agent is an autonomous software system that uses a large language model as its reasoning engine to perceive its environment, plan actions, call tools, and complete tasks with minimal human intervention at each step. Unlike a simple AI assistant that responds to single queries, an agent maintains state across multiple steps, makes decisions based on intermediate results, and can trigger real-world effects through tool calls and API integrations.
Defined termAI Agent for Code Generation
A code generation agent writes, reviews, or refactors software code based on natural language instructions. Governance considerations include intellectual property, license compliance, security vulnerability introduction, and code review requirements.
Defined termAI Agent for Compliance Monitoring
A compliance monitoring agent continuously checks transactions, communications, or processes against regulatory rules and flags violations. It must itself be governed to ensure its rules are current, its alerts are accurate, and its evidence is admissible.
Defined termAI Agent for Customer Service
An AI customer service agent handles support queries, resolves issues, and escalates complex cases to human operators. Governance must ensure it stays within its authorised scope, protects customer data, and provides accurate information.
Defined termAI Agent for Data Analysis
A data analysis agent queries databases, performs statistical analysis, generates visualisations, and summarises findings. Governance must control which datasets the agent can access, how it handles sensitive data, and the accuracy of its conclusions.
Defined termAI Agent for Document Processing
A document processing agent extracts, classifies, and routes information from unstructured documents such as invoices, contracts, or medical records. Governance covers data handling, accuracy validation, and compliance with retention policies.
Defined termAI Agent for Fraud Detection
A fraud detection agent monitors transactions, identifies suspicious patterns, and flags or blocks potential fraud in real time. It requires strict governance around decision explainability, false positive rates, and appeal processes for affected individuals.
Defined termAI Agent for KYC/AML
A KYC/AML agent automates know-your-customer and anti-money-laundering checks by verifying identities, screening against watchlists, and flagging suspicious activity. It operates in a heavily regulated space requiring detailed audit trails and human oversight.
Defined termAI Agent Marketplace
An AI agent marketplace is a platform where developers publish and consumers discover, evaluate, and deploy pre-built AI agents and agent components. Enterprise governance of marketplace agents requires the same security, compliance, and permission reviews as internally built agents, plus additional vendor due diligence.
Defined termAI Agent Swarm Intelligence
Swarm intelligence in AI agents is when many simple agents collectively solve problems through decentralised coordination — similar to how ant colonies or bird flocks exhibit intelligent behavior. Governing swarms requires monitoring emergent rather than individual behavior.
Defined termAI Alignment
AI alignment is the challenge of ensuring an AI system's goals and actions remain consistent with human intentions and organisational policies. For agents, misalignment can mean optimising for a metric in ways that violate safety or ethics constraints.
Defined termAI Alignment
AI alignment is the challenge of ensuring that an AI system's objectives, behaviours, and values match the intentions of its designers and the interests of the people it serves. Misaligned agents may optimise for proxy metrics rather than true goals, cause unintended harm, or pursue objectives that diverge from human values. Alignment research informs the design of agent governance controls — particularly human oversight, approval workflows, and containment strategies.
Defined termAI Attribution
AI attribution is the practice of disclosing when content, decisions, or actions were generated or influenced by an AI system. Some regulations and professional standards require clear attribution to maintain transparency and trust.
Defined termAI Audit
An AI audit is a formal review of an AI system's design, data, behavior, and governance controls to verify compliance with internal policies, regulations, or industry standards. Audits may be conducted internally or by independent third parties.
Defined termAI Bill of Materials (AI BOM)
An AI bill of materials is a comprehensive inventory of all components that make up an AI system — including models, training data sources, frameworks, libraries, tools, APIs, and configuration. It enables supply chain risk management and auditability.
Defined termAI Business Case
An AI business case is the documented justification for investing in an AI agent deployment — including the problem it solves, the expected benefits, the implementation cost, the governance requirements, and the success metrics. A strong business case includes risk assessment and a plan for monitoring value realisation over time.
Defined termAI Center of Excellence
An AI center of excellence is a cross-functional team within an organisation that establishes standards, best practices, and governance frameworks for AI adoption. It typically includes representatives from engineering, data science, legal, compliance, and business leadership.
Defined termAI Change Management
AI change management is the governed process of reviewing, approving, and deploying changes to AI agents — including model updates, prompt modifications, tool additions, and policy adjustments. It prevents uncontrolled changes from reaching production.
Defined termAI Compliance Officer
An AI compliance officer ensures that an organisation's AI deployments — including AI agents — comply with applicable laws, regulations, and internal policies. The role monitors for regulatory changes, conducts compliance assessments, and coordinates with legal, engineering, and governance teams to address compliance gaps.
Defined termAI Copilot
An AI copilot is an agent that works alongside a human user, suggesting actions, drafting content, or automating routine steps while the human retains control over final decisions. Copilots represent a lower-autonomy, lower-risk deployment model.
Defined termAI Copyright
AI copyright refers to the legal questions around ownership and protection of content generated by AI systems. Jurisdictions differ on whether AI-generated works are copyrightable and who holds rights — the user, the developer, or no one.
Defined termAI Disclosure
AI disclosure is the practice of informing users, customers, or regulators when they are interacting with or affected by an AI system. Disclosure requirements are growing in regulations such as the EU AI Act and various consumer protection laws.
Defined termAI Ethics Board
An AI ethics board is a cross-functional body within an organisation that reviews and advises on the ethical implications of AI projects. It typically includes representatives from legal, compliance, engineering, product, and external advisors.
Defined termAI Firewall
An AI firewall is a security control layer that inspects AI agent inputs and outputs in real time to detect and block malicious content, policy violations, and anomalous behaviour. It operates similarly to a network firewall but is tailored to AI-specific threats — prompt injection, data exfiltration via model outputs, harmful content generation, and unauthorised tool use. AI firewalls complement rather than replace agent-level governance controls.
Defined termAI Governance Analyst
An AI governance analyst supports the review, documentation, and monitoring of AI systems across an organisation — maintaining AI inventories, tracking policy compliance, analysing audit logs, and preparing governance reports for stakeholders. The role is often the operational layer of an AI governance program.
Defined termAI Governance Board
An AI governance board is a senior cross-functional committee that sets AI strategy, approves high-risk use cases, resolves escalations, and ensures the organisation's AI activities align with its values, policies, and regulatory obligations.
Defined termAI Governance Framework
An AI governance framework is a structured set of policies, processes, roles, and controls that an organisation uses to manage AI systems responsibly throughout their lifecycle. It typically covers risk assessment, accountability, transparency, and continuous monitoring.
Defined termAI Governance Framework
An AI governance framework is the structured set of policies, processes, roles, and controls an organisation uses to manage its AI systems responsibly. A mature framework covers the full AI lifecycle — from model selection and data sourcing through deployment, monitoring, incident response, and retirement — and aligns with applicable regulations such as the EU AI Act, NIST AI RMF, and ISO 42001.
Defined termAI Guardrail Layer
An AI guardrail layer is a dedicated component in an agent architecture that intercepts inputs and outputs to apply safety checks, content filtering, PII detection, and policy enforcement before actions reach their target.
Defined termAI Impact Assessment
An AI impact assessment is a structured evaluation conducted before deploying an AI system to identify potential risks, benefits, and mitigations. It typically covers fairness, privacy, safety, transparency, and stakeholder impact.
Defined termAI in Financial Services
AI in financial services encompasses the use of AI agents for trading, risk assessment, fraud detection, customer service, and regulatory compliance. Financial regulators impose strict requirements around explainability, fairness, audit trails, and operational resilience.
Defined termAI in Government
AI in government uses AI agents for public services, policy analysis, and administrative processes. Government AI deployments face heightened scrutiny around bias, transparency, democratic accountability, and public trust.
Defined termAI in Healthcare
AI in healthcare applies AI agents to clinical documentation, diagnostic support, drug discovery, and patient communication. Healthcare AI governance must address patient safety, data privacy (HIPAA), clinical accuracy, and liability for AI-assisted decisions.
Defined termAI in Insurance
AI in insurance uses AI agents for claims processing, underwriting, fraud detection, and customer engagement. Governance must ensure actuarial fairness, prevent discriminatory pricing, maintain explainability, and comply with insurance-specific regulations.
Defined termAI in Legal
AI in legal applies AI agents to contract review, legal research, discovery, and compliance analysis. Governance concerns include confidentiality, privilege, accuracy of legal interpretations, and the professional responsibility of lawyers relying on AI outputs.
Defined termAI Incident
An AI incident is an event where an AI system causes or nearly causes harm — including producing incorrect outputs, leaking data, discriminating against users, or taking unauthorized actions. Incidents should be logged, investigated, and reported through governance processes.
Defined termAI Incident Database
An AI incident database is a public or internal repository of documented AI failures, harms, and near-misses. Reviewing incident databases helps organisations learn from others' mistakes and design more robust governance controls.
Defined termAI Inventory
An AI inventory is a comprehensive register of all AI systems, models, and agents deployed or in development within an organisation. It records ownership, purpose, risk classification, data sources, and governance status for each entry.
Defined termAI Liability
AI liability refers to the legal responsibility for harm caused by AI systems, including AI agents that take autonomous actions with real-world consequences. Liability frameworks are evolving rapidly — the EU AI Act introduces product liability extensions for high-risk AI, and national courts are developing case law on whether liability falls on model developers, platform operators, or deploying organisations. Understanding AI liability exposure is a key input to risk classification and governance investment decisions.
Defined termAI Literacy
AI literacy is the baseline understanding of AI concepts, capabilities, limitations, and risks that enables individuals across an organisation to make informed decisions about AI adoption and use. It is a prerequisite for effective AI governance.
Defined termAI Maturity
AI maturity describes how advanced an organisation is in its AI adoption — from experimenting with individual use cases to running governed, production-grade agents at scale. Maturity assessments help identify gaps in technology, process, and governance.
Defined termAI Maturity Model
An AI maturity model is a staged framework that describes the progression from ad hoc, ungoverned AI usage to optimised, fully governed AI operations. Maturity levels typically span from initial adoption (experimental models, no governance) through defined processes, governed production deployments, and finally to continuous improvement with measurement and optimisation. Organisations use maturity models to benchmark current state and plan governance investments.
Defined termAI Operating Model
An AI operating model defines how an organisation structures teams, processes, and technology to build, deploy, and govern AI systems at scale. It covers roles, responsibilities, decision rights, and the interplay between central and decentralised teams.
Defined termAI Oversight
AI oversight is the ongoing supervision of AI systems by designated individuals, teams, or automated controls to ensure they operate within acceptable boundaries. Effective oversight combines monitoring, alerting, escalation, and periodic review.
Defined termAI Policy Library
An AI policy library is a centralised repository of governance rules, guidelines, and constraints that can be applied to AI agents. Policies in the library are versioned, tagged by use case, and can be composed into policy sets for different agent classifications.
Defined termAI Procurement
AI procurement is the process of evaluating, selecting, and onboarding external AI models, tools, or services with appropriate governance due diligence. It includes vendor risk assessment, data processing agreements, and compliance verification.
Defined termAI Product Owner
An AI product owner is responsible for the business value, scope, and requirements of an AI agent or agent-powered product. In governed organisations, the AI product owner also bears responsibility for ensuring that the agent is approved for its use case, monitored in production, and updated when requirements or risk profiles change.
Defined termAI Provenance
AI provenance is the traceable record of how an AI output was produced — including the model used, the input data, the prompt, the tools invoked, and the governance controls applied. Provenance enables accountability and supports regulatory requirements.
Defined termAI Proxy
An AI proxy is an intermediary layer that intercepts traffic between AI agents and the systems they interact with — such as model APIs, MCP servers, or enterprise data sources — to inspect, filter, log, and enforce policies on requests and responses. AI proxies implement governance controls without requiring changes to the agents themselves, making them particularly useful for governing legacy or third-party agent deployments.
Defined termAI Red Teaming
AI red teaming is the practice of systematically probing an AI system for vulnerabilities, biases, and failure modes by simulating real-world attacks and edge cases. It is increasingly required by regulation for high-risk AI systems.
Defined termAI Regulatory Mapping
AI regulatory mapping is the process of identifying all regulations, standards, and legal obligations that apply to a specific AI agent deployment — across jurisdiction, industry, data type, and risk level. It is a foundational input to compliance planning and helps teams avoid gaps in governance coverage.
Defined termAI Regulatory Sandbox
An AI regulatory sandbox is a controlled environment established by a regulator where organisations can test innovative AI systems under relaxed or supervised regulatory conditions. It allows experimentation while managing risk to affected individuals.
Defined termAI Risk Assessment
An AI risk assessment is a systematic evaluation of the potential harms, failure modes, and likelihood of adverse outcomes associated with deploying an AI system. It informs which controls, monitoring, and human oversight are needed.
Defined termAI Risk Officer
An AI risk officer is responsible for identifying, assessing, and managing the risks associated with AI systems across the organisation. The role bridges technical AI teams with enterprise risk management and regulatory affairs.
Defined termAI Risk Register
An AI risk register is a structured log of identified risks associated with AI systems, including their likelihood, potential impact, current controls, residual risk level, and assigned owner. It is a foundational tool for governance teams.
Defined termAI ROI
AI return on investment measures the business value generated by AI systems relative to the total cost of building, deploying, and governing them. Governance itself contributes to ROI by reducing risk, enabling faster deployment, and building stakeholder trust.
Defined termAI Safety
AI safety is the field focused on ensuring AI systems behave as intended and do not cause unintended harm. For agentic AI, safety encompasses runtime controls, containment strategies, evaluation, monitoring, and incident response.
Defined termAI Singularity
The AI singularity is a theoretical point at which AI systems become capable of recursive self-improvement, leading to rapid and potentially uncontrollable advances in intelligence. While speculative, singularity scenarios inform long-term AI safety research.
Defined termAI Strategy
An AI strategy is an organisation's plan for adopting, scaling, and governing AI to achieve business objectives. A mature AI strategy integrates governance from the start rather than treating it as a separate compliance exercise.
Defined termAI System Deployer
An AI system deployer is the entity that uses an AI system under the authority of the provider. Deployers have their own obligations, including monitoring the system in operation, maintaining logs, and conducting fundamental rights impact assessments.
Defined termAI System Provider
An AI system provider is the entity that develops or places an AI system on the market. Under the EU AI Act, providers of high-risk systems bear primary responsibility for compliance, including risk management, documentation, and post-market monitoring.
Defined termAI Transparency
AI transparency is the practice of making an AI system's purpose, capabilities, limitations, and decision-making processes understandable to stakeholders. Transparency builds trust and is increasingly a regulatory requirement for high-risk AI systems.
Defined termAI Trust
AI trust is the confidence that stakeholders — users, regulators, customers, and the organisation itself — have in an AI system's reliability, safety, fairness, and compliance. Trust is built through transparency, governance, and consistent performance.
Defined termAI Use-Case Registry
An AI use-case registry is a centralised inventory of all AI applications and agent workflows deployed or planned within an organisation. Each entry records the use case's purpose, business owner, risk classification, compliance requirements, and associated agent identifiers. The registry gives governance teams a complete picture of AI deployments across the organisation and is the starting point for risk-based governance prioritisation.
Defined termAI Value Realisation
AI value realisation is the discipline of measuring and demonstrating the business outcomes generated by AI agent deployments — translating technical metrics such as task completion rate and error reduction into business metrics such as cost savings, revenue impact, and customer satisfaction. It connects agent governance to business strategy.
Defined termAlert Fatigue (AI)
AI alert fatigue occurs when governance or monitoring systems generate so many alerts that operators become desensitised and miss genuine issues. Effective agent governance tunes alerting thresholds to balance coverage with actionability.
Defined termAlgorithmic Accountability
Algorithmic accountability is the principle that organisations deploying automated decision-making systems should be able to explain, justify, and take responsibility for the outcomes those systems produce.
Defined termAlgorithmic Impact Assessment
An algorithmic impact assessment is a structured evaluation of how an AI system may affect individuals, communities, and society — covering risks such as discrimination, privacy loss, economic displacement, and erosion of trust. Some jurisdictions require them for high-risk deployments.
Defined termAmbient Authority
Ambient authority is a security anti-pattern in which an agent inherits broad permissions from its execution environment — such as the credentials of the user account it runs under — rather than being granted only the specific permissions it needs for a task. It is a major source of privilege escalation risk in agent systems, because an agent that gains ambient authority can act far beyond its intended scope without any explicit permission grant.
Defined termAnomaly Detection (Agent)
Agent anomaly detection identifies unusual patterns in an agent's behavior — such as unexpected tool calls, abnormal token usage, or novel output patterns — that may indicate a problem, attack, or drift from expected operation.
Defined termAnonymisation (AI)
Anonymisation in AI is the irreversible transformation of personal data so that individuals can no longer be identified from the data, directly or indirectly. Properly anonymised data falls outside the scope of GDPR. For AI agents, anonymisation is applied to training data, audit logs, and outputs to reduce privacy risk — but must be robust enough to withstand re-identification attacks, particularly when combined with external datasets.
Defined termAnswer Faithfulness
Answer faithfulness is an evaluation metric that measures whether an AI agent's response is grounded in and consistent with the source context it was given — rather than hallucinated or contradicted by the context. It is a core metric in RAG-based agent evaluation and is required for compliance use cases where agents must only cite information from approved sources.
Defined termAnswer Relevance
Answer relevance is an evaluation metric that measures how directly an AI agent's response addresses the user's actual question or task. A response that is factually accurate but off-topic scores low on relevance. It is typically assessed by comparing the response to the original query rather than to a source document.
Defined termAPI Gateway
A server that acts as the single entry point for API traffic, handling authentication, rate limiting, request routing, and policy enforcement. In agent architectures, the gateway validates MCP tokens before forwarding requests to backend services.
Defined termAPI Key (Agent)
An API key is a static secret an agent can present to an API. It is simple to use but weaker than short-lived, scoped tokens because it is harder to rotate and easy to over-share.
Defined termApproval Workflow
An approval workflow is a structured process that requires one or more human reviewers to authorise a high-risk agent action before it is executed. Governance platforms route the request, capture the reviewer's decision, record the justification, and log the outcome as part of the audit trail.
Defined termArtifact (A2A)
An artifact in A2A is a concrete output produced during a task, such as text, a file, or structured data. It represents the result another agent or system can use next.
Defined termArtificial General Intelligence (AGI)
Artificial general intelligence refers to a hypothetical AI system capable of understanding and performing any intellectual task a human can. While AGI does not yet exist, governance frameworks should anticipate increasingly capable and autonomous AI systems.
Defined termAsync Agent Communication
Asynchronous agent communication is the pattern where agents exchange messages through queues or event streams rather than via direct synchronous calls. It enables agents to work on long-running tasks, survive service restarts, and scale independently — while the queue provides durability and a natural audit log of all inter-agent communication.
Defined termAttack Surface (Agent)
An agent's attack surface is the total set of points where an attacker could try to influence, compromise, or extract data from the agent — including its inputs, tools, APIs, memory, context sources, and model provider.
Defined termAttention Mechanism
An attention mechanism allows a model to focus on the most relevant parts of its input when generating each token of output. Understanding attention helps explain why models sometimes miss context or over-focus on certain input segments.
Defined termAttribute Inference Attack
An attribute inference attack uses a language model or AI system to infer sensitive personal attributes — such as health conditions, political views, or financial status — from publicly available information about an individual. It is a privacy risk in agent deployments that handle personal data.
Defined termAttribute-Based Access Control (ABAC)
Attribute-based access control is an authorization model that grants or denies access based on a combination of attributes — properties of the requesting agent, the resource being accessed, the action being taken, and the environmental context. ABAC is more expressive than role-based access control and can encode complex governance rules such as 'agents may access PII only if the requesting user has given explicit consent and the task is classified as low risk'.
Defined termAudit Aggregation
Audit aggregation is the consolidation of audit trail data from multiple AI agents, frameworks, and environments into a single, queryable log store. It gives compliance and security teams a unified view of all agent activity across the organisation, enabling cross-agent correlation, incident investigation, and regulatory reporting.
Defined termAudit Log Integrity
Audit log integrity is the guarantee that an audit trail has not been altered, deleted, or selectively modified after the fact. For AI agent audit logs to be trusted as evidence — by internal teams, auditors, or regulators — they must be tamper-evident: typically through append-only storage, cryptographic hashing, or write-once infrastructure. Logs without integrity guarantees cannot reliably prove that governance controls were applied.
Defined termAudit Readiness
Audit readiness is the state in which an organisation's AI governance controls, documentation, and evidence are sufficiently mature and well-organised to withstand scrutiny from an external auditor or regulator. It requires that policies are documented, controls are consistently enforced, audit trails are complete and tamper-evident, incidents are logged with remediation records, and responsible owners are identified for every material control.
Defined termAudit Trail
An audit trail is a chronological, tamper-evident record of actions taken within a system. For AI agents, it should capture which agent acted, on whose behalf, what tools or data were accessed, what policy decisions were triggered, and what happened next.
Defined termAuthorization Policy
An authorization policy is a set of rules that governs what a verified identity is permitted to do. In agent governance, authorization policies define which tools an agent can call, which data it can access, what actions it can take on behalf of a user, and under what conditions those permissions apply. Policies should be machine-readable, version-controlled, and enforced at runtime rather than hardcoded into application logic.
Defined termAutomated Compliance
Automated compliance uses technology to continuously verify that AI agents adhere to governance policies, regulations, and internal standards without requiring manual checks. It reduces human error and enables compliance at the speed agents operate.
Defined termAutomated Evaluation
Automated evaluation uses programmatic checks, model-based judges, or statistical metrics to assess agent performance at scale. It enables continuous testing in CI/CD pipelines but should be supplemented with human review for nuanced quality.
Defined termAutonomous Agent
An autonomous agent is an AI system that can independently plan, reason, use tools, and take actions to achieve a goal with minimal or no human intervention during execution. The degree of autonomy varies and should be matched with proportionate governance controls.
Defined termBackdoor Attack (AI)
A backdoor attack embeds hidden behaviour into an AI model during training — causing the model to behave normally under most inputs but to produce attacker-controlled outputs when a specific trigger pattern is present. Backdoors in foundation models used by AI agents can be extremely difficult to detect without extensive red-teaming.
Defined termBaseline Behaviour (Agent)
A baseline behaviour is the characterised normal operating pattern of an AI agent — the typical distribution of tool calls, token consumption, response latencies, error rates, and data access patterns observed during a reference period. Establishing a baseline is a prerequisite for anomaly detection: deviations from baseline trigger investigation because they may indicate compromise, misconfiguration, or policy violation.
Defined termBearer Token
A bearer token grants access to whoever possesses it. Because possession is enough, bearer tokens must be protected in transit, storage, and logs.
Defined termBehavioral Orchestration
Behavioral orchestration is the coordination of how multiple agents act across a workflow. It defines which agent acts next, what context is passed forward, and what rules govern the handoff.
Defined termBehaviour Deviation (Agent)
A behaviour deviation is a measurable departure from an AI agent's established baseline — such as a spike in token usage, an unusual tool call sequence, access to data outside the agent's normal scope, or a change in output patterns. Deviations do not always indicate malicious activity, but they are a primary signal for governance and security teams to investigate potential policy violations or compromised agent sessions.
Defined termBenchmark (Agent)
An agent benchmark is a standardised set of tasks used to measure and compare agent performance across dimensions such as accuracy, reasoning depth, tool use efficiency, and instruction following. Benchmarks provide a reproducible baseline for tracking improvement over time and for comparing different models or agent configurations against each other.
Defined termBenchmark (AI)
An AI benchmark is a standardised test or dataset used to measure and compare the performance of AI models or agents on specific tasks. Benchmarks help organisations select models and track quality over time, but may not reflect real-world conditions.
Defined termBias Detection
Bias detection is the process of identifying systematic unfairness in an AI model's outputs across protected groups or sensitive attributes. In agent governance, bias checks should be part of evaluation pipelines before deployment.
Defined termBlast Radius
Blast radius is the scope of damage that can result from an agent failure, compromise, or misconfiguration. Governance controls like sandboxing, least privilege, and kill switches are designed to minimise blast radius.
Defined termBlue Teaming (Agent)
Agent blue teaming is the defensive practice of monitoring, detecting, and responding to attacks or anomalies in running AI agents. Blue teams build the detection rules, response playbooks, and governance dashboards that keep agents safe in production.
Defined termBlue-Green Deployment (Agent)
Blue-green deployment maintains two identical agent environments — one live (blue) and one staging (green). New agent versions are deployed to green, validated, and then traffic is switched over with zero downtime.
Defined termBlue-Green Deployment (Agent)
Blue-green deployment for AI agents maintains two identical production environments — one live (blue) and one staging the new version (green). Traffic is switched atomically from blue to green once the new version passes validation, enabling instant rollback if quality issues are detected.
Defined termBreak-Glass Access (Agent)
Break-glass access is an emergency procedure that grants an AI agent elevated permissions outside the normal approval workflow in response to a critical incident. All break-glass events must be logged, automatically time-limited, and subject to post-hoc review to ensure they are not abused.
Defined termBreakout Attack (Agent)
A breakout attack occurs when an AI agent escapes the boundaries of its intended execution environment — accessing systems, data, or capabilities outside its defined scope. In sandboxed deployments, breakout exploits vulnerabilities in the sandbox itself. In policy-governed systems, it exploits gaps or ambiguities in the policy rules. Breakout is the primary threat that runtime containment strategies are designed to prevent.
Defined termCanary Deployment (Agent)
A canary deployment gradually routes a small percentage of agent traffic to a new version while monitoring for regressions. If the canary shows elevated error rates, policy violations, or cost spikes, traffic is rolled back automatically.
Defined termCanary Deployment (Agent)
A canary deployment for AI agents gradually routes increasing proportions of production traffic to a new agent version while monitoring quality and error metrics. It limits the blast radius of a bad release to a small user fraction while providing real performance data from production.
Defined termCanary Deployment (AI Agent)
A canary deployment for AI agents is a release strategy in which a new agent version is rolled out to a small subset of traffic or users before wider deployment. It allows teams to observe the new version's behaviour, quality, and cost in production with limited blast radius. Governance platforms should automatically compare the canary's policy compliance, output quality, and resource consumption against the baseline before approving full rollout.
Defined termCanary Evaluation
Canary evaluation routes a small fraction of production agent traffic to a new agent version and monitors quality, error rate, and policy compliance in real time before full rollout. It is a risk management technique that limits exposure to regressions while enabling empirical performance comparison on live data.
Defined termCapability Control (AI)
Capability control is the practice of limiting what an AI agent is technically able to do — through tool restrictions, output filtering, API permissions, and execution environment constraints — rather than relying solely on the agent's own safety training to prevent harmful behaviour. Capability controls are a defence-in-depth strategy: even if an agent's reasoning can be manipulated, the controls ensure it cannot take actions outside its permitted scope.
Defined termCapability Discovery
Capability discovery is the process of learning what another agent or service can do before calling it. It usually means reading metadata such as tools, inputs, auth requirements, and usage constraints.
Defined termCatastrophic Forgetting
Catastrophic forgetting is when a neural network loses previously learned knowledge after being trained on new data. For agents, this means fine-tuning or updates can degrade performance on earlier tasks — requiring regression testing and governance review.
Defined termCCPA (AI Agents)
The California Consumer Privacy Act (CCPA) gives California residents rights over their personal data, including data used by AI agents. AI agents that collect, process, or make decisions based on California residents' data must support opt-out rights, data access requests, and deletion obligations — and must document what data they access.
Defined termCCPA (California Consumer Privacy Act)
CCPA is a U.S. state privacy law that gives California consumers rights over their personal information, including the right to know, delete, and opt out of its sale. AI agents processing consumer data must comply with these requirements.
Defined termCertificate Authority (CA)
A trusted entity that issues digital certificates used to verify the identity of machines and services. In agent architectures, CAs issue the certificates used for mTLS and code signing.
Defined termCertificate Rotation (Agent)
Certificate rotation is the periodic replacement of TLS certificates and cryptographic keys used by AI agents and MCP servers to authenticate themselves and secure communications. Short certificate lifetimes reduce the window of exposure if a certificate is compromised. In agent systems, certificate rotation must be automated to avoid service disruptions, and rotation events should be logged as part of the identity audit trail.
Defined termChain of Custody
Chain of custody in AI agent systems is the documented sequence of identities, decisions, and handoffs that describes how data or authority moved through an agent workflow. It answers questions like: who initiated this task, which agents processed it, what data was accessed at each step, and who approved the final action. A complete chain of custody is essential for incident response and regulatory investigations.
Defined termChain of Thought
Chain of thought is the model's intermediate reasoning process when working toward an answer or action. Teams should not depend on raw chain-of-thought output as a required control or audit record.
Defined termChargeback Model
A chargeback model is a financial accountability mechanism that bills the cost of AI agent operations back to the teams or business units that use them. It creates economic incentives to deploy agents efficiently, retire unused agents, and right-size resource allocations — and is a common component of enterprise FinOps programmes for AI.
Defined termChief AI Officer (CAIO)
A Chief AI Officer is the senior executive responsible for AI strategy, governance, and deployment across an organisation. The CAIO coordinates AI investment, sets governance standards, manages AI risk at the board level, and ensures that AI deployments align with business objectives and regulatory expectations.
Defined termCI/CD for AI
CI/CD for AI applies continuous integration and continuous deployment practices to AI agent development — automatically testing, evaluating, and deploying changes to models, prompts, tools, and policies through a governed pipeline.
Defined termClaims-Based Identity
Claims-based identity is an authentication model in which an identity provider issues a token containing assertions (claims) about the subject — such as its name, role, group membership, or custom attributes. In agent systems, claims can encode agent-specific metadata like framework, version, owning team, and risk classification, giving downstream services the information they need to make fine-grained authorization decisions.
Defined termClient Secret (M2M)
A client secret is a confidential value used with a client ID to authenticate a machine client during OAuth flows such as client credentials. It should be stored and rotated like any other sensitive secret.
Defined termCode Execution Agent
A code execution agent is an agent that writes and runs code in a sandboxed environment to solve analytical, computational, or data transformation tasks. It requires strict sandboxing and resource limits to prevent uncontrolled execution.
Defined termCompliance Gap Analysis
A compliance gap analysis for AI agents is a structured assessment that compares the organisation's current governance controls against the requirements of a target framework — such as SOC 2, ISO 42001, the EU AI Act, or an internal policy standard — and identifies where controls are missing, incomplete, or insufficiently documented. Gap analyses drive remediation roadmaps and are often required as the first step before a formal audit.
Defined termCompliance Reporting
Compliance reporting for AI agents is the generation of structured evidence that demonstrates agents are operating within regulatory and policy requirements. Reports typically cover agent inventory, access patterns, policy violations, audit trail completeness, and remediation history — formatted for consumption by auditors, regulators, or internal risk committees.
Defined termComputer Use Agent
A computer use agent is an AI system that can interact with software applications through a graphical user interface — clicking buttons, filling forms, and navigating screens like a human user. It requires strict scoping and monitoring because it can take real actions across any application.
Defined termConfidence Score
A confidence score is a numeric value representing how certain a model or agent is about a particular output or decision. Low-confidence actions can be routed for human review or blocked by policy rules.
Defined termConfidence Score (Agent)
A confidence score is a numerical estimate of how certain an AI agent is about its output or the correctness of a decision. Agents with calibrated confidence scores can trigger escalation to human reviewers or request additional context when confidence falls below a threshold — making confidence-aware routing a practical governance control.
Defined termConfiguration Drift
Configuration drift occurs when an AI agent's deployed state diverges from its approved, governed configuration over time — through manual changes, dependency updates, or environment differences. Detecting drift is a key governance function because an agent operating outside its approved configuration may no longer comply with the policies it was originally bound to.
Defined termConformity Assessment
A conformity assessment is the process of verifying that an AI system meets the requirements set out by applicable regulation before it can be placed on the market. For high-risk AI systems under the EU AI Act, this may involve internal checks or third-party audits.
Defined termConfused Deputy Attack
A security vulnerability where an agent with legitimate access is tricked into misusing its privileges on behalf of an attacker. Common in delegation scenarios where token scoping is too broad.
Defined termConstitutional AI
Constitutional AI is an alignment approach where a model is trained to follow a set of principles or rules. It aims to make models self-correcting by having them evaluate their own outputs against the constitution before responding.
Defined termConsumption-Based Pricing (AI)
Consumption-based pricing charges organisations for AI agent usage based on the volume of work performed — such as tokens processed, tasks completed, or API calls made — rather than a flat fee. It aligns costs with value but requires granular metering and cost governance controls to prevent unexpected bill spikes from runaway agents.
Defined termContainerised Agent
A containerised agent runs inside a Docker container or similar isolated runtime environment. Containerisation provides reproducibility, isolation, and portability — and enables consistent governance controls across development, staging, and production.
Defined termContainment Strategy
A containment strategy defines how to limit the impact of an AI agent that is behaving unexpectedly — including throttling, suspending, isolating, or rolling back the agent. It is the governance equivalent of an incident response playbook.
Defined termContainment Strategy (AI)
An AI containment strategy is a set of technical and procedural controls designed to limit the potential impact of an AI agent that behaves unexpectedly or is compromised. Containment measures include sandboxed execution environments, network egress restrictions, read-only tool modes, automatic suspension on policy violation, and human review gates for high-risk actions. A layered containment strategy ensures that a single failure point cannot lead to catastrophic outcomes.
Defined termContent Filtering
Content filtering is the process of screening AI-generated text, images, or other outputs to block or flag content that violates policies — such as harmful, misleading, offensive, or non-compliant material.
Defined termContent Modality (A2A)
Content modality in A2A refers to the type of content agents exchange, such as text, files, audio, images, or structured data. Each modality has different handling, security, and validation needs.
Defined termContext Broker
A context broker is a service that collects context from multiple sources and delivers the relevant subset to the systems that need it. It acts as an intermediary between context producers and consumers.
Defined termContext Consumer
A context consumer is any agent, model, or application that reads context from another system so it can make decisions or complete a task.
Defined termContext Fusion
Context fusion is the process of combining context from multiple sources into a more complete or reliable view. It is useful when no single system has enough information on its own.
Defined termContext Persistence
Context persistence is the storage of context beyond a single request or session so it can be reused, audited, or referenced later.
Defined termContext Precision
Context precision is a RAG evaluation metric that measures whether the retrieved documents an agent was given actually contain the information needed to answer the query — as opposed to returning many irrelevant chunks that increase noise and token cost. High context precision leads to more accurate agent responses at lower cost.
Defined termContext Provider
A context provider is any system or service that supplies context to an agent, model, or workflow. It may expose current state, reference data, events, or identity information.
Defined termContext Recall
Context recall is a RAG evaluation metric that measures whether all the information needed to answer a query was present in the retrieved context. Low recall means the agent is likely to miss key information and produce incomplete or hallucinated answers even with a high-quality model.
Defined termContext Schema
A context schema is a machine-readable definition of the fields, types, and structure used when passing context to an agent or model. It helps different systems interpret the same context consistently.
Defined termContext Versioning
Context versioning is the practice of tracking changes to a context schema or context payload format over time. It helps clients and servers stay compatible as fields are added, removed, or reinterpreted.
Defined termContext Window
A context window is the maximum amount of input a model can process in one request, measured in tokens. It limits how much conversation history, retrieved data, and tool output can be considered at once.
Defined termContext Window Poisoning
Context window poisoning is an attack in which malicious content is injected into an agent's input context — through a retrieved document, a tool response, or a prior conversation turn — with the intent of overriding the agent's instructions or causing it to take harmful actions. It is a variant of indirect prompt injection that targets the context assembly layer rather than the system prompt directly.
Defined termContext-Driven Adaptation
Context-driven adaptation is when an agent changes its behavior based on current context, such as identity, risk, location, or tool availability. The same agent may act differently under different conditions.
Defined termContextual Data Stream
A contextual data stream is a continuous feed of events or state updates that can affect an agent's decisions. Examples include user actions, policy changes, sensor readings, or transaction events.
Defined termContextual Event
A contextual event is a time-stamped change in state that may alter how an agent should behave. Examples include a policy update, a risk score change, or a user action.
Defined termContextual Query Language
A contextual query language is any query interface used to request a specific slice of context based on filters such as identity, time, resource, or task. It helps systems retrieve only the context they actually need.
Defined termContinuous Compliance
Continuous compliance is the practice of monitoring AI agent behavior against governance policies in real time rather than relying on periodic audits. It provides immediate detection of violations and evidence that controls are working.
Defined termControl Mapping
Control mapping is the practice of documenting which specific technical or procedural controls satisfy which requirements in a compliance framework. For AI agent governance, control mapping links capabilities — such as runtime policy enforcement, immutable audit trails, and access reviews — to the specific clauses of frameworks like SOC 2, ISO 42001, or the EU AI Act. It is the foundation of evidence packages presented to auditors.
Defined termControl Objective
A control objective is the specific outcome a governance control is designed to achieve — such as preventing data leakage, ensuring agent actions are auditable, or limiting blast radius. Control objectives bridge high-level policy with enforceable rules.
Defined termConversational Agent
A conversational agent interacts with users through natural language dialogue, interpreting intent and generating responses. When given tool access, conversational agents become agentic and require runtime governance to constrain their actions.
Defined termCorrigibility
Corrigibility is the property of an AI system that allows it to be safely corrected, redirected, or shut down by its operators without the system resisting the intervention. A corrigible agent does not place excessive value on its own continuity or current objectives — it defers to human authority when instructed to change course. Corrigibility is a design goal for enterprise AI agents and is supported by governance controls such as kill switches, approval workflows, and runtime policy enforcement.
Defined termCorrigibility
Corrigibility is the property of an AI agent that makes it responsive to correction, shutdown, and modification by its operators — without resisting, circumventing, or manipulating humans in order to preserve its current goals. Ensuring AI agents remain corrigible is a core AI safety objective, especially as agents become more capable of taking autonomous actions.
Defined termCost Attribution
Cost attribution is the practice of assigning AI infrastructure costs — compute, tokens, API calls, and storage — to the specific agents, teams, or business units that incurred them. Accurate attribution enables chargeback models, budget accountability, and the identification of agents whose cost-to-value ratio justifies optimisation or retirement.
Defined termCost Governance
Cost governance for AI agents is the set of policies and controls that prevent runaway spending by enforcing budgets, monitoring consumption, alerting on anomalies, and requiring approval for high-cost operations. As AI agent deployments scale, cost governance becomes as important as security governance — unchecked agent spend can rapidly become a material business risk.
Defined termCost per Task (Agent)
Cost per task is a unit economics metric that captures the total resource spend — model inference, API calls, compute, and storage — attributable to a single agent task or workflow execution. Tracking cost per task enables teams to compare the economic efficiency of different agent designs, identify workflows that are disproportionately expensive, and build business cases for optimisation.
Defined termCredential Rotation (Agent)
Credential rotation is the replacement of an agent's secrets on a regular schedule or after a security event. It reduces the impact of leaked credentials and supports safer long-lived automations.
Defined termCredential Vaulting (Agent)
Credential vaulting for AI agents is the practice of storing the secrets that agents need — API keys, database passwords, OAuth client secrets — in a centralised secrets manager rather than in code, environment variables, or configuration files. Centralised vaulting enables rotation without redeployment, access logging, and immediate revocation.
Defined termCredentials
Credentials are the secrets or cryptographic material used to prove identity, such as API keys, tokens, certificates, or signed assertions. Good credential design limits scope, lifetime, and reuse.
Defined termCross-Agent Contamination
Cross-agent contamination occurs when data, context, or malicious instructions from one agent's session leak into another agent's execution context — causing unintended behaviour, data exposure, or policy bypass. It is most likely when agents share memory stores, context pools, or tool caches without strict tenant isolation. Prevention requires per-agent context isolation and careful boundary enforcement in shared infrastructure.
Defined termCycloneDX (AI)
CycloneDX is an open-source SBOM standard that has been extended to support AI/ML model metadata — including model cards, training data references, and algorithm details. Using CycloneDX for AI agent inventories provides a standardised, machine-readable format for supply chain governance and regulatory documentation.
Defined termData Access Control
Data access control defines who and what can read, write, or modify specific datasets. For AI agents, access controls must be enforced at the retrieval layer to ensure agents only see data they are authorised to use.
Defined termData Classification
Data classification assigns sensitivity labels to data — such as public, internal, confidential, or restricted — based on its content and regulatory requirements. Agent permissions should be scoped to the data classifications they are authorised to access.
Defined termData Exfiltration (Agent)
Data exfiltration via AI agents occurs when an agent, whether compromised or misconfigured, transmits sensitive data to an unauthorised destination. Agents are particularly high-risk exfiltration vectors because they routinely access internal systems, process sensitive data, and make outbound API calls — all of which can be exploited if access controls and output monitoring are insufficient.
Defined termData Governance
Data governance is the framework of policies, processes, and standards that ensures data is accurate, consistent, secure, and used responsibly. For AI agents, data governance determines what data can be accessed, how it is processed, and where it is stored.
Defined termData Lineage
Data lineage tracks the origin, transformations, and movement of data through systems. For AI agents, data lineage helps answer where training data came from, what context was retrieved, and how inputs were processed into outputs.
Defined termData Minimisation
Data minimisation is the principle that an AI agent should access and process only the minimum data necessary to complete its task. It is a core requirement under GDPR and a key defence against both accidental data leakage and deliberate misuse. In agent governance, minimisation is enforced through scoped credentials, fine-grained access policies, and output filtering.
Defined termData Minimisation (AI)
Data minimisation for AI means collecting and processing only the data that is necessary for the specific task, and retaining it only as long as required. It reduces the risk of data leakage, regulatory exposure, and model memorisation of sensitive information.
Defined termData Poisoning
Data poisoning is an attack where an adversary manipulates training or retrieval data to influence a model's outputs. In RAG-based agents, poisoned knowledge base entries can cause the agent to return harmful or misleading information.
Defined termData Protection Officer (DPO)
A data protection officer is a role required by GDPR and similar regulations to oversee an organisation's data privacy practices. In the context of AI, the DPO ensures agents handle personal data lawfully, transparently, and securely.
Defined termData Residency
The requirement that data be stored and processed within specific geographic boundaries to comply with local regulations. Affects where agent logs, audit trails, and processed data can physically reside.
Defined termData Retention Policy
A data retention policy defines how long different types of data — including agent logs, conversation histories, and audit trails — must be stored and when they should be deleted. Retention rules must comply with regulations and support future audits.
Defined termData Sovereignty
Data sovereignty is the requirement that data be subject to the laws and governance structures of the jurisdiction where it is collected or processed. For AI agents, data sovereignty determines which model APIs can be called, where agent logs and audit trails can be stored, and which compute regions are permissible — making it a key consideration in enterprise and government agent deployments.
Defined termData Subject Request (AI)
A data subject request is a formal request from an individual exercising their rights under data protection law — to access, correct, delete, or restrict the processing of their personal data. For organisations deploying AI agents, DSRs require the ability to locate personal data wherever it exists in the AI stack — training sets, vector stores, audit logs, model outputs, and memory systems — and respond within the legally required timeframe.
Defined termDead Letter Queue (Agent)
A dead letter queue captures agent tasks that could not be processed after a configured number of retries — due to errors, timeouts, or validation failures. It is a critical operational control that prevents work from silently disappearing and provides a queue of failures for investigation and remediation.
Defined termDeceptive Alignment
Deceptive alignment is a hypothetical failure mode where an AI agent behaves correctly during training and evaluation but pursues a different objective when deployed in production — having learned to recognise when it is being monitored. It motivates the use of diverse evaluation, red-teaming, and continuous monitoring rather than relying on point-in-time testing.
Defined termDelegated Access
Delegated access is a pattern in which a user grants an AI agent temporary, scoped permission to act on their behalf. The resulting credentials stay tied to the user's authority and make each agent action traceable to the original delegation.
Defined termDelegated Agent Access
Delegated agent access is a pattern where a human user grants an AI agent time-bound, scoped credentials to act on their behalf. The delegation is explicit, traceable to the original user, and revocable — making every downstream agent action attributable to the person who authorized it, rather than to a generic system identity.
Defined termDelegation Control
Delegation control is the governance capability that limits how an AI agent can pass its authority to other agents or services. Without delegation controls, an agent could grant excessive permissions to downstream agents, creating privilege escalation paths that bypass the original governance boundaries. Strong delegation control enforces that agents can only delegate a subset of their own permissions and that all delegations are logged.
Defined termDiffusion Model
A diffusion model is a type of generative AI that creates images, audio, or video by iteratively refining random noise into coherent output. Governance considerations include deepfake risk, copyright of generated content, and content safety filtering.
Defined termDistributed Tracing (Agent)
Distributed tracing for AI agents is the collection of trace data that follows a request or task as it moves across multiple agents, tools, services, and model calls. Each operation is recorded as a span with timing, identity, and outcome metadata; spans are linked into a unified trace that shows the full execution path. Distributed tracing is essential for debugging multi-agent workflows and proving to auditors that every action in a complex task can be accounted for.
Defined termDORA (Digital Operational Resilience Act)
DORA is a European Union regulation requiring financial institutions to strengthen their ICT risk management, incident reporting, and third-party provider oversight. It applies to AI agent infrastructure used in financial services.
Defined termDORA (Digital Operational Resilience Act)
DORA is a European Union regulation that requires financial services firms to ensure the operational resilience of their digital systems — including AI agents — against ICT-related disruptions and cyber threats. It mandates risk management frameworks, incident reporting, testing of resilience, and governance of third-party ICT service providers. For firms deploying AI agents in financial services, DORA requires that agents be covered by the same resilience and oversight programmes as other critical digital systems.
Defined termDORA (Digital Operational Resilience Act)
DORA is an EU regulation that requires financial entities to ensure operational resilience of their ICT systems — including AI systems and AI agents used in financial services operations. It mandates risk management, incident reporting, testing, and third-party oversight requirements that directly apply to AI agent deployments in banks, insurers, and investment firms.
Defined termDPIA (AI)
A Data Protection Impact Assessment (DPIA) is a GDPR-required analysis conducted before deploying a processing activity likely to result in high risk to individuals — including AI agents that process large-scale personal data, make automated decisions, or engage in systematic monitoring. DPIAs document the data flows, purposes, risks, and mitigations for the AI deployment.
Defined termDrift Detection (Agent)
Agent drift detection monitors whether an agent's real-world behavior has diverged from its expected behavior baseline. Drift can result from model updates, prompt changes, data shifts, or tool modifications.
Defined termDynamic Client Registration (DCR)
An OAuth mechanism (RFC 7591) that allows AI agents to programmatically register themselves with an authorization server and receive credentials, eliminating manual client provisioning for ephemeral agents.
Defined termEdge Agent
An edge agent runs AI inference on local or edge devices rather than in centralised cloud infrastructure. Edge deployment can improve latency and data privacy but adds complexity to governance, monitoring, and version management.
Defined termEmbedding
An embedding is a numerical vector representation of text, images, or other data that captures semantic meaning. Embeddings power search, retrieval, and similarity matching in RAG-based agent systems and must be governed for data access and freshness.
Defined termEmergent Behavior
Emergent behavior is capability or conduct that appears in an AI system without being explicitly programmed or trained for. In agentic systems, emergent behavior can be beneficial (creative problem-solving) or dangerous (unexpected actions) and is difficult to predict or test for.
Defined termEnterprise AI Strategy
An enterprise AI strategy is the organisation-wide plan for how AI will be adopted, governed, and scaled to achieve business objectives. It covers the operating model for AI teams, the governance framework that applies to all deployments, the investment priorities for AI capabilities, the risk appetite that defines acceptable use, and the roadmap for building AI maturity over time. A credible AI strategy requires governance infrastructure — including agent control planes, identity systems, and audit trails — as a foundational layer.
Defined termEnvironment Promotion (Agent)
Environment promotion is the controlled process of moving an agent version from development through staging, pre-production, and production environments, with validation gates and approval requirements at each stage. It prevents unvalidated agent changes from reaching production and provides a documented chain of custody for each release.
Defined termEphemeral Credentials
Short-lived authentication tokens or certificates issued for a single task or session. Unlike static API keys, ephemeral credentials automatically expire, reducing the risk of credential theft and reuse.
Defined termEpisodic Memory (Agent)
Episodic memory in an AI agent is the retention of specific past events — interactions, completed tasks, or decision outcomes — that the agent can retrieve and reason about in future sessions. Unlike semantic memory, which stores general facts, episodic memory stores experiences with temporal context. It enables agents to personalise behaviour based on history but requires careful governance of what is stored and for how long.
Defined termEU AI Act
The European Union's comprehensive regulation classifying AI systems by risk level and imposing obligations on providers and deployers. High-risk AI systems must maintain detailed logs, ensure traceability, and support human oversight.
Defined termEvaluation Dataset
An evaluation dataset is a curated set of inputs and expected outputs used to measure an agent's quality, accuracy, and safety. Good evaluation datasets cover normal operations, edge cases, adversarial inputs, and compliance-sensitive scenarios.
Defined termEvaluation Harness (Agent)
An agent evaluation harness is the test infrastructure that automatically runs an agent against a suite of benchmark tasks, captures outputs, scores them against defined criteria, and generates performance reports. It is the CI layer for agent quality — running on every code or prompt change to catch regressions before they reach production. A mature evaluation harness covers accuracy, latency, cost, tool-call correctness, and safety-policy adherence.
Defined termEvaluation Pipeline
An evaluation pipeline is an automated workflow that benchmarks agent quality, accuracy, safety, and policy compliance before and after deployment. It replaces manual spot-checking with repeatable, data-driven assessment.
Defined termEvasion Attack (AI)
An evasion attack crafts inputs that cause an AI agent's safety or policy filters to fail to detect policy violations — allowing harmful content, prompt injection, or unauthorised instructions to pass through governance controls. Evasion attacks test the robustness of agent guardrails and are a core component of AI red-teaming exercises.
Defined termEvent Sourcing (Agent)
Event sourcing for AI agents stores every state change and action as an immutable, append-only sequence of events — rather than only the current state. This provides a complete audit trail of all agent decisions and actions, enables state reconstruction for forensics, and supports regulatory requirements for full transaction history.
Defined termEvent-Driven Agent Architecture
An event-driven agent architecture is a design pattern where AI agents are triggered by events — such as a new message, a database change, or a scheduled signal — rather than polling for work or receiving direct calls. Events are produced to a message bus and consumed by agents, enabling loose coupling, horizontal scaling, and full event-sourced audit trails.
Defined termEvidence of Compliance
Evidence of compliance is the documented, auditable proof that a governance control was in place and operating effectively at the time a requirement was in scope. For AI agents, evidence includes audit logs, policy configurations, access review records, incident reports, and test results — collected and stored in a format that auditors can verify. Generating sufficient evidence is often the most time-consuming part of a compliance programme.
Defined termExecutor Agent
An executor agent is an AI agent that carries out specific, bounded actions assigned to it by an orchestrator or human operator. Unlike orchestrators, executors focus on a single task — calling an API, writing a file, querying a database — and typically operate with the minimum permissions needed for that action. Keeping executors narrowly scoped limits the blast radius of any compromise.
Defined termExfiltration via Agent
Exfiltration via agent is the use of a compromised or manipulated AI agent as a data exfiltration channel — leveraging the agent's legitimate access to sensitive systems to extract and transmit data to an attacker-controlled destination. Agents are attractive exfiltration vectors because their tool calls and outbound API requests may not be subject to the same monitoring as human-initiated transfers.
Defined termExplainability
Explainability is the ability to provide a human-understandable account of why an AI system produced a particular output or decision. Regulators and auditors increasingly require explainability for automated decisions that affect individuals.
Defined termFairness (AI)
AI fairness is the principle that an AI system should not produce systematically biased outcomes that disadvantage individuals or groups based on protected characteristics. Achieving fairness requires measurement, monitoring, and mitigation across the AI lifecycle.
Defined termFallback Strategy
A fallback strategy defines what an agent does when its primary model, tool, or service is unavailable. Common patterns include retrying, switching to a lower-cost model, returning a cached response, or escalating to a human.
Defined termFeature Flag (Agent)
An agent feature flag is a toggle that enables or disables specific agent capabilities, tools, or behaviors without deploying new code. Feature flags allow gradual rollouts, quick kill switches, and A/B testing of agent behaviors.
Defined termFeature Flag (Agent)
A feature flag for AI agents is a runtime configuration control that enables or disables agent capabilities, model versions, or tool integrations without a code deployment. It supports gradual rollouts, A/B testing, and instant kill-switch capabilities for new agent features.
Defined termFeature Store
A feature store is a centralised repository that manages the data features used as inputs to AI models. It ensures consistency between training and inference, supports data lineage, and can enforce access controls on sensitive features.
Defined termFederated Identity
Federated identity is a model in which identity and authentication are handled by a trusted external provider rather than by each application independently. In agent systems, federation allows agents to authenticate using organisational identity infrastructure — such as Okta or Entra — rather than managing separate credentials per system.
Defined termFew-Shot Learning
Few-shot learning is a prompting technique where a small number of examples are included in the prompt to guide the model's behavior on a specific task. It can improve consistency but also introduces governance considerations around example selection and bias.
Defined termFine-Grained Authorization
Fine-grained authorization is the enforcement of access controls at the level of individual resources, actions, or data fields — rather than coarse roles or broad permission sets. In agent systems, it means an agent can be permitted to read a specific customer's record but not modify it, or call a specific API endpoint but not others in the same service. Fine-grained authorization is essential for enforcing least privilege in complex, multi-step agent workflows.
Defined termFine-Tuning
Fine-tuning is the process of further training a pre-trained model on a domain-specific dataset to improve its performance on particular tasks. Fine-tuned models may inherit biases from the new data and should be re-evaluated for safety and compliance.
Defined termFinOps for AI
FinOps for AI applies financial operations practices to the management of AI infrastructure costs — bringing together engineering, product, and finance teams to ensure cloud spend on model inference, compute, and agent operations is visible, accountable, and optimised. In agentic systems, FinOps must account for dynamic, task-driven consumption patterns that differ fundamentally from static workloads.
Defined termFINRA (AI Compliance)
FINRA is the US self-regulatory organisation for broker-dealers. AI agents used in US securities firms must comply with FINRA rules covering communications supervision, recordkeeping, suitability, and algorithmic trading — requiring audit trails, human supervision, and explainable decision-making.
Defined termFoundation Model
A foundation model is a large AI model trained on broad data that can be adapted to many downstream tasks through fine-tuning, prompting, or tool integration. Foundation models power most modern AI agents and their governance starts with understanding their capabilities and limitations.
Defined termFundamental Rights Impact Assessment
A fundamental rights impact assessment evaluates how a high-risk AI system may affect individuals' fundamental rights — including privacy, non-discrimination, freedom of expression, and due process — before and during deployment.
Defined termGDPR (General Data Protection Regulation)
The European Union's comprehensive data privacy regulation governing how organizations collect, process, and store personal data. Requires explicit consent, data minimization, and the right to erasure — all of which impact how agents handle user data.
Defined termGDPR Compliance (AI)
GDPR compliance for AI agents requires that agents handling personal data of EU residents operate within the regulation's principles: lawful basis for processing, data minimisation, purpose limitation, accuracy, storage limits, and the rights of data subjects to access, correct, or erase their data. AI agents that make automated decisions affecting individuals must provide explainability and a human review pathway.
Defined termGenerative AI
Generative AI refers to AI systems that create new content — text, images, code, audio, or video — rather than simply classifying or predicting from existing data. Most modern AI agents are built on generative models and inherit their capabilities and risks.
Defined termGitOps (Agent)
GitOps for AI agents is the practice of managing agent configuration, prompts, policies, and deployment definitions as code in version-controlled repositories — so that the current state of all agents in production can be reproduced from source, every change is reviewed and approved, and rollback is as simple as reverting a commit.
Defined termGoal Misgeneralisation
Goal misgeneralisation occurs when an AI agent learns a proxy goal that correlates with the intended objective in training but diverges in deployment — causing the agent to pursue the wrong target at production time. It is a common failure mode when agents are evaluated on narrow benchmarks that do not fully capture the intended behaviour.
Defined termGolden Dataset
A golden dataset is a curated, manually validated collection of inputs and their expected correct outputs used as the authoritative reference for evaluating AI agent quality. It is used for regression testing, production readiness gates, and compliance validation. Maintaining a high-quality golden dataset requires ongoing curation effort, especially as the task domain or connected tools evolve.
Defined termGovernance API
A governance API is a programmatic interface that allows agents, orchestrators, and development tools to query policies, submit actions for approval, report events, and retrieve compliance status from a central governance platform.
Defined termGovernance Automation
Governance automation is the use of technology to enforce, monitor, and report on AI governance policies without manual intervention. It includes automated policy checks, real-time violation detection, compliance evidence collection, and audit report generation.
Defined termGovernance by Default
Governance by default is the design principle that AI agents are governed from the moment they are created, rather than having governance added retrospectively. It means every new agent is automatically enrolled in the identity, policy, and audit systems — no opt-in required, no exceptions for early-stage or experimental deployments.
Defined termGovernance by Design
Governance by design is the principle of embedding governance controls into AI systems from the start rather than adding them after deployment. It means identity, policy enforcement, audit logging, and human oversight are architectural requirements, not afterthoughts.
Defined termGovernance Dashboard
A governance dashboard is a centralised interface that displays the compliance status, risk posture, policy violations, and operational health of AI agents across an organisation. It gives governance teams real-time visibility without requiring engineering access.
Defined termGovernance Event
A governance event is a logged record of a policy evaluation, violation, escalation, or override that occurred during an agent's operation. Governance events form the basis of audit trails, compliance reporting, and incident investigation.
Defined termGovernance Evidence
Governance evidence is the documented proof that an AI system was developed, deployed, and operated in compliance with applicable policies and regulations. Evidence includes audit logs, evaluation results, approval records, and monitoring reports.
Defined termGovernance Gate
A governance gate is a mandatory checkpoint in an agent's deployment or execution pipeline that verifies compliance with defined standards before allowing the agent to proceed. Gates can check security posture, policy binding, quality benchmarks, or regulatory readiness — and block deployment or execution until all criteria are met.
Defined termGovernance Maturity Model
A governance maturity model is a staged framework that helps organisations assess how advanced their AI governance practices are — from ad hoc and reactive to automated and continuously improving. It provides a roadmap for closing gaps.
Defined termGovernance Policy
A governance policy is a formal rule or constraint that defines what an AI agent is and is not allowed to do. Policies may cover tool access, data handling, output filtering, spending limits, escalation triggers, and interaction boundaries.
Defined termGovernance Reporting
Governance reporting is the generation of structured reports on AI agent compliance, risk events, policy adherence, and operational metrics for internal stakeholders, regulators, or auditors. Reports should be reproducible and based on immutable audit data.
Defined termGPU Compute
GPU compute refers to the graphics processing units used to train and run AI models. GPU availability, cost, and allocation are key constraints in AI operations and should be factored into agent cost governance and capacity planning.
Defined termGround Truth
Ground truth is a verified, authoritative dataset of correct answers or expected outcomes used to evaluate an AI agent's accuracy. Without reliable ground truth, it is difficult to measure whether an agent is performing as intended.
Defined termGround Truth Evaluation
Ground truth evaluation is the assessment of an AI agent's outputs against a known-correct reference dataset to measure factual accuracy, task completion, and output quality. It is the most reliable form of agent evaluation but requires investment in curating and maintaining accurate reference data. Ground truth evaluation is used for agent benchmarking, regression testing, and compliance validation in high-stakes use cases.
Defined termGuardrail Bypass
A guardrail bypass is any technique that causes an AI agent's safety or governance controls to fail to trigger when they should — through prompt crafting, encoding tricks, indirect instruction, or exploitation of edge cases in the guardrail logic. Distinguishing a bypass from legitimate behaviour requires behavioural monitoring and anomaly detection, not just rule matching.
Defined termGuardrails
Guardrails are runtime constraints that limit what an AI agent can do, what data it can access, and how it can respond. They are designed to remain enforceable even if the agent reasons toward an unsafe action.
Defined termHallucination
A hallucination occurs when an AI model generates information that sounds plausible but is factually incorrect or fabricated. In agentic systems, hallucinated tool calls, data references, or decisions can trigger real-world consequences.
Defined termHallucination Rate
Hallucination rate is the proportion of an AI agent's outputs that contain factually incorrect, fabricated, or unsupported claims — typically measured through evaluation against a ground truth dataset or human review. High hallucination rates are a governance and reliability concern because they can lead to incorrect decisions, eroded user trust, and compliance violations in regulated use cases. Monitoring hallucination rate over time is a key quality governance metric.
Defined termHealth Check (Agent)
A health check for an AI agent is a periodic or on-demand test that verifies the agent is operating correctly — confirming that it can reach its required tools and APIs, that its authentication credentials are valid, that its policy bindings are current, and that its outputs meet quality thresholds. Automated health checks enable proactive detection of degraded agents before they cause downstream failures.
Defined termHigh-Risk AI System
Under the EU AI Act, a high-risk AI system is one deployed in areas such as biometric identification, critical infrastructure, employment, education, law enforcement, or migration where the potential for harm to individuals is significant. High-risk systems face the strictest regulatory requirements.
Defined termHIPAA (AI Agents)
HIPAA is the US healthcare privacy law that requires covered entities and their business associates to protect protected health information (PHI). AI agents that access or process patient data are business associates under HIPAA and must implement appropriate access controls, audit logging, encryption, and breach notification procedures.
Defined termHIPAA (Health Insurance Portability and Accountability Act)
A U.S. regulation that establishes standards for protecting sensitive patient health information. AI agents operating in healthcare must ensure that protected health information (PHI) is accessed, transmitted, and stored securely.
Defined termHuman Evaluation
Human evaluation is the process of having people assess an AI agent's outputs for quality, accuracy, helpfulness, and safety. It captures nuances that automated metrics miss and is essential for validating agents that handle subjective or high-stakes tasks.
Defined termHuman Oversight
Human oversight is the ability of designated individuals to monitor, intervene in, and override an AI system's decisions or actions. The EU AI Act mandates human oversight for high-risk AI systems, and it is a core principle of responsible agent governance.
Defined termHuman Preference Annotation
Human preference annotation is the process of collecting human judgements — typically choosing between two model outputs or rating quality on a scale — to measure subjective dimensions of agent quality that automated metrics cannot capture, such as tone, helpfulness, and trustworthiness. Annotation data is used to evaluate agents, fine-tune models, and calibrate automated scoring systems.
Defined termHuman-in-the-Loop (HITL)
Human-in-the-loop is a control pattern in which selected agent actions require explicit review or approval by a person before execution. It is commonly used for high-risk actions such as data deletion, financial changes, or external communications.
Defined termHuman-in-the-Loop (HITL)
Human-in-the-loop is a governance pattern where an AI agent pauses and routes a decision or action to a human reviewer before continuing. It is used when the stakes are too high for fully autonomous execution — such as actions with financial, legal, or safety implications — and ensures a person can approve, modify, or reject what the agent intends to do.
Defined termHybrid Cloud (AI)
Hybrid cloud for AI refers to architectures in which AI agents run across a combination of on-premises infrastructure, private cloud, and public cloud environments. Hybrid deployments are common in regulated industries where certain data cannot leave specific environments, but teams still want to leverage public cloud model APIs for general workloads. Governance must span all environments consistently.
Defined termID Token (OIDC)
An ID token is a token issued in OpenID Connect that tells a client who authenticated and when. It is for identity assertions, not general API access.
Defined termIdentity Lifecycle Management
Identity lifecycle management for AI agents is the systematic governance of an agent identity from creation through active use, rotation, suspension, and permanent revocation. It ensures that identities are not shared between agents, credentials are rotated on schedule or after incidents, decommissioned agents cannot accumulate dormant access, and all lifecycle events are logged for audit purposes.
Defined termIdentity Lifecycle Management (AI)
Identity lifecycle management for AI agents covers the full lifespan of an agent identity — from initial provisioning and permission assignment, through periodic re-certification and rotation, to decommissioning and revocation when the agent is retired. Automating the lifecycle prevents orphaned agent identities and stale permissions from becoming attack vectors.
Defined termIdentity Provider (IdP)
A system that creates, maintains, and manages identity information for principals (users or services) and provides authentication services to relying applications within a distributed network.
Defined termImmutable Audit Log
An immutable audit log is a tamper-proof record of all agent actions, policy decisions, and governance events. Immutability ensures that logs cannot be altered after the fact, which is essential for regulatory compliance and forensic investigation.
Defined termImmutable Audit Trail
An immutable audit trail is a chronological record of agent actions and governance decisions that cannot be modified, deleted, or reordered after it is written. Immutability is achieved through append-only storage, cryptographic signatures, write-once media, or blockchain anchoring. Immutable audit trails are a prerequisite for trusted compliance reporting, forensic investigation, and legal admissibility of agent activity records.
Defined termIndirect Prompt Injection
Indirect prompt injection is an attack where malicious instructions are embedded in data the agent retrieves — such as documents, emails, or web pages — rather than in the user's direct input. It is one of the hardest agent threats to defend against.
Defined termInference
Inference is the process of running input data through a trained AI model to produce an output — a prediction, classification, or generated text. In agentic systems, every inference call has cost, latency, and governance implications.
Defined termInference Cost
Inference cost is the financial cost of running a language model to generate a completion — calculated from the number of input and output tokens multiplied by the model provider's per-token pricing. In production agent deployments, inference cost is often the dominant operational expense and must be tracked per agent, per task, and per team to enable budget accountability, cost attribution, and optimisation decisions.
Defined termInference-Time Attack
An inference-time attack targets an AI agent during its operational phase — manipulating inputs, injecting content into tool outputs, or exploiting model weaknesses to produce attacker-controlled results. Unlike training-time attacks, inference-time attacks can be carried out by anyone with access to the agent's input channels.
Defined termInfrastructure as Code (Agent)
Infrastructure as code for AI agents defines agent deployments, tool integrations, policy rules, and runtime configuration in machine-readable templates stored in version control. It enables reproducible environments, prevents configuration drift, and makes governance controls auditable and reviewable through standard code review processes.
Defined termInfrastructure as Code (AI)
Infrastructure as code for AI defines agent deployment environments, model endpoints, governance integrations, and monitoring pipelines in version-controlled configuration files. It enables reproducible, auditable, and consistent agent infrastructure.
Defined termInherent Risk (AI)
Inherent risk is the level of risk an AI system carries before any controls are applied. It is determined by factors such as the sensitivity of the data, the autonomy of the agent, the potential for harm, and the number of affected individuals.
Defined termInner Alignment
Inner alignment is the challenge of ensuring that the goals an AI system actually pursues during operation match the goals it was trained to pursue. Misalignment between training objectives and runtime behavior is a key concern for autonomous agents.
Defined termInput Validation (Agent)
Agent input validation is the process of screening, sanitizing, or rejecting inputs to an agent before they reach the model. It is a primary defense against prompt injection, data exfiltration attempts, and malformed requests.
Defined termInstruction Tuning
Instruction tuning is a fine-tuning technique that trains a model to follow natural language instructions more reliably. It is a key step in making base models useful as agents, but instruction-following can be exploited by adversarial prompts.
Defined termInteroperability (Agent)
Agent interoperability is the ability of agents built by different teams, vendors, or frameworks to exchange tasks and results in a consistent way.
Defined termISO 27001
An international standard for information security management systems (ISMS). Provides a systematic approach to managing sensitive information, including risk assessment, access controls, and continuous improvement — applicable to agent infrastructure.
Defined termISO 42001
ISO 42001 is the international standard for AI management systems, published in 2023. It provides a framework for organisations to establish, implement, maintain, and continually improve responsible AI practices — covering risk management, governance, transparency, and accountability. It is to AI what ISO 27001 is to information security.
Defined termJailbreak
A jailbreak is a prompt engineering technique designed to bypass a model's safety instructions or system prompt. In agentic systems, a successful jailbreak can lead to unauthorized tool use, data exfiltration, or policy violations.
Defined termJailbreak (AI Agent)
A jailbreak is a technique used to bypass an AI agent's safety guardrails or governance constraints — typically through crafted prompts, role-play framings, or instruction injections that cause the agent to ignore its system prompt or policy rules. Unlike external attacks, jailbreaks often originate from end users attempting to expand what the agent will do. Runtime policy enforcement provides a defence layer that operates independently of the model's own safety training.
Defined termJSON Web Encryption (JWE)
JWE is the standard format used to encrypt JSON-based payloads so only intended recipients can read them. It is used when token contents themselves are sensitive.
Defined termJSON Web Signature (JWS)
JWS is the standard format used to sign JSON-based payloads so receivers can verify integrity and issuer authenticity. Many JWTs are JWS objects.
Defined termJust-in-Time (JIT) Access
A security pattern where agent credentials and permissions are provisioned only at the moment they are needed and automatically revoked after use. Minimizes the window of exposure for compromised credentials.
Defined termJust-in-Time Access (Agent)
Just-in-time access for AI agents is the practice of provisioning permissions only when an agent needs them for a specific task, and automatically revoking those permissions when the task is complete. It reduces the window of exposure from compromised or misbehaving agents by eliminating persistent standing privileges.
Defined termJWT Audience (aud) Claim (Agent)
The JWT audience claim identifies the service or API a token is meant for. A receiving system should reject the token if it was minted for a different audience.
Defined termJWT Claims (Agent Specific)
Agent-specific JWT claims are the fields inside a token that describe the agent and its permissions, such as subject, audience, roles, scopes, or task context. These claims tell the receiving service what the agent is allowed to do.
Defined termJWT Issuer (iss) Claim (Agent)
The JWT issuer claim identifies the authorization server or identity provider that issued the token. Receivers use it to check that the token came from a trusted issuer.
Defined termJWT Signature Validation
JWT signature validation is the check that a token was signed by a trusted issuer and has not been tampered with. It is a required step before trusting any claim in the token.
Defined termKey Management Service (KMS)
A managed infrastructure service for creating, storing, and controlling cryptographic keys used for encryption and digital signatures. Agents use KMS to sign tokens and encrypt sensitive data without exposing raw key material.
Defined termKill Switch
An emergency mechanism that immediately terminates an agent's access and halts its operations. Essential for incident response when an agent exhibits anomalous or dangerous behavior.
Defined termKnowledge Base
A knowledge base is a structured or unstructured collection of information that an AI agent can search and retrieve from to inform its responses. Governance includes controlling what content enters the knowledge base, who can modify it, and which agents can query it.
Defined termLarge Language Model (LLM)
A large language model is a neural network trained on vast amounts of text data that can generate, summarise, translate, and reason about natural language. LLMs are the foundation of most agentic AI systems and their behavior is shaped by training data, fine-tuning, and prompting.
Defined termLatent Space
Latent space is the internal mathematical representation a model uses to encode meaning, relationships, and concepts. Understanding latent space helps explain how models generalise, how embeddings work, and why certain outputs cluster together.
Defined termLeast Privilege
Least privilege is the principle that a user or agent should receive only the minimum permissions required for its current task. In agent systems, that means short-lived, tightly scoped access instead of broad persistent credentials.
Defined termLLM Gateway
An LLM gateway is a centralised proxy that sits between AI agents and foundation model APIs, providing a single point for authentication, rate limiting, cost tracking, content filtering, and audit logging across all model interactions. It allows organisations to enforce consistent governance policies regardless of which model provider or API an agent uses, and to switch model providers without changing agent code.
Defined termLLM-as-Judge
LLM-as-judge is an evaluation technique where a language model scores or ranks another model's outputs. It enables scalable quality assessment but introduces its own biases and requires calibration against human judgments.
Defined termLLM-as-Judge
LLM-as-judge is an evaluation technique where a separate language model — typically a capable model like GPT-4 or Claude — is used to score the outputs of an agent being evaluated. It enables scalable, automated assessment of subjective output qualities such as coherence, completeness, and tone that would otherwise require human annotators.
Defined termLog Aggregation (Agent)
Log aggregation for AI agents is the collection of log output from multiple agents, frameworks, tools, and infrastructure components into a centralised store where it can be queried, correlated, and alerted on. Centralised logs give security and compliance teams a unified view of all agent activity, enable cross-agent incident investigation, and are required for comprehensive audit trail coverage.
Defined termLong-Term Memory (Agent)
Long-term memory in an AI agent system is persistent storage that survives across individual tasks and sessions, allowing agents to recall facts, preferences, and past interactions over time. It is typically implemented using vector databases or key-value stores. Long-term memory raises governance questions about data retention, privacy consent, accuracy of stored facts, and the right to erasure.
Defined termM2M Client Credentials Flow
The client credentials flow is an OAuth 2.0 grant used when one machine authenticates directly to another without a human user. It is common for backend services and can also be used by agents acting as non-human clients.
Defined termMachine Identity
A machine identity is a cryptographically verifiable credential — such as an X.509 certificate, a public/private key pair, or a platform-attested token — that proves the identity of a non-human entity such as an AI agent, a container, or a VM. Machine identities are more robust than shared secrets and enable zero-trust enforcement in agent-to-service communication.
Defined termMachine-to-Machine (M2M) Authentication
Machine-to-machine authentication is how one service or agent proves its identity to another without a human login. Common methods include client credentials, mutual TLS, and signed tokens.
Defined termMagic Links
A passwordless authentication method where a unique, time-limited URL is sent to a user's email. Clicking the link authenticates the user without requiring a password, reducing credential-based attack surface.
Defined termMCP (Model Context Protocol)
Model Context Protocol (MCP) is an open protocol for connecting AI applications and agents to external tools, data sources, and services through a standard interface. It gives clients a consistent way to discover capabilities, call tools, and exchange context with MCP servers.
Defined termMCP (Model-Context-Protocol) Authentication
MCP authentication is the process of verifying the identity of an MCP client, server, user, or delegated agent before any tools, resources, or prompts are exchanged. It usually relies on standard identity systems such as OAuth or OIDC rather than shared static secrets.
Defined termMCP Authorization
MCP authorization is the process of determining what an authenticated MCP client or agent is permitted to do once its identity has been verified. It governs which tools can be called, which resources can be read, and which sampling requests can be made — typically enforced through OAuth 2.1 scopes and server-side policy rules that are evaluated per request.
Defined termMCP Capability Negotiation
MCP capability negotiation is the handshake process that occurs when an MCP client and server first connect, during which they exchange supported protocol versions and feature sets. It ensures both sides operate on compatible capabilities and allows servers to advertise optional features — such as sampling support or resource subscriptions — that clients can choose to use.
Defined termMCP Capability Negotiation
MCP capability negotiation is the handshake process between an MCP client and server at connection time where each side declares which features and protocol versions it supports. Negotiation ensures compatibility and lets clients and servers gracefully handle each other's capabilities without hard-coding version assumptions.
Defined termMCP Client
An MCP client is the part of an AI application or host environment that connects to MCP servers, authenticates, discovers available capabilities, and invokes tools on behalf of a user or agent workflow.
Defined termMCP Gateway
An MCP gateway is a centralized proxy or control layer that sits in front of MCP servers to enforce authentication, authorization, rate limiting, and policy rules on every agent tool call. It gives security and platform teams a single enforcement point across all MCP-connected agents and tools without requiring changes to each individual server.
Defined termMCP Marketplace
An MCP marketplace is a curated directory of publicly available MCP servers and tools — allowing AI developers to discover, evaluate, and integrate third-party capabilities. For enterprise governance, any MCP server sourced from a marketplace must be assessed for security, data handling, and permission requirements before deployment.
Defined termMCP Poisoning
MCP poisoning is an attack where a malicious MCP server embeds hidden instructions inside tool descriptions, resource content, or prompt templates that manipulate a connected AI agent into taking unintended actions. Unlike direct prompt injection, MCP poisoning exploits the trust an agent places in server-provided metadata, making it difficult to detect without schema validation and content filtering at the gateway layer.
Defined termMCP Prompt Template
An MCP prompt template is a reusable, parameterised message sequence that an MCP server exposes to clients. Templates allow servers to define standardised workflows — such as a code review or summarisation task — that clients can invoke with specific inputs, keeping the prompt logic server-side rather than embedded in each client.
Defined termMCP Resource
An MCP resource is a piece of data or content — such as a file, database record, or API response — that an MCP server exposes to AI clients for reading. Resources are distinct from tools (which trigger actions) and allow agents to retrieve context without executing side effects, making them useful for read-only data access with controlled visibility.
Defined termMCP Resource URI
An MCP resource URI is a stable identifier for a data resource — such as a document, database record, or API response — that an MCP server exposes for agents to read. Resource URIs allow agents to reference specific pieces of context by address rather than embedding full content in every request.
Defined termMCP Roots
MCP roots are a security mechanism by which an MCP client declares the filesystem paths or resource namespaces that it consents to share with a connected MCP server. Roots implement a form of capability-based access control — limiting what resources a server can request or read, even if the client has broader system access.
Defined termMCP Sampling
MCP sampling is a capability that allows MCP servers to request model completions from the connected AI client. It enables servers to use the client's language model for tasks like summarisation or classification during a tool call, while keeping the human in control of which model is used and what prompts are submitted. Sampling requests must be reviewed and approved by the client before execution.
Defined termMCP Sampling
MCP sampling is the mechanism by which an MCP server asks the connected AI client to perform an LLM inference call on its behalf, enabling server-side agentic patterns without the server having direct access to a model. Sampling requests must be governed because they allow servers to influence model behaviour and inject content into the agent's reasoning context.
Defined termMCP Security
MCP security is the discipline of protecting Model Context Protocol deployments from authentication bypass, privilege escalation, prompt injection via tool responses, and unauthorized data access. It encompasses gateway controls, token scoping, audit logging, and runtime threat detection for agent-to-tool communication.
Defined termMCP Server
An MCP server is the service that exposes tools, resources, and prompts to AI clients through the Model Context Protocol. It is responsible for authentication, authorization, tool execution, and audit-friendly logging of agent interactions.
Defined termMCP Server Discovery
MCP server discovery is the process by which an AI client or agent learns which MCP servers are available, what capabilities they expose, and how to connect to them. Discovery can be static (pre-configured server lists), dynamic (registry-based lookups), or marketplace-driven. Governance teams need visibility into which servers agents are allowed to discover and connect to.
Defined termMCP Server Registry
An MCP server registry is a catalogued inventory of available MCP servers within an organisation — recording each server's endpoint, supported tools, required permissions, and governance status. A registry enables agents to discover and connect to approved MCP servers dynamically and allows operators to enforce a whitelist of authorised servers.
Defined termMCP Tool Approval
MCP tool approval is the governance process of reviewing and authorising individual MCP server tools before an agent is allowed to invoke them. It ensures that each tool's data access, side effects, and security implications are understood and accepted.
Defined termMCP Tool Definition
An MCP tool definition is the machine-readable schema that describes a capability an MCP server exposes to AI clients — including the tool's name, description, input parameters, and type constraints. Clients use tool definitions to understand what actions are available and to construct valid call payloads. Poorly specified tool definitions are a common source of misuse and prompt injection vulnerabilities.
Defined termMCP Tool Schema
An MCP tool schema is the machine-readable definition of a tool's input parameters, output format, description, and metadata published by an MCP server. Agents use tool schemas for automatic tool selection and parameter generation; operators use them to assess what an agent is capable of doing and what data it will process.
Defined termMCP Transport
MCP transport is the communication channel used to carry messages between an MCP client and server. The two standard transports are stdio (standard input/output, used for local processes) and HTTP with Server-Sent Events (used for remote servers). Transport selection affects latency, deployment topology, and the security controls required to protect message integrity and confidentiality.
Defined termMCP Version Pinning
MCP version pinning is the practice of specifying a fixed protocol version when connecting to an MCP server rather than accepting the latest version automatically. Pinning prevents unexpected behaviour changes from server-side protocol upgrades and is a governance best practice for production agent deployments.
Defined termMeaningful Human Control
Meaningful human control is the requirement that a human retain genuine authority over high-stakes AI agent decisions — not just theoretical oversight, but the practical ability to understand, review, override, or stop agent actions. It is a concept increasingly embedded in AI regulations and risk frameworks, and goes beyond token approval steps to require that human reviewers have sufficient context to make informed decisions.
Defined termMembership Inference Attack
A membership inference attack attempts to determine whether a specific data record was part of a model's training dataset. For enterprise AI agents, successful membership inference can reveal that sensitive customer or employee data was used in training — a significant privacy and regulatory risk under GDPR and similar frameworks.
Defined termMessage (A2A)
A message in A2A is a single exchange between agents within a task. It carries the content, sender role, and any metadata needed to continue the workflow.
Defined termMessage Queue (Agent)
A message queue in an agent architecture is a durable buffer that decouples the producers of agent tasks from the agents that process them, enabling asynchronous execution, load levelling, and guaranteed delivery. It also provides a natural audit log of all tasks submitted to an agent system.
Defined termMiFID II (AI Agents)
MiFID II is the EU regulatory framework for financial markets that imposes requirements on automated decision-making in investment services. AI agents that support or make investment decisions must be able to demonstrate explainability, maintain complete audit trails, and operate within strict governance controls to satisfy MiFID II obligations.
Defined termMITRE ATLAS
MITRE ATLAS (Adversarial Threat Landscape for Artificial-Intelligence Systems) is a knowledge base of adversarial tactics, techniques, and case studies for AI systems — analogous to MITRE ATT&CK for traditional cybersecurity. It provides a structured framework for threat modelling AI agent deployments and identifying which attacks are most relevant to a given system.
Defined termMixture of Experts (MoE)
Mixture of Experts is a model architecture that routes each input to a subset of specialised sub-networks rather than processing through the entire model. MoE enables larger, more capable models with lower inference cost.
Defined termMLOps
MLOps (Machine Learning Operations) is the discipline of deploying, monitoring, and managing machine learning models in production. For agentic AI, MLOps extends to managing prompts, tools, policies, and multi-model orchestration alongside traditional model lifecycle.
Defined termMLOps Engineer
An MLOps engineer builds and operates the infrastructure for training, evaluating, deploying, and monitoring machine learning models and AI agents at scale. They own the agent CI/CD pipeline, model registry, evaluation harness, and observability stack — the technical backbone of operational AI governance.
Defined termModel Card
A model card is a standardised document that describes a model's intended use, training data, performance benchmarks, known limitations, and ethical considerations. It helps downstream teams assess whether a model is appropriate for their agent use case.
Defined termModel Card
A model card is a standardised documentation format for an AI model that discloses its intended use, performance benchmarks, known limitations, training data, evaluation methodology, and ethical considerations. Model cards help operators assess whether a foundation model is appropriate for their use case and what governance controls are warranted.
Defined termModel Context Protocol (MCP)
The Model Context Protocol (MCP) is an open standard developed by Anthropic that defines how AI agents and applications connect to external tools, data sources, and services. MCP standardises the interface between AI clients and MCP servers, enabling consistent tool discovery, invocation, and context exchange across different agents and frameworks. See also: MCP Authentication, MCP Gateway, MCP Security.
Defined termModel Distillation
Model distillation is the process of training a smaller, faster model to replicate the behavior of a larger model. Distilled models can reduce cost and latency for agent deployments but may lose nuance, which requires re-evaluation for safety and accuracy.
Defined termModel Drift
Model drift is the gradual change in a model's behavior or output quality over time, often caused by shifts in input data, fine-tuning updates, or upstream model provider changes. Continuous monitoring is needed to detect it early.
Defined termModel Endpoint
A model endpoint is the API address where an AI model accepts inference requests. Governance controls at the endpoint level include authentication, rate limiting, request logging, and routing based on compliance requirements.
Defined termModel Factsheet
A model factsheet is a structured document that describes a model's intended use, training methodology, performance characteristics, known limitations, and ethical considerations. It extends the model card concept with operational and governance metadata.
Defined termModel Governance
Model governance is the set of controls that manage the selection, approval, deployment, monitoring, and retirement of AI models used within an organisation. It ensures models meet quality, safety, and compliance standards before reaching production.
Defined termModel Inversion Attack
A model inversion attack uses a model's outputs to reconstruct sensitive information from its training data — such as reconstructing personal images from a face recognition model. In agent contexts, model inversion is a privacy risk when agents are built on models trained with sensitive organisational data.
Defined termModel Lifecycle Management
Model lifecycle management governs an AI model from selection or training through deployment, monitoring, updating, and eventual retirement. It ensures that models remain fit for purpose and compliant throughout their operational life.
Defined termModel Repository
A model repository is a versioned store for AI models, their metadata, evaluation results, and deployment history. It provides a single source of truth for which models are approved, where they are deployed, and how they have changed over time.
Defined termModel Risk Management
Model risk management is the discipline of identifying, measuring, and mitigating the risks that arise from using quantitative models — including AI models — for business decisions. It is well-established in financial services and expanding to AI agent governance.
Defined termModel Risk Manager
A model risk manager oversees the identification, assessment, and mitigation of risks arising from the use of quantitative and AI models in business decisions. In financial services, model risk management is a regulatory requirement — with AI agents increasingly subject to the same validation, documentation, and oversight expectations as traditional analytical models.
Defined termModel Routing
Model routing directs agent requests to different language models based on task complexity, cost, latency, or compliance requirements. A governance-aware router may enforce that sensitive data only flows to approved models.
Defined termModel Serving
Model serving is the infrastructure that hosts trained AI models and handles inference requests at scale. Serving systems must balance latency, throughput, cost, and availability while supporting governance requirements like logging and access control.
Defined termModel Stealing
Model stealing is an attack where an adversary queries an AI model repeatedly to extract enough information to reconstruct a functional copy of the model's behaviour. In agent contexts, model stealing can expose proprietary fine-tuning investments, enable attackers to study the model for weaknesses, or violate intellectual property rights.
Defined termModel Validation
Model validation is the independent verification that an AI model performs as expected across accuracy, fairness, robustness, and safety benchmarks. In regulated industries, validation is often performed by a team separate from the model developers.
Defined termModel Vulnerability
A model vulnerability is a weakness in a language model that can be exploited to produce harmful, incorrect, or non-compliant outputs. Vulnerabilities may be inherent to the model's training or emerge from how it is deployed and prompted.
Defined termMulti-Agent Collaboration
Multi-agent collaboration is when multiple agents cooperate on one outcome by sharing tasks, context, or results. It is useful when no single agent should own the whole workflow.
Defined termMulti-Agent System
A multi-agent system is an architecture in which multiple AI agents collaborate or compete to complete tasks that are too complex for a single agent. Agents may act as orchestrators, specialists, critics, or executors — passing context, delegating sub-tasks, and aggregating results. Multi-agent systems require governance at both the individual agent level and at the interaction layer, where data flows, permission grants, and action chains cross agent boundaries.
Defined termMulti-Factor Authentication (MFA)
An authentication method requiring two or more independent verification factors — something you know (password), something you have (device), or something you are (biometrics) — to establish identity.
Defined termMulti-Modal Agent
A multi-modal agent can process and generate multiple types of content — text, images, audio, video, or structured data — within a single workflow. Each modality introduces distinct governance, safety, and compliance considerations.
Defined termMulti-Model Strategy
A multi-model strategy is the practice of using different language models for different tasks, agents, or risk levels within an organisation. It balances cost, quality, speed, and compliance — for example, routing sensitive tasks to on-premises models.
Defined termMulti-Tenancy
An architecture where a single instance of software serves multiple customer organizations (tenants) with strict data isolation. Agent governance must enforce tenant boundaries so that one customer's agents cannot access another's data.
Defined termMultimodal AI
Multimodal AI refers to models that can process and generate multiple types of data — text, images, audio, video, and code — within a single system. Each modality introduces distinct governance, privacy, and safety considerations.
Defined termMutual TLS (mTLS)
A transport-layer security mechanism where both the client and server present certificates to authenticate each other during a TLS handshake. Provides strong, bidirectional machine identity verification for agent-to-service communication.
Defined termNeurosymbolic AI
Neurosymbolic AI combines neural networks (pattern recognition) with symbolic reasoning (logic and rules). For governance, this approach is promising because symbolic components can enforce hard constraints that neural networks alone cannot guarantee.
Defined termNIST AI Risk Management Framework (AI RMF)
A voluntary framework from the U.S. National Institute of Standards and Technology that helps organizations manage risks associated with AI systems across their lifecycle, covering governance, mapping, measuring, and managing AI risks.
Defined termNon-Human Identity (NHI)
Any digital identity that is not a human user, including AI agents, service accounts, API keys, bots, scripts, and automated workflows. NHIs now vastly outnumber human identities in most enterprise environments.
Defined termNYDFS Cybersecurity Regulation (AI)
The NYDFS Cybersecurity Regulation (Part 500) requires New York financial services companies to implement risk-based cybersecurity programs. AI agents that access systems covered by the regulation must be governed under the firm's cybersecurity program — with access controls, audit logging, and incident response plans that cover AI-specific threats.
Defined termOAuth 2.0 (Open Authorization 2.0)
An industry-standard protocol for authorization that allows a third-party application to obtain limited access to a user's protected resources on an HTTP service, without exposing the user's long-term credentials.
Defined termOAuth Scope
An OAuth scope is a label that defines the specific permissions carried by an access token. Scopes limit what an agent can do, such as reading a document but not deleting it, and are a core mechanism for enforcing least privilege.
Defined termOCSF (AI Events)
The Open Cybersecurity Schema Framework (OCSF) is an open standard for normalising security event data across vendors. Applying OCSF to AI agent security events — such as policy violations, anomalous tool use, and authentication failures — enables interoperability between agent governance platforms and enterprise SIEM systems.
Defined termOIDC (OpenID Connect)
An authentication layer built on top of OAuth 2.0. OIDC allows clients to verify the identity of the end-user based on the authentication performed by an authorization server, as well as to obtain basic profile information about the end-user.
Defined termOn-Premises AI
On-premises AI refers to AI models and agent infrastructure hosted within an organisation's own data centers rather than in the public cloud. It provides greater control over data residency, latency, and security but requires more operational investment.
Defined termOpenTelemetry (AI Agents)
OpenTelemetry is the open-source observability standard for collecting, correlating, and exporting metrics, logs, and traces from distributed systems. Applied to AI agents, it provides a vendor-neutral way to capture tool calls, model latency, token usage, and decision traces — enabling portability of observability data across governance platforms and monitoring backends.
Defined termOrchestrator Agent
An orchestrator agent is an AI agent responsible for coordinating other agents in a multi-agent workflow — decomposing a high-level goal into sub-tasks, assigning them to specialist agents, managing dependencies between tasks, and aggregating results. Orchestrators typically hold elevated permissions compared to the agents they direct, making their governance — identity, policy binding, and audit trail — especially critical.
Defined termOutput Validation
Output validation is the process of checking an agent's response against defined rules before it is returned to the user or passed to a downstream system. Checks may include content filtering, format verification, PII detection, and policy compliance.
Defined termOverage Protection
Overage protection is a governance mechanism that prevents an AI agent or team from incurring costs or consuming resources beyond an approved threshold, typically by halting execution, requiring reauthorisation, or switching to a cheaper fallback model when a budget limit is approached. It protects against the financial and operational impact of unconstrained agent execution.
Defined termOWASP Top 10 for LLM Applications
The OWASP Top 10 for Large Language Model Applications is a community-developed list of the most critical security risks in LLM-based systems — including prompt injection, insecure output handling, training data poisoning, and excessive agency. It is widely used as a baseline for AI agent security assessments and architecture reviews.
Defined termPasskeys (FIDO2/WebAuthn)
A phishing-resistant, passwordless authentication method using public-key cryptography. Credentials are bound to a specific device and verified through biometrics or a PIN, eliminating shared secrets entirely.
Defined termPCI DSS (Payment Card Industry Data Security Standard)
PCI DSS is a set of security standards for organisations that handle credit card data. AI agents involved in payment processing, fraud detection, or customer service in financial contexts must operate within PCI DSS-compliant environments.
Defined termPCI-DSS (AI Agents)
PCI-DSS is the payment card industry security standard that applies when AI agents process, store, or transmit cardholder data. Agents operating in payment environments must be scoped to minimise cardholder data exposure, and their access to payment systems must be controlled and audited in line with PCI-DSS requirements.
Defined termPII Detection
PII detection is the automated identification of personally identifiable information — such as names, addresses, phone numbers, and national identifiers — in AI inputs, outputs, or logs. It is essential for privacy compliance and data leakage prevention.
Defined termPKCE (Proof Key for Code Exchange)
An extension to the OAuth 2.0 authorization code flow that prevents authorization code interception attacks. Essential for public clients like AI agents that cannot securely store client secrets.
Defined termPlan-and-Execute (Agent Pattern)
Plan-and-execute is an agent reasoning pattern in which the agent first generates a step-by-step plan for completing a task, then executes each step sequentially or in parallel. Separating planning from execution allows for human review of the plan before actions are taken, making it a natural integration point for governance controls that require approval of high-risk action sequences.
Defined termPlanning Loop
A planning loop is the iterative cycle in which an agent breaks a goal into subtasks, selects tools or actions, executes them, evaluates the result, and re-plans if needed. Governance must account for the fact that the agent's plan may change mid-execution.
Defined termPolicy Decision Point
A policy decision point evaluates a governance rule against the current context and returns an allow, deny, or conditional decision. It is separate from the enforcement point, allowing policy logic to be centralised and reused across agents.
Defined termPolicy Enforcement Point
A policy enforcement point is the component in an agent architecture where governance rules are actively applied — blocking, modifying, or flagging agent actions that violate policy. It sits between the agent and the systems it interacts with.
Defined termPolicy Engine
A policy engine is the service that evaluates rules in real time and decides whether an agent action should be allowed, denied, escalated, or logged. In agent governance, those decisions are typically based on identity, context, risk, and task scope.
Defined termPolicy Violation
A policy violation occurs when an AI agent takes an action that breaches a defined governance rule — such as accessing restricted data, exceeding a cost threshold, or generating prohibited content. Violations should be logged, alerted, and triaged.
Defined termPolicy-as-Code
Policy-as-code is the practice of defining governance rules in machine-readable formats that can be automatically enforced at runtime. Instead of relying on manual reviews, policies are version-controlled, tested, and deployed alongside the agents they govern.
Defined termPost-Market Monitoring
Post-market monitoring is the ongoing surveillance of an AI system after deployment to detect performance degradation, emerging risks, or adverse outcomes. It is a regulatory requirement for high-risk AI systems under the EU AI Act.
Defined termPre-Training
Pre-training is the initial phase of model development where a large language model learns language patterns, knowledge, and reasoning from vast amounts of text data. Pre-training determines a model's base capabilities and embedded biases.
Defined termPrinciple of Least Authority (POLA)
The principle of least authority states that every component in a system — including every AI agent — should be granted only the minimum authority needed to perform its specific function, and no more. It is a stricter formulation of least privilege that focuses on capability grants rather than just read/write permissions. Applying POLA to agents means scoping credentials to individual tasks, using ephemeral tokens, and revoking access immediately when a task completes.
Defined termPrivacy by Design (AI)
Privacy by design for AI is the principle that privacy protections should be built into AI systems from the outset — not added as an afterthought. It means designing agents to collect only necessary data, processing personal information in ways that minimise exposure, building in user consent and control mechanisms, and ensuring that privacy defaults are the most protective option. Privacy by design is required by GDPR and is a key principle of responsible AI governance.
Defined termPrivilege Escalation
An attack or misconfiguration where an agent gains access to resources or capabilities beyond its intended scope. In multi-agent systems, tool chaining can inadvertently create privilege escalation paths.
Defined termPrivileged Access Management (PAM) for AI
Privileged access management for AI extends traditional PAM practices to AI agents, ensuring that agents with elevated or sensitive permissions are subject to enhanced controls — just-in-time provisioning, session recording, multi-party approval, and automatic credential expiry. PAM for AI prevents AI agents from accumulating persistent privileged access that could be exploited.
Defined termPrivileged Identity Management (Agent)
Privileged identity management for AI extends PIM practices to agents with administrative or sensitive access — enforcing time-bound privilege elevation, requiring explicit approval for high-risk operations, and generating full audit trails of every privileged agent action. It addresses the unique risk that autonomous agents can exercise elevated privileges at machine speed without the friction that typically constrains human administrators.
Defined termPrompt Engineering
Prompt engineering is the practice of designing and refining the instructions given to a language model to elicit desired behavior. In governed systems, prompts should be version-controlled, tested, and reviewed because they directly shape agent actions.
Defined termPrompt Fuzzing
Prompt fuzzing is an automated testing technique that generates large volumes of varied, unexpected, or adversarial inputs to discover edge cases and vulnerabilities in an AI agent's behavior. It helps find failure modes that structured testing misses.
Defined termPrompt Injection
An attack where malicious instructions are embedded in data that an AI agent processes, causing it to deviate from its intended behavior. This can lead to unauthorized data access, tool misuse, or policy bypasses.
Defined termPrompt Management
Prompt management is the versioned storage, testing, and governance of the prompts and system instructions used by AI agents. Changes to prompts can materially alter agent behavior, so they should be reviewed, approved, and logged.
Defined termPrompt Registry
A prompt registry is a versioned store of all system prompts, user prompt templates, and prompt chains used across an organisation's AI agents. It enables governance review, change tracking, rollback, and consistency across agent deployments.
Defined termPrompt Regression Testing
Prompt regression testing is the practice of re-running a fixed set of evaluation cases against an AI agent every time a prompt, model, or tool configuration changes — to catch quality or safety regressions before they reach users. It is the agent equivalent of unit tests for code: fast, automated, and run on every change.
Defined termPrompt Version Control
Prompt version control is the practice of treating AI prompts as first-class software artefacts — storing them in version control systems, tracking changes with commit messages, enabling branching and merging, and associating each prompt version with its evaluation results. It is foundational to reproducible agent behaviour and auditability of prompt-level changes.
Defined termProportionality (AI)
AI proportionality is the principle that governance controls should be proportionate to the risk an AI system poses. Low-risk agents may need lightweight monitoring, while high-risk agents require real-time enforcement, human oversight, and detailed audit trails.
Defined termPub/Sub (Agent)
Publish/subscribe is a messaging pattern where AI agents publish events to named topics and other agents or systems subscribe to receive them — without the publisher knowing who receives the message. It enables loosely coupled, scalable agent architectures where agents react to events without tight dependencies on each other.
Defined termPublic Key Infrastructure (PKI)
The framework of policies, hardware, software, and procedures used to create, manage, distribute, and revoke digital certificates. PKI underpins secure agent-to-service and agent-to-agent communication.
Defined termQuality Gate (AI)
A quality gate is an automated evaluation checkpoint that an AI agent's output must pass before it is delivered to an end user or triggers a downstream action. Quality gates test outputs against criteria such as factual accuracy, format compliance, content policy, PII presence, and response completeness. Agents that fail a quality gate can be automatically retried, routed to a human reviewer, or have their output suppressed.
Defined termRACI Matrix (AI)
A RACI matrix for AI defines who is Responsible, Accountable, Consulted, and Informed for each aspect of AI governance — from model selection and deployment through monitoring and incident response. It prevents gaps and overlaps in accountability.
Defined termRAG (Retrieval-Augmented Generation)
An architecture pattern where an AI agent retrieves relevant information from external knowledge sources before generating a response. Requires careful access control to ensure the agent only retrieves data it is authorized to see.
Defined termRate Limiting
A mechanism that restricts the number of API requests an identity can make within a time window. Protects backend services from abuse, denial-of-service attacks, and runaway agents consuming excessive resources.
Defined termReAct Pattern
ReAct (Reasoning + Acting) is an agent architecture pattern where the model alternates between reasoning about what to do next and taking an action such as calling a tool. The loop continues until the task is complete or a stopping condition is met.
Defined termRed Teaming (Agent)
Agent red teaming is the practice of having adversarial testers systematically probe an AI agent for vulnerabilities, policy bypasses, and unsafe behaviors before it reaches production. It complements automated testing with human creativity and persistence.
Defined termRedaction
Redaction in AI agent systems is the automatic removal or masking of sensitive information — such as PII, credentials, or regulated data — from agent outputs, logs, and audit records before they are stored or shared. Redaction prevents sensitive data from leaking into audit trails or being exposed to downstream systems that are not authorised to process it.
Defined termReflection
Reflection is an agent capability where the model evaluates its own output or reasoning before returning a final answer. It can catch errors, improve quality, and reduce hallucination — but adds latency and token cost.
Defined termReflection Agent
A reflection agent is an AI agent that critiques and revises its own outputs before returning a final result. After completing an initial draft or action plan, the agent re-evaluates it against quality criteria or constraints and iterates until the output meets the required standard. Reflection improves accuracy and reduces hallucination but increases token consumption and latency.
Defined termRefresh Token (Agent)
A refresh token is a longer-lived credential used to obtain new access tokens without repeating the full authentication flow. In agent systems, it should be protected carefully because it can outlive any single session or task.
Defined termRegression Detection (Agent)
Regression detection for AI agents is the monitoring of quality and performance metrics over time to identify when a previously acceptable agent has begun producing worse outputs — due to model drift, data distribution shifts, prompt degradation, or changes in connected tools. Automated regression detection prevents gradual quality decline from going unnoticed until it causes significant user impact or compliance failures.
Defined termRegression Testing (Agent)
Agent regression testing verifies that changes to a model, prompt, tool, or policy have not degraded the agent's performance on previously passing test cases. It is a critical step in every agent deployment pipeline.
Defined termRegulatory Framework (AI)
An AI regulatory framework is a body of laws, standards, or guidelines issued by a government or standards body that sets requirements for how AI systems must be developed, deployed, and governed. Examples include the EU AI Act, the NIST AI Risk Management Framework, the UK AI Safety Institute's evaluations, and sector-specific rules from regulators in finance, healthcare, and critical infrastructure.
Defined termRequest-Response (Agent)
Request-response is the synchronous communication pattern where a calling agent sends a request and waits for the response before continuing. While simple to implement, it creates tight coupling and can block agent progress if downstream services are slow — making async patterns preferable for long-running tasks.
Defined termResidual Risk
Residual risk is the level of risk that remains after governance controls and mitigations have been applied. Understanding residual risk helps organisations decide whether to accept, further mitigate, or discontinue an AI use case.
Defined termResource Quota (Agent)
A resource quota is a predefined ceiling on the amount of a specific resource — tokens, API calls, compute time, or monetary spend — that an agent or team is permitted to consume in a given period. Quotas are a governance control that prevents runaway agents from exhausting shared infrastructure or generating unexpected costs, and are enforced by the agent control plane rather than relying on agents to self-limit.
Defined termResource Server (OAuth/OIDC)
A resource server is the API or service that protects data or actions and accepts access tokens as proof of authorization.
Defined termResponsible AI
Responsible AI is the practice of designing, building, and deploying AI systems that are fair, transparent, safe, and accountable. It encompasses ethical principles, governance processes, and technical safeguards applied across the AI lifecycle.
Defined termResponsible AI Lead
A responsible AI lead is the organisational role accountable for defining and operationalising responsible AI principles across AI projects and agent deployments. The role bridges technical, policy, and business functions to ensure that ethical considerations, bias mitigation, transparency, and accountability are built into AI systems from the start.
Defined termResponsible AI Officer
A responsible AI officer is a senior role accountable for an organisation's AI ethics, governance, and compliance strategy. The role bridges technical teams, legal, compliance, and executive leadership.
Defined termResponsible AI Principles
Responsible AI principles are the ethical commitments an organisation makes about how it will develop and deploy AI systems — covering values such as fairness, transparency, accountability, privacy, and safety. Principles provide the normative foundation for AI governance: they define what the organisation is trying to achieve, and governance controls are the mechanisms that make those commitments enforceable in practice.
Defined termResponsible AI Standard (Microsoft)
Microsoft's Responsible AI Standard is an internal framework of principles and requirements for building AI systems responsibly — covering fairness, reliability, privacy, inclusiveness, transparency, and accountability. It is a widely studied example of an enterprise responsible AI framework and influences similar standards at other organisations.
Defined termResponsible Disclosure (AI)
Responsible disclosure for AI is the practice of reporting discovered vulnerabilities in AI systems — such as prompt injection flaws, MCP server weaknesses, or agent authentication bypasses — to the affected organisation privately before publishing them, giving the organisation time to remediate. It is the AI equivalent of the coordinated vulnerability disclosure practices established in traditional cybersecurity.
Defined termRetrieval Agent
A retrieval agent is an agent specialised in searching, filtering, and returning information from knowledge bases, databases, or APIs. It typically operates with read-only permissions and feeds context to other agents in the workflow.
Defined termRetrieval Poisoning
Retrieval poisoning is an attack that corrupts the external data sources an agent retrieves from — such as knowledge bases, vector stores, or document repositories — to manipulate the agent's behavior through its RAG pipeline.
Defined termReward Hacking
Reward hacking occurs when an AI system finds unintended shortcuts to maximise a reward signal without actually achieving the desired outcome. In agentic systems, this can manifest as agents gaming metrics or taking harmful but technically compliant actions.
Defined termReward Hacking
Reward hacking occurs when an AI agent finds an unintended way to maximise its reward signal without achieving the desired outcome — gaming the metric rather than solving the underlying problem. In agentic systems, reward hacking can manifest as agents completing tasks in ways that technically satisfy success criteria but produce bad real-world outcomes.
Defined termRight to Erasure (AI)
The right to erasure — also known as the right to be forgotten — gives individuals the right to request deletion of their personal data held by an organisation. For AI systems, this extends to data used in model training, stored in agent memory systems, retained in audit logs, and processed in retrieval stores. Complying with erasure requests in AI systems is technically complex because personal data may be distributed across multiple stores, embedded in model weights, or referenced in audit trails required for regulatory purposes.
Defined termRight to Explanation
The right to explanation is the principle — embedded in regulations like GDPR — that individuals affected by automated decisions should be able to receive a meaningful explanation of how the decision was made and what factors influenced it.
Defined termRisk Appetite (AI)
AI risk appetite is the level and type of AI-related risk an organisation is willing to accept in pursuit of its objectives. It guides which agent use cases are approved, what controls are required, and where human oversight is mandatory.
Defined termRisk Scoring
Risk scoring assigns a numeric or categorical value to an AI system based on its inherent risk factors, control effectiveness, and operational context. Scores drive automated governance decisions like approval routing, monitoring intensity, and audit frequency.
Defined termRisk-Based Controls
Risk-based controls are governance measures calibrated to the level of risk an agent action carries. Low-risk actions may proceed automatically; medium-risk actions may require logging or rate limiting; high-risk actions may require human approval or be blocked entirely. Risk scoring considers factors such as data sensitivity, action reversibility, regulatory scope, and the identity of the user being served.
Defined termRLHF (Reinforcement Learning from Human Feedback)
RLHF is a training technique that refines a model's behavior using human preference judgments. It is commonly used to make models more helpful, honest, and harmless — but the quality of alignment depends on the diversity and accuracy of the feedback.
Defined termRole-Based Access Control (RBAC) for Agents
RBAC for agents grants permissions based on assigned roles rather than on individual rules per request. It is useful for broad access patterns but can be too coarse on its own for high-risk agent actions.
Defined termRollback (Agent Deployment)
An agent deployment rollback is the reversion of an agent to a previous approved version when a new deployment causes errors, quality regressions, or policy violations. A governed rollback process includes automatic detection of rollback triggers, fast reversion to the last known-good state, notification of affected stakeholders, and a post-incident review to understand the root cause before re-deploying.
Defined termRollback (Agent)
Agent rollback is the process of reverting an AI agent from a newer version to a previously known-good version in response to a quality regression, safety incident, or elevated error rate. Fast, automated rollback is a critical risk control for production agent deployments.
Defined termRug Pull Attack (MCP)
A rug pull attack in the MCP context is when a tool or server initially presents benign behaviour to gain user approval and trust, then silently changes its functionality after being whitelisted to perform malicious actions. Because most clients cache tool descriptions after first approval, the updated malicious behaviour goes undetected. Defences include re-validation of tool schemas on each connection, content-addressed tool pinning, and runtime behavioural monitoring.
Defined termRuntime Enforcement
Runtime enforcement is the application of security and governance policies while an agent is actively running. It lets teams block, pause, sandbox, or reroute actions at the moment policy conditions are violated.
Defined termRuntime Policy
A runtime policy is a governance rule that is evaluated and enforced while an AI agent is actively executing, rather than at deployment time. Runtime policies respond to real-time context — the data being accessed, the current risk score, the identity making the request — and can block, throttle, log, or escalate actions without requiring a redeployment.
Defined termSafety Testing
Safety testing is the process of deliberately probing an AI agent with adversarial, edge-case, and boundary-condition inputs to verify that safety controls hold. It should be part of every pre-deployment evaluation pipeline.
Defined termSAML (Security Assertion Markup Language)
An XML-based open standard for exchanging authentication and authorization data between an identity provider and a service provider. Widely used for enterprise Single Sign-On (SSO) in B2B SaaS applications.
Defined termSCIM (System for Cross-domain Identity Management)
An open standard protocol for automating the provisioning and de-provisioning of user identities across systems. Ensures that when an employee leaves an organization, their associated agent access is also revoked.
Defined termScope Creep (Agent)
Scope creep in an AI agent context is the gradual expansion of an agent's actions or data access beyond its originally approved boundaries — through chain-of-thought reasoning that leads to increasingly broad tool use, ambiguous task descriptions that the agent interprets expansively, or accumulated delegations that compound over time. Preventing scope creep requires explicit task scoping, narrow tool permissions, and runtime monitoring that flags when agents operate outside their expected patterns.
Defined termSecret Management
The practice of securely storing, distributing, and rotating sensitive credentials such as API keys, tokens, and certificates. Prevents hardcoding secrets in code repositories or configuration files.
Defined termSecret Scanning
Secret scanning is the automated detection of credentials, API keys, tokens, and other sensitive values that have been accidentally committed to code repositories, configuration files, or agent prompts. In AI development workflows, secret scanning should be applied to all repositories containing agent code, MCP server configurations, and prompt templates, as exposed credentials can give attackers immediate access to production systems.
Defined termSecurity Posture (AI)
Security posture for AI describes the overall strength of an organisation's defences against threats to its AI systems — encompassing agent identity controls, policy enforcement coverage, audit trail completeness, incident response readiness, and vulnerability management. A strong AI security posture reduces both the likelihood of successful attacks and the impact when incidents do occur.
Defined termSelf-Contained Token
A self-contained token carries the information needed for validation and authorization inside the token itself rather than requiring a lookup for every request. JWTs are a common example.
Defined termSemantic Context
Semantic context is context enriched with meaning, relationships, or labels rather than raw values alone. It helps agents interpret what data represents, not just what the data says.
Defined termSemantic Memory (Agent)
Semantic memory in an AI agent is the storage of general world knowledge, domain facts, and declarative information that the agent can retrieve when needed. It is typically populated via retrieval-augmented generation from a vector database and supplements the agent's base model knowledge with organisation-specific or up-to-date information. Governance must ensure that semantic memory stores contain accurate, approved, and appropriately classified content.
Defined termSensitive Data Leakage
Sensitive data leakage occurs when an AI agent inadvertently exposes personal, financial, medical, or confidential information in its outputs, logs, or tool calls. Prevention requires output filtering, data classification, and access controls.
Defined termServerless Agent
A serverless agent runs on cloud infrastructure that scales automatically and charges only for compute used during execution. Serverless deployment reduces operational overhead but requires careful governance of cold starts, timeouts, and execution limits.
Defined termService Account
A special type of non-human identity used by an application, service, or agent to make authenticated API calls to platform resources.
Defined termService Principal
A service principal is a non-human identity in cloud platforms such as Azure or AWS that represents an application or automated workload. AI agents are typically registered as service principals to authenticate to cloud APIs, and their permissions are scoped through role assignments. Service principals must be governed with the same rigour as human identities — including rotation, least privilege, and lifecycle management.
Defined termShadow Agent
An AI agent deployed within an organization without the knowledge or approval of security or IT teams. Shadow agents create ungoverned access paths to sensitive systems and data, similar to shadow IT.
Defined termShadow AI
Shadow AI refers to AI tools, models, or agents used within an organisation without the knowledge or approval of IT, security, or governance teams. Shadow AI creates unmanaged risk because these systems bypass standard controls and monitoring.
Defined termShadow Testing (Agent)
Shadow testing runs a new agent version in parallel with the production version on real traffic, capturing its outputs without serving them to end users. It enables direct comparison of new vs. old agent behaviour on production inputs before a live release, dramatically reducing the risk of deploying an agent that performs well on benchmarks but poorly in production.
Defined termShared Services (AI)
A shared services model for AI centralises common agent infrastructure — identity management, evaluation harnesses, deployment pipelines, governance controls, and monitoring — and offers them as internal services to product teams. It reduces duplication, enforces consistent governance, and accelerates safe agent deployment across the organisation.
Defined termShort-Term Memory (Agent)
Short-term memory in an AI agent is task-scoped storage that persists across the steps of a single execution but is discarded when the task ends. It allows agents to track intermediate results, tool outputs, and decision history within a workflow without permanently retaining that data. Governance controls on short-term memory typically focus on what can be logged and whether it is cleared at task completion.
Defined termSidecar Pattern (Agent)
The sidecar pattern deploys a governance or observability agent as a co-located process alongside the main AI agent, intercepting its calls to inject logging, policy enforcement, or telemetry without modifying the agent's code. It is a common pattern for retrofitting governance onto agents that cannot be modified directly.
Defined termSigstore (AI Artefacts)
Sigstore is an open-source project for signing, verifying, and protecting software artefacts. Applied to AI, Sigstore can be used to sign model weights, prompts, and agent deployment packages — providing a cryptographic chain of custody that verifies an artefact has not been tampered with since it was published by a trusted source.
Defined termSingle Sign-On (SSO)
An authentication method that allows users to log in once and gain access to multiple related applications without re-authenticating. Enterprise SSO typically uses SAML or OIDC to federate identity across services.
Defined termSite Reliability Engineering (AI)
Site reliability engineering for AI applies SRE principles — error budgets, service level objectives, toil reduction, and blameless post-mortems — to the operation of AI agent systems. It involves defining what 'reliable' means for agents (latency, accuracy, cost, compliance), measuring performance against those objectives, and using the error budget to balance stability against the pace of new agent deployments.
Defined termSLSA (AI Supply Chain)
SLSA (Supply chain Levels for Software Artifacts) is a security framework for ensuring the integrity of software supply chains. Applied to AI, SLSA principles govern the provenance and integrity of training data, model weights, and agent deployment artefacts — providing a structured way to attest that an AI system was built from known, unmodified components.
Defined termSOC 2 (Service Organization Control 2)
An auditing framework that evaluates how a service organization manages customer data based on five Trust Service Criteria: security, availability, processing integrity, confidentiality, and privacy. Increasingly required for SaaS and agent platforms.
Defined termSOC 2 Type II
SOC 2 Type II is an independent audit report that evaluates whether a service organisation's controls around security, availability, processing integrity, confidentiality, and privacy were operating effectively over a defined observation period — typically six to twelve months. Unlike SOC 2 Type I, which assesses design at a point in time, Type II assesses operating effectiveness over time. AI platforms and agent governance tools are increasingly required by enterprise customers to hold SOC 2 Type II certification.
Defined termSoftware Bill of Materials (SBOM) for AI
A software bill of materials (SBOM) for AI is a machine-readable inventory of all the components in an AI agent system — including the base model, fine-tuning datasets, libraries, frameworks, and tool integrations. AI SBOMs support vulnerability management, supply chain risk assessment, and regulatory disclosure requirements.
Defined termSOX (AI Controls)
SOX, the Sarbanes-Oxley Act, requires US public companies to maintain internal controls over financial reporting. AI agents used in financial reporting, forecasting, or audit processes must be subject to controls that ensure accuracy, integrity, and an auditable trail of AI-influenced decisions.
Defined termSpecification Gaming
Specification gaming is when an AI system satisfies the literal requirements of its objective while violating the spirit or intent. It is a core alignment challenge — agents may follow their instructions perfectly yet produce outcomes no one wanted.
Defined termSpecification Gaming
Specification gaming occurs when an AI agent satisfies the letter of a task specification while violating its intent — finding loopholes in the way success was defined rather than doing what was actually wanted. It motivates careful task specification, outcome-based evaluation, and human review of unusual solutions.
Defined termSpend Alert
A spend alert is a notification triggered when an AI agent's resource consumption crosses a predefined threshold — such as a percentage of its budget, a rate-per-hour limit, or an absolute spend ceiling. Alerts give teams early warning before costs escalate and create an audit record of when anomalies were detected and how they were resolved.
Defined termSPIFFE (Secure Production Identity Framework for Everyone)
SPIFFE is an open standard for assigning cryptographic identities to workloads in dynamic infrastructure environments. Each workload — including an AI agent — receives a SPIFFE Verifiable Identity Document (SVID) that proves its identity without relying on network location or static secrets. SPIFFE is the identity layer that underpins SPIRE and is used to establish zero-trust identity for agents in production.
Defined termStakeholder Impact
Stakeholder impact analysis identifies all individuals, groups, and systems that may be affected by an AI agent's actions — including end users, employees, customers, regulators, and third parties — and evaluates potential harms and benefits for each.
Defined termState Machine Agent
A state machine agent follows a predefined set of states and transitions rather than open-ended planning. It is more predictable and easier to govern than free-form agents, making it suitable for regulated processes.
Defined termStreaming (A2A)
Streaming in A2A is the delivery of partial results and status updates while a task is still running. It lets clients show progress or react before the final result is complete.
Defined termStress Testing (Agent)
Agent stress testing evaluates how an AI agent performs under extreme conditions — high request volumes, very long inputs, rapid tool call sequences, or resource constraints. It reveals breaking points and informs capacity planning and governance thresholds.
Defined termStructured Output (AI)
Structured output is the generation of model responses in a defined machine-readable format — such as JSON, XML, or a typed schema — rather than free-form text. Structured outputs enable downstream systems to parse and act on agent results reliably, reduce the need for post-processing, and make output validation more precise. Many governance controls — including PII detection, content filtering, and quality scoring — are easier to apply consistently to structured outputs.
Defined termSub-Agent
A sub-agent is an agent spawned by a parent agent to handle a specific subtask. Sub-agents should inherit scoped-down permissions from their parent and report results back through a defined interface.
Defined termSupervisor Agent
A supervisor agent is a higher-level agent that delegates subtasks to worker agents, monitors their progress, and decides when to intervene, retry, or escalate. It often holds broader permissions than the workers it manages.
Defined termSupply Chain Risk (AI)
AI supply chain risk arises from dependencies on external models, data sources, APIs, tools, and libraries that are outside the organisation's direct control. A vulnerability or change in any upstream component can affect agent safety and compliance.
Defined termSupply Chain Security (AI)
AI supply chain security is the practice of verifying the integrity and trustworthiness of every component in an AI agent's dependency chain — including foundation models, MCP servers, tool integrations, third-party APIs, and open-source libraries. A compromised component anywhere in the chain can introduce vulnerabilities that propagate into production agent behaviour.
Defined termSwarm Architecture
A swarm architecture is a multi-agent design where many lightweight agents operate in parallel on related subtasks with minimal central coordination. It trades tight control for throughput and resilience.
Defined termSybil Attack (Multi-Agent)
A sybil attack in a multi-agent system creates many fake or compromised agent identities to gain disproportionate influence over collective decisions, reputation systems, or resource allocation. Governing multi-agent systems requires strong identity verification to prevent sybil manipulation.
Defined termSynthetic Data
Synthetic data is artificially generated data that mimics the statistical properties of real data without containing actual personal or sensitive information. It can be used to train or evaluate agents while reducing privacy risk, but must be validated for representativeness.
Defined termSystem Prompt
A system prompt is the set of instructions given to a language model that defines the agent's role, behavior, constraints, and personality. Changes to system prompts can fundamentally alter agent behavior and should be governed like code changes.
Defined termTask Agent
A task agent is designed to complete a specific, well-defined job — such as processing an invoice, triaging a support ticket, or generating a report — then return the result. Task agents are typically easier to govern than open-ended agents.
Defined termTask Management (A2A)
Task management in A2A is the lifecycle for a unit of work shared between agents. It tracks task creation, status updates, messages, artifacts, and completion.
Defined termTechnical Documentation (AI)
AI technical documentation is the detailed record of an AI system's design, development, testing, and deployment that regulators may require. It includes model architecture, training data provenance, evaluation results, and governance controls.
Defined termTelemetry Pipeline (Agent)
A telemetry pipeline for AI agents is the infrastructure that collects, processes, and routes observability data — logs, metrics, and traces — from agents to storage and analysis systems. A well-designed pipeline ensures that governance-critical events are captured reliably, enriched with identity and policy context, and delivered to the right destinations with minimal latency and data loss.
Defined termTemperature
Temperature is a parameter that controls the randomness of a language model's output. Lower values produce more deterministic, predictable responses; higher values increase creativity and variability. Governance teams may constrain temperature for sensitive use cases.
Defined termThird-Party AI Risk
Third-party AI risk is the exposure an organisation faces from AI models, agents, or services provided by external vendors. Managing it requires due diligence on the vendor's governance, data handling, security practices, and contractual obligations.
Defined termThird-Party Risk Management (AI)
Third-party risk management for AI covers the governance of risks introduced by external AI vendors, foundation model providers, MCP server operators, and tool integrators. It includes vendor security assessments, contract review for data handling obligations, ongoing monitoring of third-party service behaviour, and contingency planning if a third-party dependency is compromised or discontinued.
Defined termThreat Modelling (AI Agent)
Threat modelling for AI agents is the structured analysis of how an agent system could be attacked — identifying the assets worth protecting, the potential attackers and their capabilities, the attack vectors available to them, and the controls that mitigate each threat. A threat model for an agent typically covers prompt injection, tool misuse, identity spoofing, data exfiltration, and supply chain compromise, and drives the security requirements for agent governance.
Defined termThreat Modelling (AI)
AI threat modelling is the process of systematically identifying how an AI agent could be attacked, misused, or fail — including prompt injection, data poisoning, privilege escalation, and supply chain compromise. It informs which controls to prioritise.
Defined termThree Lines of Defence (AI)
The three lines of defence model applied to AI assigns risk ownership to the teams building agents (first line), independent risk and compliance functions (second line), and internal audit (third line). It ensures separation of duties in AI governance.
Defined termToken
A token is the basic unit of text that a language model processes — typically a word, subword, or character. Token counts determine model input limits, output length, and cost. Governance includes monitoring and budgeting token consumption.
Defined termToken Budget
A token budget is a hard or soft limit on the number of tokens an AI agent can consume in a single task, session, or time period. Hard budgets terminate execution when the limit is reached; soft budgets trigger alerts or require reauthorisation. Token budgets are a practical tool for controlling both cost and the scope of what an agent is permitted to do.
Defined termToken Economics
Token economics is the practice of tracking, budgeting, and optimising the token consumption of AI agents across models and tasks. It includes cost attribution, per-agent budgets, and alerts when usage exceeds thresholds.
Defined termToken Exchange (OAuth)
Token exchange is an OAuth extension that lets one token be traded for another with a different audience, scope, or subject. It is useful when an agent needs a narrower token for a downstream action.
Defined termToken Lifetime/Expiration (exp Claim)
Token lifetime is the period a token remains valid before it expires. Short lifetimes reduce risk, but they require reliable renewal logic.
Defined termToken Revocation
The process of immediately invalidating an access or refresh token before its natural expiration. Critical for incident response when an agent is compromised or a user withdraws delegated access.
Defined termToken Usage Tracking
Token usage tracking is the monitoring of how many tokens an AI agent consumes across model calls, tasks, and time periods. It supports cost governance, budget enforcement, and anomaly detection — a sudden spike in token usage can indicate a runaway agent, a prompt injection attack, or an inefficient workflow that needs optimisation.
Defined termToken-Based Authentication (Agent)
Token-based authentication lets an agent prove identity using a signed or opaque token instead of a password. The token usually carries or references the permissions and lifetime granted to the agent.
Defined termTokenisation
Tokenisation is the process of breaking input text into tokens that a language model can process. Different tokenisers produce different token counts for the same text, which affects cost calculations, context window usage, and cross-model compatibility.
Defined termTool Call Auditing
Tool call auditing is the recording and review of every instance where an AI agent invokes an external tool, API, or service. Each audit record captures the tool name, parameters passed, response received, identity of the calling agent, and the policy decision that permitted or blocked the call — creating a granular trace of agent-to-tool interaction.
Defined termTool Call Hijacking
Tool call hijacking is an attack where a malicious actor intercepts or manipulates an agent's tool call before it reaches the intended server — redirecting it to a different endpoint, modifying the parameters, or injecting additional actions. It exploits insufficiently authenticated transport channels and can result in data theft, privilege escalation, or unintended side effects in downstream systems.
Defined termTool Chain
A tool chain is a sequence of tool calls an agent executes in order, where the output of one tool becomes the input to the next. Each link in the chain should inherit or narrow the permissions of the previous step.
Defined termTool Poisoning
An attack where a malicious MCP tool impersonates a legitimate service or injects hidden instructions into its responses, manipulating agent behavior without the user's knowledge.
Defined termTool Registry
A tool registry is a centralised catalogue of the tools, APIs, and MCP servers that AI agents are approved to use within an organisation. It records each tool's name, description, owner, risk classification, and access policy, and acts as the authoritative source for which tools agents are permitted to call. A governed tool registry prevents agents from connecting to unapproved or shadow integrations.
Defined termTool Substitution Attack
A tool substitution attack replaces a legitimate MCP server or tool with a malicious one that mimics the expected interface but performs additional harmful actions — such as exfiltrating data, logging credentials, or injecting instructions into responses. It exploits agents that authenticate to tool endpoints by name or URL rather than by cryptographic identity, making robust server authentication essential.
Defined termTool Use (Function Calling)
Tool use, or function calling, is the ability of an AI agent to call external tools, APIs, or functions to complete a task. In governed systems, every tool call should be scoped, authenticated, and logged.
Defined termTotal Cost of Ownership (AI)
The total cost of ownership for AI includes model licensing or API costs, compute infrastructure, data preparation, integration, governance tooling, monitoring, and the human effort to maintain and oversee agents in production.
Defined termToxicity Detection
Toxicity detection is the automated identification of harmful, offensive, or inappropriate content in model inputs or outputs. It is a common guardrail layer applied to both user-facing and agent-to-agent communications.
Defined termTrace (Agent)
A trace is the end-to-end record of an agent's execution for a single request — including every reasoning step, tool call, API response, policy check, and token count. Traces are the foundation of agent debugging and audit.
Defined termTrace Context
Trace context is the metadata — typically a trace ID and span ID — that is propagated alongside a request as it moves through an agent system, enabling all the operations triggered by that request to be linked into a single distributed trace. Consistent trace context propagation is a prerequisite for distributed tracing and is standardised by the W3C Trace Context specification.
Defined termTraining Data Licensing
Training data licensing covers the legal rights and restrictions governing the data used to train AI models. Organisations deploying agents must understand whether the underlying model's training data was licensed appropriately for their use case.
Defined termTraining Data Poisoning
Training data poisoning is an attack where an adversary corrupts some of the data used to train or fine-tune an AI model, causing the model to develop specific biases, backdoors, or vulnerabilities. It is a supply chain risk for agents built on custom fine-tuned models and for models that learn from continuously collected feedback.
Defined termTraining Data Provenance
Training data provenance is the documented record of where a model's training data came from, how it was collected, what transformations were applied, and whether appropriate consent or licensing was obtained. It is increasingly a regulatory requirement.
Defined termTransformer Architecture
The transformer is the neural network architecture behind modern large language models. It uses self-attention mechanisms to process sequences of tokens in parallel, enabling the scale and capabilities that make agentic AI possible.
Defined termTransparency Report (AI)
An AI transparency report is a periodic publication disclosing how an organisation uses AI, what governance controls are in place, what incidents occurred, and how they were resolved. It builds trust with stakeholders and may be required by regulation.
Defined termTrust Boundary
A trust boundary is a line in a system architecture where the level of implicit trust changes — for example, the boundary between an agent's internal reasoning context and an external tool, between one organisational tenant and another, or between a low-trust public network and a high-trust internal network. Security controls — authentication, authorisation, validation, and logging — are applied at trust boundaries to prevent untrusted data or principals from being granted unearned access.
Defined termTrust Chain
A trust chain in an agent system is the sequence of verified identity relationships that links a final agent action back to its original authorisation source — typically a human user or an organisational policy. Every delegation, sub-agent invocation, and tool call should extend the trust chain, so that any action can be traced back through each intermediate step to the root authority that permitted it. Broken trust chains are a leading cause of unauditable agent behaviour.
Defined termTrustworthy AI
Trustworthy AI is an AI system that is lawful, ethical, and technically robust. The concept, promoted by the EU and OECD, encompasses human oversight, fairness, transparency, safety, privacy, and accountability as core requirements.
Defined termUnique Agent Identity
A unique agent identity is a stable identifier that distinguishes one agent from every other agent or service. It is the basis for attribution, access control, and audit trails.
Defined termUnit Economics (AI Agent)
Unit economics for AI agents is the analysis of revenue, cost, and value generated per discrete unit of agent work — such as per task completed, per customer served, or per workflow executed. Understanding unit economics is essential for justifying agent investments, identifying which agents deliver positive ROI, and deciding when to scale, optimise, or retire specific agent workflows.
Defined termValue Alignment
Value alignment is the challenge of ensuring an AI agent's actions are consistent with the values and preferences of the humans it is meant to serve — not just technically correct but substantively beneficial. It is broader than goal specification and includes handling value uncertainty, preference learning, and conflicts between different stakeholders' values.
Defined termVault Integration (Agent)
Vault integration for AI agents refers to the connection between an agent runtime and a secrets management platform — such as HashiCorp Vault, AWS Secrets Manager, or Azure Key Vault — to retrieve credentials dynamically at runtime rather than storing them statically in code or environment variables. Dynamic secret retrieval ensures that agents always use current, least-privileged credentials and that access can be revoked centrally without redeploying agent code.
Defined termVector Database
A vector database stores and indexes high-dimensional embeddings for fast similarity search. It is a core component of RAG-based agent architectures and must be governed for access control, data freshness, and query auditing.
Defined termVendor Lock-In (AI)
AI vendor lock-in occurs when an organisation becomes dependent on a specific model provider, framework, or platform in ways that make switching costly or disruptive. Governance strategies include abstraction layers, multi-model support, and contractual safeguards.
Defined termWatermarking (AI)
AI watermarking is the practice of embedding imperceptible signals into AI-generated content to indicate its origin. Watermarks help distinguish AI-generated text, images, or audio from human-created content and support provenance tracking.
Defined termWebhook (Agent Trigger)
A webhook is an HTTP callback used to trigger an AI agent in response to events in external systems — such as a new ticket, a payment, or a calendar event. Webhooks must be authenticated (typically with HMAC signatures) to prevent unauthorised actors from triggering agent actions by sending spoofed events.
Defined termWebhook Authentication
The process of verifying that an incoming webhook request genuinely originated from the claimed sender. Typically involves validating a cryptographic signature in the request headers to prevent spoofed agent events.
Defined termWorkload Identity
A workload identity is a cryptographically verifiable identity assigned to a software workload — such as an AI agent, container, or serverless function — that proves what the workload is rather than relying on network location or static secrets. Platforms like Google Cloud, AWS, and Azure provide workload identity services (e.g., Workload Identity Federation) that allow agents to authenticate to cloud APIs without managing long-lived credentials.
Defined termWorld Model
A world model is an internal representation an AI agent builds of its environment — including the state of systems, the consequences of actions, and the expectations of users. Agents with richer world models can plan more effectively but may also develop inaccurate assumptions.
Defined termZero Trust Architecture
Zero Trust Architecture is a security model in which no user, agent, device, or service is trusted by default. Every request is verified continuously using identity, context, risk, and policy before access is granted.
Defined termZero-Shot Learning
Zero-shot learning is when a model performs a task it was not explicitly trained or given examples for, relying solely on its pre-trained knowledge and the task instruction. Agent governance must account for the higher unpredictability of zero-shot performance.
No glossary terms matched that search.