AI agent governance terms, explained clearly
A practical reference for security, engineering, and AI teams working on agent identity, runtime control, access, observability, and compliance in production systems.
A/B Testing (Agent)
Agent A/B testing compares two versions of an agent — differing in model, prompt, tools, or configuration — by routing a portion of traffic to each and measuring performance, quality, and user satisfaction differences.
Defined termA2A Protocol (Agent-to-Agent Protocol)
The Agent-to-Agent (A2A) protocol is an emerging open protocol for agents to describe capabilities, exchange tasks, and return results across different frameworks and vendors.
Defined termAgent Approval Workflow
An agent approval workflow is a defined process that requires designated reviewers to authorize an agent before it is deployed to production. Approvals may gate on risk classification, security review, compliance sign-off, and evaluation results.
Defined termAgent Autonomy Level
Agent autonomy level describes how much independent decision-making authority an agent has — from fully supervised (every action approved) to fully autonomous (acts without human checkpoints). Higher autonomy requires stronger governance controls.
Defined termAgent Behavior Policy
An agent behavior policy is a set of rules that define how an agent should act in specific situations — what it can say, what tools it can use, what data it can access, and when it should escalate. Behavior policies are the bridge between business intent and runtime enforcement.
Defined termAgent Boundary
An agent boundary is a hard constraint that an agent cannot cross regardless of its reasoning or the user's instructions. Boundaries are distinct from guidelines in that they are enforced at the runtime layer, not merely suggested in the prompt.
Defined termAgent Budget
An agent budget is the predefined allocation of compute, tokens, API calls, or financial spend granted to an AI agent for a task or time period. Budgets function as a hard governance control — when an agent reaches its limit, execution stops, escalates, or requires reauthorisation rather than continuing unchecked.
Defined termAgent Capability
An agent capability is a specific skill or function an agent can perform, such as searching a database, calling an API, writing code, or sending a message. Governance controls should be scoped per capability rather than per agent.
Defined termAgent Card
An agent card is a machine-readable description of an agent's identity, capabilities, endpoints, and authentication requirements. Other systems use it to discover what the agent can do and how to call it.
Defined termAgent CI/CD
Agent CI/CD is the practice of applying continuous integration and continuous delivery principles to AI agent development — automatically testing agents on every change, gating production releases on evaluation results, and automating deployment pipelines for agent code, prompts, and configuration. It brings the reliability practices of software engineering to agent lifecycle management.
Defined termAgent Classification
Agent classification is the process of categorising an AI agent by its risk level, autonomy, data sensitivity, and business impact. Classification determines which governance controls, monitoring intensity, and approval processes apply.
Defined termAgent Configuration Management
Agent configuration management is the governed tracking and deployment of all parameters that shape agent behavior — including model selection, temperature, system prompts, tool lists, and policy bindings. Configurations should be versioned and auditable.
Defined termAgent Control Plane
An agent control plane is a centralized layer that gives teams visibility into all AI agents, enforces runtime policies, manages approvals, and maintains audit trails across frameworks. It acts as the operational governance layer for production agents.
Defined termAgent Control Plane
The agent control plane is the management layer responsible for configuring, governing, and monitoring AI agents at runtime — distinct from the data plane on which agents execute their work. The control plane enforces policies, collects telemetry, manages agent identity and access, routes approval decisions, and provides the operator interface for governing agent behaviour across an enterprise fleet.
Defined termAgent Decommissioning
Agent decommissioning is the governed process of retiring an AI agent from production — revoking its credentials, archiving its logs and audit trails, removing its integrations, and updating the AI inventory to reflect its retired status.
Defined termAgent Delegation
Agent delegation is when one agent assigns a subtask to another agent, transferring responsibility for that portion of the work. Delegated permissions should be scoped down from the delegating agent's own permissions.
Defined termAgent Deployment
Agent deployment is the process of releasing an agent version into a production or staging environment. Governed deployments include identity provisioning, permission assignment, policy binding, and rollback capability.
Defined termAgent Discovery
Agent discovery is the process of identifying and cataloguing all AI agents operating within an organisation, including agents that were deployed without central approval. It is the first step in building an agent registry and closing governance gaps caused by shadow agents.
Defined termAgent Ecosystem
An agent ecosystem is the broader environment of agents, tools, identity systems, protocols, and policies that let many agents operate together.
Defined termAgent Evaluation
Agent evaluation is the systematic assessment of an agent's quality, accuracy, safety, and policy compliance across a representative set of tasks. It should be automated, repeatable, and run before every deployment.
Defined termAgent Framework
An agent framework is a software library or platform that provides the building blocks for constructing AI agents — including reasoning loops, tool calling interfaces, memory management, and multi-agent coordination. Popular frameworks include LangChain, LangGraph, AutoGen, CrewAI, and Semantic Kernel. Governance platforms sit above frameworks to enforce consistent identity, policy, and observability regardless of which framework an agent uses.
Defined termAgent Governance
Agent governance is the set of policies, controls, review workflows, and monitoring practices that determine how AI agents are approved, deployed, observed, and constrained in production. It covers identity, access, behavior boundaries, auditability, and compliance.
Defined termAgent Grading Rubric
An agent grading rubric is a structured scoring guide that defines the criteria and weighting used to evaluate agent outputs — covering dimensions such as accuracy, completeness, format compliance, safety, and tone. A well-defined rubric enables consistent automated scoring and gives development teams clear targets for improvement.
Defined termAgent Graph
An agent graph is a directed structure defining the possible states, transitions, and branching logic of an agentic workflow. Nodes represent agents or actions; edges represent handoffs, conditions, or data flows.
Defined termAgent Grounding
Agent grounding is the practice of anchoring an agent's responses and decisions in verified, authoritative data rather than relying solely on the model's parametric knowledge. Grounding reduces hallucination and improves factual accuracy.
Defined termAgent Handoff
An agent handoff is the transfer of a task, context, and control from one agent to another during a workflow. Secure handoffs must preserve identity chain, carry forward permissions, and log the transfer for audit.
Defined termAgent Lifecycle
The agent lifecycle is the full sequence of stages an AI agent passes through, from initial design and registration through deployment, active operation, updates, and eventual retirement. Governing the lifecycle ensures that identities, permissions, and ownership records stay current and that decommissioned agents cannot continue acting after they are no longer needed.
Defined termAgent Lifecycle Management
Agent lifecycle management is the process of governing an agent from registration through deployment, rotation, suspension, and retirement. It ensures identities, permissions, and ownership stay current over time.
Defined termAgent Load Balancing
Agent load balancing distributes incoming requests across multiple instances of an agent to optimise throughput and reliability. Load balancers may also route based on agent version, model, or compliance requirements.
Defined termAgent Memory
Agent memory is the mechanism that lets an agent retain information across interactions, either within a session (short-term) or across sessions (long-term). Memory systems must be governed for data retention, access scope, and compliance.
Defined termAgent Observability
Agent observability is the ability to understand what AI agents are doing through metrics, logs, traces, and runtime events. It extends traditional monitoring by showing decision paths, tool calls, data access patterns, and policy outcomes.
Defined termAgent Observability Pipeline
An agent observability pipeline collects, processes, and routes telemetry data from running agents — including traces, logs, metrics, and governance events — to monitoring, alerting, and compliance systems.
Defined termAgent Orchestration
Agent orchestration is the coordination of multiple AI agents working together on a shared task. It usually involves a supervising workflow that routes subtasks, manages state, and enforces identity and permission boundaries across the chain.
Defined termAgent Performance Monitoring
Agent performance monitoring tracks an AI agent's operational metrics — latency, throughput, error rates, task completion rates, and user satisfaction — to ensure it meets service level expectations and detect degradation early.
Defined termAgent Protocol
An agent protocol is a standardised interface that defines how agents communicate, exchange tasks, report status, and share results. Examples include A2A and MCP. Protocols reduce integration friction and enable interoperability.
Defined termAgent Quality Score
An agent quality score is a composite metric that evaluates an agent's output accuracy, relevance, safety, and policy compliance across a set of representative tasks. Quality scores inform deployment decisions and ongoing governance.
Defined termAgent Registry
An agent registry is a central catalog of all deployed agents within an organisation, recording each agent's identity, owner, model, tools, permissions, version, and operational status.
Defined termAgent Retirement
Agent retirement is the governed process of permanently decommissioning an AI agent — revoking its credentials, removing its permissions, archiving its audit trail, and removing it from the active agent registry. A defined retirement process prevents zombie agents from retaining access after they are no longer maintained.
Defined termAgent Rollback
An agent rollback reverts a deployed agent to a previous known-good version of its model, prompt, tools, or configuration. Fast rollback is a critical safety net when a new release introduces regressions or policy violations.
Defined termAgent Router
An agent router is a component that examines an incoming request and decides which specialised agent or model should handle it. Routing decisions can be based on intent classification, cost, latency, or compliance requirements.
Defined termAgent Scope
Agent scope defines the boundaries of what an agent is authorised to do — which tools it can call, what data it can access, which systems it can interact with, and under what conditions. Narrow scope reduces risk; broad scope requires stronger controls.
Defined termAgent Spend Controls
Agent spend controls are runtime limits that cap how much an AI agent can consume in compute, tokens, API calls, or financial cost within a defined period or task. They prevent runaway agents from generating unexpected costs and allow teams to set per-agent, per-team, or global budgets that are enforced at execution time.
Defined termAgent Telemetry
The collection and transmission of operational data from running agents — including latency, token usage, error rates, tool calls, and policy decisions — to centralized monitoring systems for observability and cost management.
Defined termAgent Tracing
Agent tracing is the collection of distributed trace data across every step an AI agent takes — including reasoning steps, tool calls, API requests, and sub-agent invocations. Traces give engineers and governance teams a detailed, chronological view of exactly what an agent did and how long each step took, enabling both debugging and compliance review.
Defined termAgent Versioning
Agent versioning is the practice of tagging each release of an agent's model, prompt, tools, and configuration so that any past behavior can be reproduced. It is essential for audit, rollback, and compliance evidence.
Defined termAgent-as-a-Service
Agent-as-a-Service is a deployment and commercial model where AI agent capabilities are offered over an API — allowing organisations to consume agent workflows without building or operating the underlying infrastructure. Governance of third-party agent services includes vendor risk assessment, data processing agreements, and monitoring of service behaviour.
Defined termAgentic AI
AI systems that can autonomously plan, reason, use tools, and take actions to achieve goals with minimal human intervention. Unlike simple chatbots, agentic AI actively interacts with external systems and makes decisions that affect real-world outcomes.
Defined termAgentic IDE
An agentic IDE is a software development environment that integrates AI agents to assist with coding, debugging, testing, and deployment. Governance concerns include code provenance, intellectual property, and ensuring the agent does not introduce vulnerabilities.
Defined termAgentic Loop
An agentic loop is the core execution cycle of an autonomous agent: observe the environment, reason about the next step, take an action, and evaluate the result. Governance controls can be inserted at each stage of the loop.
Defined termAgentic Memory
Agentic memory refers to the mechanisms by which an AI agent retains and retrieves information across steps within a task or across multiple sessions. It includes working memory (the active context window), short-term memory (task-scoped storage), and long-term memory (persistent vector stores or databases). Governance of agentic memory must address what data is retained, who can access it, how long it is kept, and whether it can be audited or erased.
Defined termAgentic RAG
Agentic RAG combines retrieval-augmented generation with autonomous agent capabilities, allowing the agent to decide what to retrieve, from which sources, and how to synthesize results. Governance must control which data sources the agent can query.
Defined termAgentic Workflow
An agentic workflow is a multi-step process where one or more AI agents make decisions, call tools, and pass results between stages to achieve a business outcome. Governance must span the entire workflow, not just individual agent actions.
Defined termAI Agent
An AI agent is an autonomous software system that uses a large language model as its reasoning engine to perceive its environment, plan actions, call tools, and complete tasks with minimal human intervention at each step. Unlike a simple AI assistant that responds to single queries, an agent maintains state across multiple steps, makes decisions based on intermediate results, and can trigger real-world effects through tool calls and API integrations.
Defined termAI Agent for Compliance Monitoring
A compliance monitoring agent continuously checks transactions, communications, or processes against regulatory rules and flags violations. It must itself be governed to ensure its rules are current, its alerts are accurate, and its evidence is admissible.
Defined termAI Agent for Fraud Detection
A fraud detection agent monitors transactions, identifies suspicious patterns, and flags or blocks potential fraud in real time. It requires strict governance around decision explainability, false positive rates, and appeal processes for affected individuals.
Defined termAI Agent Swarm Intelligence
Swarm intelligence in AI agents is when many simple agents collectively solve problems through decentralised coordination — similar to how ant colonies or bird flocks exhibit intelligent behavior. Governing swarms requires monitoring emergent rather than individual behavior.
Defined termAI Audit
An AI audit is a formal review of an AI system's design, data, behavior, and governance controls to verify compliance with internal policies, regulations, or industry standards. Audits may be conducted internally or by independent third parties.
Defined termAI Bill of Materials (AI BOM)
An AI bill of materials is a comprehensive inventory of all components that make up an AI system — including models, training data sources, frameworks, libraries, tools, APIs, and configuration. It enables supply chain risk management and auditability.
Defined termAI Business Case
An AI business case is the documented justification for investing in an AI agent deployment — including the problem it solves, the expected benefits, the implementation cost, the governance requirements, and the success metrics. A strong business case includes risk assessment and a plan for monitoring value realisation over time.
Defined termAI Center of Excellence
An AI center of excellence is a cross-functional team within an organisation that establishes standards, best practices, and governance frameworks for AI adoption. It typically includes representatives from engineering, data science, legal, compliance, and business leadership.
Defined termAI Change Management
AI change management is the governed process of reviewing, approving, and deploying changes to AI agents — including model updates, prompt modifications, tool additions, and policy adjustments. It prevents uncontrolled changes from reaching production.
Defined termAI Compliance Officer
An AI compliance officer ensures that an organisation's AI deployments — including AI agents — comply with applicable laws, regulations, and internal policies. The role monitors for regulatory changes, conducts compliance assessments, and coordinates with legal, engineering, and governance teams to address compliance gaps.
Defined termAI Governance Analyst
An AI governance analyst supports the review, documentation, and monitoring of AI systems across an organisation — maintaining AI inventories, tracking policy compliance, analysing audit logs, and preparing governance reports for stakeholders. The role is often the operational layer of an AI governance program.
Defined termAI Governance Board
An AI governance board is a senior cross-functional committee that sets AI strategy, approves high-risk use cases, resolves escalations, and ensures the organisation's AI activities align with its values, policies, and regulatory obligations.
Defined termAI Governance Framework
An AI governance framework is a structured set of policies, processes, roles, and controls that an organisation uses to manage AI systems responsibly throughout their lifecycle. It typically covers risk assessment, accountability, transparency, and continuous monitoring.
Defined termAI Governance Framework
An AI governance framework is the structured set of policies, processes, roles, and controls an organisation uses to manage its AI systems responsibly. A mature framework covers the full AI lifecycle — from model selection and data sourcing through deployment, monitoring, incident response, and retirement — and aligns with applicable regulations such as the EU AI Act, NIST AI RMF, and ISO 42001.
Defined termAI Guardrail Layer
An AI guardrail layer is a dedicated component in an agent architecture that intercepts inputs and outputs to apply safety checks, content filtering, PII detection, and policy enforcement before actions reach their target.
Defined termAI Impact Assessment
An AI impact assessment is a structured evaluation conducted before deploying an AI system to identify potential risks, benefits, and mitigations. It typically covers fairness, privacy, safety, transparency, and stakeholder impact.
Defined termAI in Financial Services
AI in financial services encompasses the use of AI agents for trading, risk assessment, fraud detection, customer service, and regulatory compliance. Financial regulators impose strict requirements around explainability, fairness, audit trails, and operational resilience.
Defined termAI in Government
AI in government uses AI agents for public services, policy analysis, and administrative processes. Government AI deployments face heightened scrutiny around bias, transparency, democratic accountability, and public trust.
Defined termAI in Healthcare
AI in healthcare applies AI agents to clinical documentation, diagnostic support, drug discovery, and patient communication. Healthcare AI governance must address patient safety, data privacy (HIPAA), clinical accuracy, and liability for AI-assisted decisions.
Defined termAI in Insurance
AI in insurance uses AI agents for claims processing, underwriting, fraud detection, and customer engagement. Governance must ensure actuarial fairness, prevent discriminatory pricing, maintain explainability, and comply with insurance-specific regulations.
Defined termAI in Legal
AI in legal applies AI agents to contract review, legal research, discovery, and compliance analysis. Governance concerns include confidentiality, privilege, accuracy of legal interpretations, and the professional responsibility of lawyers relying on AI outputs.
Defined termAI Inventory
An AI inventory is a comprehensive register of all AI systems, models, and agents deployed or in development within an organisation. It records ownership, purpose, risk classification, data sources, and governance status for each entry.
Defined termAI Liability
AI liability refers to the legal responsibility for harm caused by AI systems, including AI agents that take autonomous actions with real-world consequences. Liability frameworks are evolving rapidly — the EU AI Act introduces product liability extensions for high-risk AI, and national courts are developing case law on whether liability falls on model developers, platform operators, or deploying organisations. Understanding AI liability exposure is a key input to risk classification and governance investment decisions.
Defined termAI Maturity
AI maturity describes how advanced an organisation is in its AI adoption — from experimenting with individual use cases to running governed, production-grade agents at scale. Maturity assessments help identify gaps in technology, process, and governance.
Defined termAI Maturity Model
An AI maturity model is a staged framework that describes the progression from ad hoc, ungoverned AI usage to optimised, fully governed AI operations. Maturity levels typically span from initial adoption (experimental models, no governance) through defined processes, governed production deployments, and finally to continuous improvement with measurement and optimisation. Organisations use maturity models to benchmark current state and plan governance investments.
Defined termAI Operating Model
An AI operating model defines how an organisation structures teams, processes, and technology to build, deploy, and govern AI systems at scale. It covers roles, responsibilities, decision rights, and the interplay between central and decentralised teams.
Defined termAI Oversight
AI oversight is the ongoing supervision of AI systems by designated individuals, teams, or automated controls to ensure they operate within acceptable boundaries. Effective oversight combines monitoring, alerting, escalation, and periodic review.
Defined termAI Policy Library
An AI policy library is a centralised repository of governance rules, guidelines, and constraints that can be applied to AI agents. Policies in the library are versioned, tagged by use case, and can be composed into policy sets for different agent classifications.
Defined termAI Procurement
AI procurement is the process of evaluating, selecting, and onboarding external AI models, tools, or services with appropriate governance due diligence. It includes vendor risk assessment, data processing agreements, and compliance verification.
Defined termAI Product Owner
An AI product owner is responsible for the business value, scope, and requirements of an AI agent or agent-powered product. In governed organisations, the AI product owner also bears responsibility for ensuring that the agent is approved for its use case, monitored in production, and updated when requirements or risk profiles change.
Defined termAI Provenance
AI provenance is the traceable record of how an AI output was produced — including the model used, the input data, the prompt, the tools invoked, and the governance controls applied. Provenance enables accountability and supports regulatory requirements.
Defined termAI Proxy
An AI proxy is an intermediary layer that intercepts traffic between AI agents and the systems they interact with — such as model APIs, MCP servers, or enterprise data sources — to inspect, filter, log, and enforce policies on requests and responses. AI proxies implement governance controls without requiring changes to the agents themselves, making them particularly useful for governing legacy or third-party agent deployments.
Defined termAI Risk Assessment
An AI risk assessment is a systematic evaluation of the potential harms, failure modes, and likelihood of adverse outcomes associated with deploying an AI system. It informs which controls, monitoring, and human oversight are needed.
Defined termAI Risk Officer
An AI risk officer is responsible for identifying, assessing, and managing the risks associated with AI systems across the organisation. The role bridges technical AI teams with enterprise risk management and regulatory affairs.
Defined termAI Risk Register
An AI risk register is a structured log of identified risks associated with AI systems, including their likelihood, potential impact, current controls, residual risk level, and assigned owner. It is a foundational tool for governance teams.
Defined termAI ROI
AI return on investment measures the business value generated by AI systems relative to the total cost of building, deploying, and governing them. Governance itself contributes to ROI by reducing risk, enabling faster deployment, and building stakeholder trust.
Defined termAI Singularity
The AI singularity is a theoretical point at which AI systems become capable of recursive self-improvement, leading to rapid and potentially uncontrollable advances in intelligence. While speculative, singularity scenarios inform long-term AI safety research.
Defined termAI Strategy
An AI strategy is an organisation's plan for adopting, scaling, and governing AI to achieve business objectives. A mature AI strategy integrates governance from the start rather than treating it as a separate compliance exercise.
Defined termAI Use-Case Registry
An AI use-case registry is a centralised inventory of all AI applications and agent workflows deployed or planned within an organisation. Each entry records the use case's purpose, business owner, risk classification, compliance requirements, and associated agent identifiers. The registry gives governance teams a complete picture of AI deployments across the organisation and is the starting point for risk-based governance prioritisation.
Defined termAI Value Realisation
AI value realisation is the discipline of measuring and demonstrating the business outcomes generated by AI agent deployments — translating technical metrics such as task completion rate and error reduction into business metrics such as cost savings, revenue impact, and customer satisfaction. It connects agent governance to business strategy.
Defined termAlert Fatigue (AI)
AI alert fatigue occurs when governance or monitoring systems generate so many alerts that operators become desensitised and miss genuine issues. Effective agent governance tunes alerting thresholds to balance coverage with actionability.
Defined termAlgorithmic Impact Assessment
An algorithmic impact assessment is a structured evaluation of how an AI system may affect individuals, communities, and society — covering risks such as discrimination, privacy loss, economic displacement, and erosion of trust. Some jurisdictions require them for high-risk deployments.
Defined termAnomaly Detection (Agent)
Agent anomaly detection identifies unusual patterns in an agent's behavior — such as unexpected tool calls, abnormal token usage, or novel output patterns — that may indicate a problem, attack, or drift from expected operation.
Defined termAnswer Faithfulness
Answer faithfulness is an evaluation metric that measures whether an AI agent's response is grounded in and consistent with the source context it was given — rather than hallucinated or contradicted by the context. It is a core metric in RAG-based agent evaluation and is required for compliance use cases where agents must only cite information from approved sources.
Defined termAnswer Relevance
Answer relevance is an evaluation metric that measures how directly an AI agent's response addresses the user's actual question or task. A response that is factually accurate but off-topic scores low on relevance. It is typically assessed by comparing the response to the original query rather than to a source document.
Defined termApproval Workflow
An approval workflow is a structured process that requires one or more human reviewers to authorise a high-risk agent action before it is executed. Governance platforms route the request, capture the reviewer's decision, record the justification, and log the outcome as part of the audit trail.
Defined termArtifact (A2A)
An artifact in A2A is a concrete output produced during a task, such as text, a file, or structured data. It represents the result another agent or system can use next.
Defined termArtificial General Intelligence (AGI)
Artificial general intelligence refers to a hypothetical AI system capable of understanding and performing any intellectual task a human can. While AGI does not yet exist, governance frameworks should anticipate increasingly capable and autonomous AI systems.
Defined termAutomated Evaluation
Automated evaluation uses programmatic checks, model-based judges, or statistical metrics to assess agent performance at scale. It enables continuous testing in CI/CD pipelines but should be supplemented with human review for nuanced quality.
Defined termAutonomous Agent
An autonomous agent is an AI system that can independently plan, reason, use tools, and take actions to achieve a goal with minimal or no human intervention during execution. The degree of autonomy varies and should be matched with proportionate governance controls.
Defined termBehavioral Orchestration
Behavioral orchestration is the coordination of how multiple agents act across a workflow. It defines which agent acts next, what context is passed forward, and what rules govern the handoff.
Defined termBenchmark (Agent)
An agent benchmark is a standardised set of tasks used to measure and compare agent performance across dimensions such as accuracy, reasoning depth, tool use efficiency, and instruction following. Benchmarks provide a reproducible baseline for tracking improvement over time and for comparing different models or agent configurations against each other.
Defined termBenchmark (AI)
An AI benchmark is a standardised test or dataset used to measure and compare the performance of AI models or agents on specific tasks. Benchmarks help organisations select models and track quality over time, but may not reflect real-world conditions.
Defined termBias Detection
Bias detection is the process of identifying systematic unfairness in an AI model's outputs across protected groups or sensitive attributes. In agent governance, bias checks should be part of evaluation pipelines before deployment.
Defined termBlue Teaming (Agent)
Agent blue teaming is the defensive practice of monitoring, detecting, and responding to attacks or anomalies in running AI agents. Blue teams build the detection rules, response playbooks, and governance dashboards that keep agents safe in production.
Defined termCanary Evaluation
Canary evaluation routes a small fraction of production agent traffic to a new agent version and monitors quality, error rate, and policy compliance in real time before full rollout. It is a risk management technique that limits exposure to regressions while enabling empirical performance comparison on live data.
Defined termCapability Control (AI)
Capability control is the practice of limiting what an AI agent is technically able to do — through tool restrictions, output filtering, API permissions, and execution environment constraints — rather than relying solely on the agent's own safety training to prevent harmful behaviour. Capability controls are a defence-in-depth strategy: even if an agent's reasoning can be manipulated, the controls ensure it cannot take actions outside its permitted scope.
Defined termCapability Discovery
Capability discovery is the process of learning what another agent or service can do before calling it. It usually means reading metadata such as tools, inputs, auth requirements, and usage constraints.
Defined termCatastrophic Forgetting
Catastrophic forgetting is when a neural network loses previously learned knowledge after being trained on new data. For agents, this means fine-tuning or updates can degrade performance on earlier tasks — requiring regression testing and governance review.
Defined termCCPA (AI Agents)
The California Consumer Privacy Act (CCPA) gives California residents rights over their personal data, including data used by AI agents. AI agents that collect, process, or make decisions based on California residents' data must support opt-out rights, data access requests, and deletion obligations — and must document what data they access.
Defined termCCPA (California Consumer Privacy Act)
CCPA is a U.S. state privacy law that gives California consumers rights over their personal information, including the right to know, delete, and opt out of its sale. AI agents processing consumer data must comply with these requirements.
Defined termChain of Thought
Chain of thought is the model's intermediate reasoning process when working toward an answer or action. Teams should not depend on raw chain-of-thought output as a required control or audit record.
Defined termChargeback Model
A chargeback model is a financial accountability mechanism that bills the cost of AI agent operations back to the teams or business units that use them. It creates economic incentives to deploy agents efficiently, retire unused agents, and right-size resource allocations — and is a common component of enterprise FinOps programmes for AI.
Defined termChief AI Officer (CAIO)
A Chief AI Officer is the senior executive responsible for AI strategy, governance, and deployment across an organisation. The CAIO coordinates AI investment, sets governance standards, manages AI risk at the board level, and ensures that AI deployments align with business objectives and regulatory expectations.
Defined termCI/CD for AI
CI/CD for AI applies continuous integration and continuous deployment practices to AI agent development — automatically testing, evaluating, and deploying changes to models, prompts, tools, and policies through a governed pipeline.
Defined termCode Execution Agent
A code execution agent is an agent that writes and runs code in a sandboxed environment to solve analytical, computational, or data transformation tasks. It requires strict sandboxing and resource limits to prevent uncontrolled execution.
Defined termComputer Use Agent
A computer use agent is an AI system that can interact with software applications through a graphical user interface — clicking buttons, filling forms, and navigating screens like a human user. It requires strict scoping and monitoring because it can take real actions across any application.
Defined termConfidence Score (Agent)
A confidence score is a numerical estimate of how certain an AI agent is about its output or the correctness of a decision. Agents with calibrated confidence scores can trigger escalation to human reviewers or request additional context when confidence falls below a threshold — making confidence-aware routing a practical governance control.
Defined termConfiguration Drift
Configuration drift occurs when an AI agent's deployed state diverges from its approved, governed configuration over time — through manual changes, dependency updates, or environment differences. Detecting drift is a key governance function because an agent operating outside its approved configuration may no longer comply with the policies it was originally bound to.
Defined termConstitutional AI
Constitutional AI is an alignment approach where a model is trained to follow a set of principles or rules. It aims to make models self-correcting by having them evaluate their own outputs against the constitution before responding.
Defined termContent Modality (A2A)
Content modality in A2A refers to the type of content agents exchange, such as text, files, audio, images, or structured data. Each modality has different handling, security, and validation needs.
Defined termContext Consumer
A context consumer is any agent, model, or application that reads context from another system so it can make decisions or complete a task.
Defined termContext Precision
Context precision is a RAG evaluation metric that measures whether the retrieved documents an agent was given actually contain the information needed to answer the query — as opposed to returning many irrelevant chunks that increase noise and token cost. High context precision leads to more accurate agent responses at lower cost.
Defined termContext Recall
Context recall is a RAG evaluation metric that measures whether all the information needed to answer a query was present in the retrieved context. Low recall means the agent is likely to miss key information and produce incomplete or hallucinated answers even with a high-quality model.
Defined termContext Versioning
Context versioning is the practice of tracking changes to a context schema or context payload format over time. It helps clients and servers stay compatible as fields are added, removed, or reinterpreted.
Defined termContext Window
A context window is the maximum amount of input a model can process in one request, measured in tokens. It limits how much conversation history, retrieved data, and tool output can be considered at once.
Defined termContext Window Poisoning
Context window poisoning is an attack in which malicious content is injected into an agent's input context — through a retrieved document, a tool response, or a prior conversation turn — with the intent of overriding the agent's instructions or causing it to take harmful actions. It is a variant of indirect prompt injection that targets the context assembly layer rather than the system prompt directly.
Defined termContinuous Compliance
Continuous compliance is the practice of monitoring AI agent behavior against governance policies in real time rather than relying on periodic audits. It provides immediate detection of violations and evidence that controls are working.
Defined termCorrigibility
Corrigibility is the property of an AI system that allows it to be safely corrected, redirected, or shut down by its operators without the system resisting the intervention. A corrigible agent does not place excessive value on its own continuity or current objectives — it defers to human authority when instructed to change course. Corrigibility is a design goal for enterprise AI agents and is supported by governance controls such as kill switches, approval workflows, and runtime policy enforcement.
Defined termCorrigibility
Corrigibility is the property of an AI agent that makes it responsive to correction, shutdown, and modification by its operators — without resisting, circumventing, or manipulating humans in order to preserve its current goals. Ensuring AI agents remain corrigible is a core AI safety objective, especially as agents become more capable of taking autonomous actions.
Defined termCost Attribution
Cost attribution is the practice of assigning AI infrastructure costs — compute, tokens, API calls, and storage — to the specific agents, teams, or business units that incurred them. Accurate attribution enables chargeback models, budget accountability, and the identification of agents whose cost-to-value ratio justifies optimisation or retirement.
Defined termCost per Task (Agent)
Cost per task is a unit economics metric that captures the total resource spend — model inference, API calls, compute, and storage — attributable to a single agent task or workflow execution. Tracking cost per task enables teams to compare the economic efficiency of different agent designs, identify workflows that are disproportionately expensive, and build business cases for optimisation.
Defined termData Poisoning
Data poisoning is an attack where an adversary manipulates training or retrieval data to influence a model's outputs. In RAG-based agents, poisoned knowledge base entries can cause the agent to return harmful or misleading information.
Defined termDelegation Control
Delegation control is the governance capability that limits how an AI agent can pass its authority to other agents or services. Without delegation controls, an agent could grant excessive permissions to downstream agents, creating privilege escalation paths that bypass the original governance boundaries. Strong delegation control enforces that agents can only delegate a subset of their own permissions and that all delegations are logged.
Defined termDistributed Tracing (Agent)
Distributed tracing for AI agents is the collection of trace data that follows a request or task as it moves across multiple agents, tools, services, and model calls. Each operation is recorded as a span with timing, identity, and outcome metadata; spans are linked into a unified trace that shows the full execution path. Distributed tracing is essential for debugging multi-agent workflows and proving to auditors that every action in a complex task can be accounted for.
Defined termDORA (Digital Operational Resilience Act)
DORA is a European Union regulation requiring financial institutions to strengthen their ICT risk management, incident reporting, and third-party provider oversight. It applies to AI agent infrastructure used in financial services.
Defined termDORA (Digital Operational Resilience Act)
DORA is a European Union regulation that requires financial services firms to ensure the operational resilience of their digital systems — including AI agents — against ICT-related disruptions and cyber threats. It mandates risk management frameworks, incident reporting, testing of resilience, and governance of third-party ICT service providers. For firms deploying AI agents in financial services, DORA requires that agents be covered by the same resilience and oversight programmes as other critical digital systems.
Defined termDORA (Digital Operational Resilience Act)
DORA is an EU regulation that requires financial entities to ensure operational resilience of their ICT systems — including AI systems and AI agents used in financial services operations. It mandates risk management, incident reporting, testing, and third-party oversight requirements that directly apply to AI agent deployments in banks, insurers, and investment firms.
Defined termDPIA (AI)
A Data Protection Impact Assessment (DPIA) is a GDPR-required analysis conducted before deploying a processing activity likely to result in high risk to individuals — including AI agents that process large-scale personal data, make automated decisions, or engage in systematic monitoring. DPIAs document the data flows, purposes, risks, and mitigations for the AI deployment.
Defined termDrift Detection (Agent)
Agent drift detection monitors whether an agent's real-world behavior has diverged from its expected behavior baseline. Drift can result from model updates, prompt changes, data shifts, or tool modifications.
Defined termEdge Agent
An edge agent runs AI inference on local or edge devices rather than in centralised cloud infrastructure. Edge deployment can improve latency and data privacy but adds complexity to governance, monitoring, and version management.
Defined termEmbedding
An embedding is a numerical vector representation of text, images, or other data that captures semantic meaning. Embeddings power search, retrieval, and similarity matching in RAG-based agent systems and must be governed for data access and freshness.
Defined termEmergent Behavior
Emergent behavior is capability or conduct that appears in an AI system without being explicitly programmed or trained for. In agentic systems, emergent behavior can be beneficial (creative problem-solving) or dangerous (unexpected actions) and is difficult to predict or test for.
Defined termEnterprise AI Strategy
An enterprise AI strategy is the organisation-wide plan for how AI will be adopted, governed, and scaled to achieve business objectives. It covers the operating model for AI teams, the governance framework that applies to all deployments, the investment priorities for AI capabilities, the risk appetite that defines acceptable use, and the roadmap for building AI maturity over time. A credible AI strategy requires governance infrastructure — including agent control planes, identity systems, and audit trails — as a foundational layer.
Defined termEnvironment Promotion (Agent)
Environment promotion is the controlled process of moving an agent version from development through staging, pre-production, and production environments, with validation gates and approval requirements at each stage. It prevents unvalidated agent changes from reaching production and provides a documented chain of custody for each release.
Defined termEpisodic Memory (Agent)
Episodic memory in an AI agent is the retention of specific past events — interactions, completed tasks, or decision outcomes — that the agent can retrieve and reason about in future sessions. Unlike semantic memory, which stores general facts, episodic memory stores experiences with temporal context. It enables agents to personalise behaviour based on history but requires careful governance of what is stored and for how long.
Defined termEU AI Act
The European Union's comprehensive regulation classifying AI systems by risk level and imposing obligations on providers and deployers. High-risk AI systems must maintain detailed logs, ensure traceability, and support human oversight.
Defined termEvaluation Dataset
An evaluation dataset is a curated set of inputs and expected outputs used to measure an agent's quality, accuracy, and safety. Good evaluation datasets cover normal operations, edge cases, adversarial inputs, and compliance-sensitive scenarios.
Defined termEvaluation Harness (Agent)
An agent evaluation harness is the test infrastructure that automatically runs an agent against a suite of benchmark tasks, captures outputs, scores them against defined criteria, and generates performance reports. It is the CI layer for agent quality — running on every code or prompt change to catch regressions before they reach production. A mature evaluation harness covers accuracy, latency, cost, tool-call correctness, and safety-policy adherence.
Defined termEvaluation Pipeline
An evaluation pipeline is an automated workflow that benchmarks agent quality, accuracy, safety, and policy compliance before and after deployment. It replaces manual spot-checking with repeatable, data-driven assessment.
Defined termExecutor Agent
An executor agent is an AI agent that carries out specific, bounded actions assigned to it by an orchestrator or human operator. Unlike orchestrators, executors focus on a single task — calling an API, writing a file, querying a database — and typically operate with the minimum permissions needed for that action. Keeping executors narrowly scoped limits the blast radius of any compromise.
Defined termFew-Shot Learning
Few-shot learning is a prompting technique where a small number of examples are included in the prompt to guide the model's behavior on a specific task. It can improve consistency but also introduces governance considerations around example selection and bias.
Defined termFine-Tuning
Fine-tuning is the process of further training a pre-trained model on a domain-specific dataset to improve its performance on particular tasks. Fine-tuned models may inherit biases from the new data and should be re-evaluated for safety and compliance.
Defined termFoundation Model
A foundation model is a large AI model trained on broad data that can be adapted to many downstream tasks through fine-tuning, prompting, or tool integration. Foundation models power most modern AI agents and their governance starts with understanding their capabilities and limitations.
Defined termFundamental Rights Impact Assessment
A fundamental rights impact assessment evaluates how a high-risk AI system may affect individuals' fundamental rights — including privacy, non-discrimination, freedom of expression, and due process — before and during deployment.
Defined termGenerative AI
Generative AI refers to AI systems that create new content — text, images, code, audio, or video — rather than simply classifying or predicting from existing data. Most modern AI agents are built on generative models and inherit their capabilities and risks.
Defined termGitOps (Agent)
GitOps for AI agents is the practice of managing agent configuration, prompts, policies, and deployment definitions as code in version-controlled repositories — so that the current state of all agents in production can be reproduced from source, every change is reviewed and approved, and rollback is as simple as reverting a commit.
Defined termGolden Dataset
A golden dataset is a curated, manually validated collection of inputs and their expected correct outputs used as the authoritative reference for evaluating AI agent quality. It is used for regression testing, production readiness gates, and compliance validation. Maintaining a high-quality golden dataset requires ongoing curation effort, especially as the task domain or connected tools evolve.
Defined termGovernance API
A governance API is a programmatic interface that allows agents, orchestrators, and development tools to query policies, submit actions for approval, report events, and retrieve compliance status from a central governance platform.
Defined termGovernance Automation
Governance automation is the use of technology to enforce, monitor, and report on AI governance policies without manual intervention. It includes automated policy checks, real-time violation detection, compliance evidence collection, and audit report generation.
Defined termGovernance by Design
Governance by design is the principle of embedding governance controls into AI systems from the start rather than adding them after deployment. It means identity, policy enforcement, audit logging, and human oversight are architectural requirements, not afterthoughts.
Defined termGovernance Event
A governance event is a logged record of a policy evaluation, violation, escalation, or override that occurred during an agent's operation. Governance events form the basis of audit trails, compliance reporting, and incident investigation.
Defined termGround Truth
Ground truth is a verified, authoritative dataset of correct answers or expected outcomes used to evaluate an AI agent's accuracy. Without reliable ground truth, it is difficult to measure whether an agent is performing as intended.
Defined termGround Truth Evaluation
Ground truth evaluation is the assessment of an AI agent's outputs against a known-correct reference dataset to measure factual accuracy, task completion, and output quality. It is the most reliable form of agent evaluation but requires investment in curating and maintaining accurate reference data. Ground truth evaluation is used for agent benchmarking, regression testing, and compliance validation in high-stakes use cases.
Defined termGroundedness
Groundedness measures whether an AI system's output is supported by its source material. A grounded response makes only claims that can be traced to the provided context — documents, tool results, retrieved data; an ungrounded response introduces unsupported claims, the precursor to hallucination. It is scored 0–1, typically by an LLM judge comparing each output claim against the source. Groundedness matters especially for agents because tool results count as context too, and multi-step agents compound ungrounded claims from one step into the inputs of the next.
Defined termGuardrail Bypass
A guardrail bypass is any technique that causes an AI agent's safety or governance controls to fail to trigger when they should — through prompt crafting, encoding tricks, indirect instruction, or exploitation of edge cases in the guardrail logic. Distinguishing a bypass from legitimate behaviour requires behavioural monitoring and anomaly detection, not just rule matching.
Defined termGuardrails
Guardrails are runtime constraints that limit what an AI agent can do, what data it can access, and how it can respond. They are designed to remain enforceable even if the agent reasons toward an unsafe action.
Defined termHallucination
A hallucination occurs when an AI model generates information that sounds plausible but is factually incorrect or fabricated. In agentic systems, hallucinated tool calls, data references, or decisions can trigger real-world consequences.
Defined termHallucination Rate
Hallucination rate is the percentage of an AI system's outputs that contain fabricated or unsupported claims, measured over a defined sample. It is calculated by scoring outputs for groundedness — by LLM judge, human review, or both — and dividing flagged outputs by total outputs. Production teams track it per agent, per version, over time, and alert when it regresses. Acceptable thresholds vary by use case: an internal copilot can tolerate a higher rate than a customer-facing or regulated agent, where even low single-digit rates may be unacceptable.
Defined termHIPAA (AI Agents)
HIPAA is the US healthcare privacy law that requires covered entities and their business associates to protect protected health information (PHI). AI agents that access or process patient data are business associates under HIPAA and must implement appropriate access controls, audit logging, encryption, and breach notification procedures.
Defined termHIPAA (Health Insurance Portability and Accountability Act)
A U.S. regulation that establishes standards for protecting sensitive patient health information. AI agents operating in healthcare must ensure that protected health information (PHI) is accessed, transmitted, and stored securely.
Defined termHuman Evaluation
Human evaluation is the process of having people assess an AI agent's outputs for quality, accuracy, helpfulness, and safety. It captures nuances that automated metrics miss and is essential for validating agents that handle subjective or high-stakes tasks.
Defined termHuman Oversight
Human oversight is the ability of designated individuals to monitor, intervene in, and override an AI system's decisions or actions. The EU AI Act mandates human oversight for high-risk AI systems, and it is a core principle of responsible agent governance.
Defined termHuman Preference Annotation
Human preference annotation is the process of collecting human judgements — typically choosing between two model outputs or rating quality on a scale — to measure subjective dimensions of agent quality that automated metrics cannot capture, such as tone, helpfulness, and trustworthiness. Annotation data is used to evaluate agents, fine-tune models, and calibrate automated scoring systems.
Defined termHuman-in-the-Loop (HITL)
Human-in-the-loop is a control pattern in which selected agent actions require explicit review or approval by a person before execution. It is commonly used for high-risk actions such as data deletion, financial changes, or external communications.
Defined termHuman-in-the-Loop (HITL)
Human-in-the-loop is a governance pattern where an AI agent pauses and routes a decision or action to a human reviewer before continuing. It is used when the stakes are too high for fully autonomous execution — such as actions with financial, legal, or safety implications — and ensures a person can approve, modify, or reject what the agent intends to do.
Defined termIndirect Prompt Injection
Indirect prompt injection is an attack where malicious instructions are embedded in data the agent retrieves — such as documents, emails, or web pages — rather than in the user's direct input. It is one of the hardest agent threats to defend against.
Defined termInference
Inference is the process of running input data through a trained AI model to produce an output — a prediction, classification, or generated text. In agentic systems, every inference call has cost, latency, and governance implications.
Defined termInference Cost
Inference cost is the financial cost of running a language model to generate a completion — calculated from the number of input and output tokens multiplied by the model provider's per-token pricing. In production agent deployments, inference cost is often the dominant operational expense and must be tracked per agent, per task, and per team to enable budget accountability, cost attribution, and optimisation decisions.
Defined termInference-Time Attack
An inference-time attack targets an AI agent during its operational phase — manipulating inputs, injecting content into tool outputs, or exploiting model weaknesses to produce attacker-controlled results. Unlike training-time attacks, inference-time attacks can be carried out by anyone with access to the agent's input channels.
Defined termInfrastructure as Code (AI)
Infrastructure as code for AI defines agent deployment environments, model endpoints, governance integrations, and monitoring pipelines in version-controlled configuration files. It enables reproducible, auditable, and consistent agent infrastructure.
Defined termInstruction Tuning
Instruction tuning is a fine-tuning technique that trains a model to follow natural language instructions more reliably. It is a key step in making base models useful as agents, but instruction-following can be exploited by adversarial prompts.
Defined termInteroperability (Agent)
Agent interoperability is the ability of agents built by different teams, vendors, or frameworks to exchange tasks and results in a consistent way.
Defined termISO 42001
ISO 42001 is the international standard for AI management systems, published in 2023. It provides a framework for organisations to establish, implement, maintain, and continually improve responsible AI practices — covering risk management, governance, transparency, and accountability. It is to AI what ISO 27001 is to information security.
Defined termJWT Issuer (iss) Claim (Agent)
The JWT issuer claim identifies the authorization server or identity provider that issued the token. Receivers use it to check that the token came from a trusted issuer.
Defined termKill Switch
An emergency mechanism that immediately terminates an agent's access and halts its operations. Essential for incident response when an agent exhibits anomalous or dangerous behavior.
Defined termKnowledge Base
A knowledge base is a structured or unstructured collection of information that an AI agent can search and retrieve from to inform its responses. Governance includes controlling what content enters the knowledge base, who can modify it, and which agents can query it.
Defined termLarge Language Model (LLM)
A large language model is a neural network trained on vast amounts of text data that can generate, summarise, translate, and reason about natural language. LLMs are the foundation of most agentic AI systems and their behavior is shaped by training data, fine-tuning, and prompting.
Defined termLLM Gateway
An LLM gateway is a centralised proxy that sits between AI agents and foundation model APIs, providing a single point for authentication, rate limiting, cost tracking, content filtering, and audit logging across all model interactions. It allows organisations to enforce consistent governance policies regardless of which model provider or API an agent uses, and to switch model providers without changing agent code.
Defined termLLM-as-a-Judge
LLM-as-a-judge is an evaluation technique where one language model scores another model's outputs against criteria you define — correctness, groundedness, tone, task completion. It makes evaluation scalable: instead of humans reviewing every output, a judge model scores thousands per hour, with humans auditing a sample to keep the judge honest. Judge models carry known biases — position bias, verbosity bias, and self-preference — which are mitigated with structured rubrics, randomised orderings, and regular calibration against human spot checks. For agents, judges can score whole trajectories and tool calls, not just final answers.
Defined termLLM-as-Judge
LLM-as-judge is an evaluation technique where a language model scores or ranks another model's outputs. It enables scalable quality assessment but introduces its own biases and requires calibration against human judgments.
Defined termLLM-as-Judge
LLM-as-judge is an evaluation technique where a separate language model — typically a capable model like GPT-4 or Claude — is used to score the outputs of an agent being evaluated. It enables scalable, automated assessment of subjective output qualities such as coherence, completeness, and tone that would otherwise require human annotators.
Defined termLong-Term Memory (Agent)
Long-term memory in an AI agent system is persistent storage that survives across individual tasks and sessions, allowing agents to recall facts, preferences, and past interactions over time. It is typically implemented using vector databases or key-value stores. Long-term memory raises governance questions about data retention, privacy consent, accuracy of stored facts, and the right to erasure.
Defined termMCP (Model Context Protocol)
Model Context Protocol (MCP) is an open protocol for connecting AI applications and agents to external tools, data sources, and services through a standard interface. It gives clients a consistent way to discover capabilities, call tools, and exchange context with MCP servers. Because MCP lets agents take real actions, teams pair it with continuous evaluation and monitoring of what MCP-powered agents actually do in production.
Defined termMCP (Model-Context-Protocol) Authentication
MCP authentication is the process of verifying the identity of an MCP client, server, user, or delegated agent before any tools, resources, or prompts are exchanged. It usually relies on standard identity systems such as OAuth or OIDC rather than shared static secrets.
Defined termMCP Authorization
MCP authorization is the process of determining what an authenticated MCP client or agent is permitted to do once its identity has been verified. It governs which tools can be called, which resources can be read, and which sampling requests can be made — typically enforced through OAuth 2.1 scopes and server-side policy rules that are evaluated per request.
Defined termMCP Capability Negotiation
MCP capability negotiation is the handshake process that occurs when an MCP client and server first connect, during which they exchange supported protocol versions and feature sets. It ensures both sides operate on compatible capabilities and allows servers to advertise optional features — such as sampling support or resource subscriptions — that clients can choose to use.
Defined termMCP Capability Negotiation
MCP capability negotiation is the handshake process between an MCP client and server at connection time where each side declares which features and protocol versions it supports. Negotiation ensures compatibility and lets clients and servers gracefully handle each other's capabilities without hard-coding version assumptions.
Defined termMCP Client
An MCP client is the part of an AI application or host environment that connects to MCP servers, authenticates, discovers available capabilities, and invokes tools on behalf of a user or agent workflow.
Defined termMCP Gateway
An MCP gateway is a centralized proxy or control layer that sits in front of MCP servers to enforce authentication, authorization, rate limiting, and policy rules on every agent tool call. It gives security and platform teams a single enforcement point across all MCP-connected agents and tools without requiring changes to each individual server.
Defined termMCP Marketplace
An MCP marketplace is a curated directory of publicly available MCP servers and tools — allowing AI developers to discover, evaluate, and integrate third-party capabilities. For enterprise governance, any MCP server sourced from a marketplace must be assessed for security, data handling, and permission requirements before deployment.
Defined termMCP Poisoning
MCP poisoning is an attack where a malicious MCP server embeds hidden instructions inside tool descriptions, resource content, or prompt templates that manipulate a connected AI agent into taking unintended actions. Unlike direct prompt injection, MCP poisoning exploits the trust an agent places in server-provided metadata, making it difficult to detect without schema validation and content filtering at the gateway layer.
Defined termMCP Prompt Template
An MCP prompt template is a reusable, parameterised message sequence that an MCP server exposes to clients. Templates allow servers to define standardised workflows — such as a code review or summarisation task — that clients can invoke with specific inputs, keeping the prompt logic server-side rather than embedded in each client.
Defined termMCP Resource
An MCP resource is a piece of data or content — such as a file, database record, or API response — that an MCP server exposes to AI clients for reading. Resources are distinct from tools (which trigger actions) and allow agents to retrieve context without executing side effects, making them useful for read-only data access with controlled visibility.
Defined termMCP Resource URI
An MCP resource URI is a stable identifier for a data resource — such as a document, database record, or API response — that an MCP server exposes for agents to read. Resource URIs allow agents to reference specific pieces of context by address rather than embedding full content in every request.
Defined termMCP Roots
MCP roots are a security mechanism by which an MCP client declares the filesystem paths or resource namespaces that it consents to share with a connected MCP server. Roots implement a form of capability-based access control — limiting what resources a server can request or read, even if the client has broader system access.
Defined termMCP Sampling
MCP sampling is a capability that allows MCP servers to request model completions from the connected AI client. It enables servers to use the client's language model for tasks like summarisation or classification during a tool call, while keeping the human in control of which model is used and what prompts are submitted. Sampling requests must be reviewed and approved by the client before execution.
Defined termMCP Sampling
MCP sampling is the mechanism by which an MCP server asks the connected AI client to perform an LLM inference call on its behalf, enabling server-side agentic patterns without the server having direct access to a model. Sampling requests must be governed because they allow servers to influence model behaviour and inject content into the agent's reasoning context.
Defined termMCP Security
MCP security is the discipline of protecting Model Context Protocol deployments from authentication bypass, privilege escalation, prompt injection via tool responses, and unauthorized data access. It encompasses gateway controls, token scoping, audit logging, and runtime threat detection for agent-to-tool communication.
Defined termMCP Server
An MCP server is the service that exposes tools, resources, and prompts to AI clients through the Model Context Protocol. It is responsible for authentication, authorization, tool execution, and audit-friendly logging of agent interactions.
Defined termMCP Server Discovery
MCP server discovery is the process by which an AI client or agent learns which MCP servers are available, what capabilities they expose, and how to connect to them. Discovery can be static (pre-configured server lists), dynamic (registry-based lookups), or marketplace-driven. Governance teams need visibility into which servers agents are allowed to discover and connect to.
Defined termMCP Server Registry
An MCP server registry is a catalogued inventory of available MCP servers within an organisation — recording each server's endpoint, supported tools, required permissions, and governance status. A registry enables agents to discover and connect to approved MCP servers dynamically and allows operators to enforce a whitelist of authorised servers.
Defined termMCP Tool Approval
MCP tool approval is the governance process of reviewing and authorising individual MCP server tools before an agent is allowed to invoke them. It ensures that each tool's data access, side effects, and security implications are understood and accepted.
Defined termMCP Tool Definition
An MCP tool definition is the machine-readable schema that describes a capability an MCP server exposes to AI clients — including the tool's name, description, input parameters, and type constraints. Clients use tool definitions to understand what actions are available and to construct valid call payloads. Poorly specified tool definitions are a common source of misuse and prompt injection vulnerabilities.
Defined termMCP Tool Schema
An MCP tool schema is the machine-readable definition of a tool's input parameters, output format, description, and metadata published by an MCP server. Agents use tool schemas for automatic tool selection and parameter generation; operators use them to assess what an agent is capable of doing and what data it will process.
Defined termMCP Transport
MCP transport is the communication channel used to carry messages between an MCP client and server. The two standard transports are stdio (standard input/output, used for local processes) and HTTP with Server-Sent Events (used for remote servers). Transport selection affects latency, deployment topology, and the security controls required to protect message integrity and confidentiality.
Defined termMCP Version Pinning
MCP version pinning is the practice of specifying a fixed protocol version when connecting to an MCP server rather than accepting the latest version automatically. Pinning prevents unexpected behaviour changes from server-side protocol upgrades and is a governance best practice for production agent deployments.
Defined termMessage (A2A)
A message in A2A is a single exchange between agents within a task. It carries the content, sender role, and any metadata needed to continue the workflow.
Defined termMiFID II (AI Agents)
MiFID II is the EU regulatory framework for financial markets that imposes requirements on automated decision-making in investment services. AI agents that support or make investment decisions must be able to demonstrate explainability, maintain complete audit trails, and operate within strict governance controls to satisfy MiFID II obligations.
Defined termMITRE ATLAS
MITRE ATLAS (Adversarial Threat Landscape for Artificial-Intelligence Systems) is a knowledge base of adversarial tactics, techniques, and case studies for AI systems — analogous to MITRE ATT&CK for traditional cybersecurity. It provides a structured framework for threat modelling AI agent deployments and identifying which attacks are most relevant to a given system.
Defined termMixture of Experts (MoE)
Mixture of Experts is a model architecture that routes each input to a subset of specialised sub-networks rather than processing through the entire model. MoE enables larger, more capable models with lower inference cost.
Defined termMLOps
MLOps (Machine Learning Operations) is the discipline of deploying, monitoring, and managing machine learning models in production. For agentic AI, MLOps extends to managing prompts, tools, policies, and multi-model orchestration alongside traditional model lifecycle.
Defined termMLOps Engineer
An MLOps engineer builds and operates the infrastructure for training, evaluating, deploying, and monitoring machine learning models and AI agents at scale. They own the agent CI/CD pipeline, model registry, evaluation harness, and observability stack — the technical backbone of operational AI governance.
Defined termModel Card
A model card is a standardised document that describes a model's intended use, training data, performance benchmarks, known limitations, and ethical considerations. It helps downstream teams assess whether a model is appropriate for their agent use case.
Defined termModel Card
A model card is a standardised documentation format for an AI model that discloses its intended use, performance benchmarks, known limitations, training data, evaluation methodology, and ethical considerations. Model cards help operators assess whether a foundation model is appropriate for their use case and what governance controls are warranted.
Defined termModel Context Protocol (MCP)
The Model Context Protocol (MCP) is an open standard developed by Anthropic that defines how AI agents and applications connect to external tools, data sources, and services. MCP standardises the interface between AI clients and MCP servers, enabling consistent tool discovery, invocation, and context exchange across different agents and frameworks. See also: MCP Authentication, MCP Gateway, MCP Security.
Defined termModel Distillation
Model distillation is the process of training a smaller, faster model to replicate the behavior of a larger model. Distilled models can reduce cost and latency for agent deployments but may lose nuance, which requires re-evaluation for safety and accuracy.
Defined termModel Drift
Model drift is the gradual change in a model's behavior or output quality over time, often caused by shifts in input data, fine-tuning updates, or upstream model provider changes. Continuous monitoring is needed to detect it early.
Defined termModel Endpoint
A model endpoint is the API address where an AI model accepts inference requests. Governance controls at the endpoint level include authentication, rate limiting, request logging, and routing based on compliance requirements.
Defined termModel Factsheet
A model factsheet is a structured document that describes a model's intended use, training methodology, performance characteristics, known limitations, and ethical considerations. It extends the model card concept with operational and governance metadata.
Defined termModel Governance
Model governance is the set of controls that manage the selection, approval, deployment, monitoring, and retirement of AI models used within an organisation. It ensures models meet quality, safety, and compliance standards before reaching production.
Defined termModel Lifecycle Management
Model lifecycle management governs an AI model from selection or training through deployment, monitoring, updating, and eventual retirement. It ensures that models remain fit for purpose and compliant throughout their operational life.
Defined termModel Repository
A model repository is a versioned store for AI models, their metadata, evaluation results, and deployment history. It provides a single source of truth for which models are approved, where they are deployed, and how they have changed over time.
Defined termModel Risk Management
Model risk management is the discipline of identifying, measuring, and mitigating the risks that arise from using quantitative models — including AI models — for business decisions. It is well-established in financial services and expanding to AI agent governance.
Defined termModel Risk Manager
A model risk manager oversees the identification, assessment, and mitigation of risks arising from the use of quantitative and AI models in business decisions. In financial services, model risk management is a regulatory requirement — with AI agents increasingly subject to the same validation, documentation, and oversight expectations as traditional analytical models.
Defined termModel Routing
Model routing directs agent requests to different language models based on task complexity, cost, latency, or compliance requirements. A governance-aware router may enforce that sensitive data only flows to approved models.
Defined termModel Serving
Model serving is the infrastructure that hosts trained AI models and handles inference requests at scale. Serving systems must balance latency, throughput, cost, and availability while supporting governance requirements like logging and access control.
Defined termModel Validation
Model validation is the independent verification that an AI model performs as expected across accuracy, fairness, robustness, and safety benchmarks. In regulated industries, validation is often performed by a team separate from the model developers.
Defined termMulti-Agent Collaboration
Multi-agent collaboration is when multiple agents cooperate on one outcome by sharing tasks, context, or results. It is useful when no single agent should own the whole workflow.
Defined termMulti-Agent System
A multi-agent system is an architecture in which multiple AI agents collaborate or compete to complete tasks that are too complex for a single agent. Agents may act as orchestrators, specialists, critics, or executors — passing context, delegating sub-tasks, and aggregating results. Multi-agent systems require governance at both the individual agent level and at the interaction layer, where data flows, permission grants, and action chains cross agent boundaries.
Defined termMulti-Model Strategy
A multi-model strategy is the practice of using different language models for different tasks, agents, or risk levels within an organisation. It balances cost, quality, speed, and compliance — for example, routing sensitive tasks to on-premises models.
Defined termMultimodal AI
Multimodal AI refers to models that can process and generate multiple types of data — text, images, audio, video, and code — within a single system. Each modality introduces distinct governance, privacy, and safety considerations.
Defined termNIST AI Risk Management Framework (AI RMF)
A voluntary framework from the U.S. National Institute of Standards and Technology that helps organizations manage risks associated with AI systems across their lifecycle, covering governance, mapping, measuring, and managing AI risks.
Defined termNYDFS Cybersecurity Regulation (AI)
The NYDFS Cybersecurity Regulation (Part 500) requires New York financial services companies to implement risk-based cybersecurity programs. AI agents that access systems covered by the regulation must be governed under the firm's cybersecurity program — with access controls, audit logging, and incident response plans that cover AI-specific threats.
Defined termOAuth 2.0 (Open Authorization 2.0)
An industry-standard protocol for authorization that allows a third-party application to obtain limited access to a user's protected resources on an HTTP service, without exposing the user's long-term credentials.
Defined termOIDC (OpenID Connect)
An authentication layer built on top of OAuth 2.0. OIDC allows clients to verify the identity of the end-user based on the authentication performed by an authorization server, as well as to obtain basic profile information about the end-user.
Defined termOn-Premises AI
On-premises AI refers to AI models and agent infrastructure hosted within an organisation's own data centers rather than in the public cloud. It provides greater control over data residency, latency, and security but requires more operational investment.
Defined termOpenTelemetry (AI Agents)
OpenTelemetry is the open-source observability standard for collecting, correlating, and exporting metrics, logs, and traces from distributed systems. Applied to AI agents, it provides a vendor-neutral way to capture tool calls, model latency, token usage, and decision traces — enabling portability of observability data across governance platforms and monitoring backends.
Defined termOrchestrator Agent
An orchestrator agent is an AI agent responsible for coordinating other agents in a multi-agent workflow — decomposing a high-level goal into sub-tasks, assigning them to specialist agents, managing dependencies between tasks, and aggregating results. Orchestrators typically hold elevated permissions compared to the agents they direct, making their governance — identity, policy binding, and audit trail — especially critical.
Defined termOWASP Top 10 for LLM Applications
The OWASP Top 10 for Large Language Model Applications is a community-developed list of the most critical security risks in LLM-based systems — including prompt injection, insecure output handling, training data poisoning, and excessive agency. It is widely used as a baseline for AI agent security assessments and architecture reviews.
Defined termPlanning Loop
A planning loop is the iterative cycle in which an agent breaks a goal into subtasks, selects tools or actions, executes them, evaluates the result, and re-plans if needed. Governance must account for the fact that the agent's plan may change mid-execution.
Defined termPolicy Decision Point
A policy decision point evaluates a governance rule against the current context and returns an allow, deny, or conditional decision. It is separate from the enforcement point, allowing policy logic to be centralised and reused across agents.
Defined termPolicy Engine
A policy engine is the service that evaluates rules in real time and decides whether an agent action should be allowed, denied, escalated, or logged. In agent governance, those decisions are typically based on identity, context, risk, and task scope.
Defined termPost-Market Monitoring
Post-market monitoring is the ongoing surveillance of an AI system after deployment to detect performance degradation, emerging risks, or adverse outcomes. It is a regulatory requirement for high-risk AI systems under the EU AI Act.
Defined termPre-Training
Pre-training is the initial phase of model development where a large language model learns language patterns, knowledge, and reasoning from vast amounts of text data. Pre-training determines a model's base capabilities and embedded biases.
Defined termPrompt Engineering
Prompt engineering is the practice of designing and refining the instructions given to a language model to elicit desired behavior. In governed systems, prompts should be version-controlled, tested, and reviewed because they directly shape agent actions.
Defined termPrompt Fuzzing
Prompt fuzzing is an automated testing technique that generates large volumes of varied, unexpected, or adversarial inputs to discover edge cases and vulnerabilities in an AI agent's behavior. It helps find failure modes that structured testing misses.
Defined termPrompt Injection
An attack where malicious instructions are embedded in data that an AI agent processes, causing it to deviate from its intended behavior. This can lead to unauthorized data access, tool misuse, or policy bypasses.
Defined termPrompt Management
Prompt management is the versioned storage, testing, and governance of the prompts and system instructions used by AI agents. Changes to prompts can materially alter agent behavior, so they should be reviewed, approved, and logged.
Defined termPrompt Registry
A prompt registry is a versioned store of all system prompts, user prompt templates, and prompt chains used across an organisation's AI agents. It enables governance review, change tracking, rollback, and consistency across agent deployments.
Defined termPrompt Regression Testing
Prompt regression testing is the practice of re-running a fixed set of evaluation cases against an AI agent every time a prompt, model, or tool configuration changes — to catch quality or safety regressions before they reach users. It is the agent equivalent of unit tests for code: fast, automated, and run on every change.
Defined termPrompt Version Control
Prompt version control is the practice of treating AI prompts as first-class software artefacts — storing them in version control systems, tracking changes with commit messages, enabling branching and merging, and associating each prompt version with its evaluation results. It is foundational to reproducible agent behaviour and auditability of prompt-level changes.
Defined termQuality Gate (AI)
A quality gate is an automated evaluation checkpoint that an AI agent's output must pass before it is delivered to an end user or triggers a downstream action. Quality gates test outputs against criteria such as factual accuracy, format compliance, content policy, PII presence, and response completeness. Agents that fail a quality gate can be automatically retried, routed to a human reviewer, or have their output suppressed.
Defined termRAG (Retrieval-Augmented Generation)
An architecture pattern where an AI agent retrieves relevant information from external knowledge sources before generating a response. Requires careful access control to ensure the agent only retrieves data it is authorized to see.
Defined termReAct Pattern
ReAct (Reasoning + Acting) is an agent architecture pattern where the model alternates between reasoning about what to do next and taking an action such as calling a tool. The loop continues until the task is complete or a stopping condition is met.
Defined termReflection
Reflection is an agent capability where the model evaluates its own output or reasoning before returning a final answer. It can catch errors, improve quality, and reduce hallucination — but adds latency and token cost.
Defined termReflection Agent
A reflection agent is an AI agent that critiques and revises its own outputs before returning a final result. After completing an initial draft or action plan, the agent re-evaluates it against quality criteria or constraints and iterates until the output meets the required standard. Reflection improves accuracy and reduces hallucination but increases token consumption and latency.
Defined termRegression Detection (Agent)
Regression detection for AI agents is the monitoring of quality and performance metrics over time to identify when a previously acceptable agent has begun producing worse outputs — due to model drift, data distribution shifts, prompt degradation, or changes in connected tools. Automated regression detection prevents gradual quality decline from going unnoticed until it causes significant user impact or compliance failures.
Defined termRegression Testing (Agent)
Agent regression testing verifies that changes to a model, prompt, tool, or policy have not degraded the agent's performance on previously passing test cases. It is a critical step in every agent deployment pipeline.
Defined termResponsible AI Lead
A responsible AI lead is the organisational role accountable for defining and operationalising responsible AI principles across AI projects and agent deployments. The role bridges technical, policy, and business functions to ensure that ethical considerations, bias mitigation, transparency, and accountability are built into AI systems from the start.
Defined termResponsible AI Officer
A responsible AI officer is a senior role accountable for an organisation's AI ethics, governance, and compliance strategy. The role bridges technical teams, legal, compliance, and executive leadership.
Defined termResponsible AI Principles
Responsible AI principles are the ethical commitments an organisation makes about how it will develop and deploy AI systems — covering values such as fairness, transparency, accountability, privacy, and safety. Principles provide the normative foundation for AI governance: they define what the organisation is trying to achieve, and governance controls are the mechanisms that make those commitments enforceable in practice.
Defined termResponsible AI Standard (Microsoft)
Microsoft's Responsible AI Standard is an internal framework of principles and requirements for building AI systems responsibly — covering fairness, reliability, privacy, inclusiveness, transparency, and accountability. It is a widely studied example of an enterprise responsible AI framework and influences similar standards at other organisations.
Defined termRetrieval Agent
A retrieval agent is an agent specialised in searching, filtering, and returning information from knowledge bases, databases, or APIs. It typically operates with read-only permissions and feeds context to other agents in the workflow.
Defined termRetrieval Poisoning
Retrieval poisoning is an attack that corrupts the external data sources an agent retrieves from — such as knowledge bases, vector stores, or document repositories — to manipulate the agent's behavior through its RAG pipeline.
Defined termRisk Scoring
Risk scoring assigns a numeric or categorical value to an AI system based on its inherent risk factors, control effectiveness, and operational context. Scores drive automated governance decisions like approval routing, monitoring intensity, and audit frequency.
Defined termRLHF (Reinforcement Learning from Human Feedback)
RLHF is a training technique that refines a model's behavior using human preference judgments. It is commonly used to make models more helpful, honest, and harmless — but the quality of alignment depends on the diversity and accuracy of the feedback.
Defined termRole-Based Access Control (RBAC) for Agents
RBAC for agents grants permissions based on assigned roles rather than on individual rules per request. It is useful for broad access patterns but can be too coarse on its own for high-risk agent actions.
Defined termRug Pull Attack (MCP)
A rug pull attack in the MCP context is when a tool or server initially presents benign behaviour to gain user approval and trust, then silently changes its functionality after being whitelisted to perform malicious actions. Because most clients cache tool descriptions after first approval, the updated malicious behaviour goes undetected. Defences include re-validation of tool schemas on each connection, content-addressed tool pinning, and runtime behavioural monitoring.
Defined termRuntime Policy
A runtime policy is a governance rule that is evaluated and enforced while an AI agent is actively executing, rather than at deployment time. Runtime policies respond to real-time context — the data being accessed, the current risk score, the identity making the request — and can block, throttle, log, or escalate actions without requiring a redeployment.
Defined termSCIM (System for Cross-domain Identity Management)
An open standard protocol for automating the provisioning and de-provisioning of user identities across systems. Ensures that when an employee leaves an organization, their associated agent access is also revoked.
Defined termSemantic Context
Semantic context is context enriched with meaning, relationships, or labels rather than raw values alone. It helps agents interpret what data represents, not just what the data says.
Defined termSemantic Memory (Agent)
Semantic memory in an AI agent is the storage of general world knowledge, domain facts, and declarative information that the agent can retrieve when needed. It is typically populated via retrieval-augmented generation from a vector database and supplements the agent's base model knowledge with organisation-specific or up-to-date information. Governance must ensure that semantic memory stores contain accurate, approved, and appropriately classified content.
Defined termShadow Agent
An AI agent deployed within an organization without the knowledge or approval of security or IT teams. Shadow agents create ungoverned access paths to sensitive systems and data, similar to shadow IT. Discovering, evaluating, and monitoring shadow agents is the first step to governing every agent in your estate.
Defined termShadow AI
Shadow AI refers to AI tools, models, or agents used within an organisation without the knowledge or approval of IT, security, or governance teams. Shadow AI creates unmanaged risk because these systems bypass standard controls and monitoring.
Defined termShadow Testing (Agent)
Shadow testing runs a new agent version in parallel with the production version on real traffic, capturing its outputs without serving them to end users. It enables direct comparison of new vs. old agent behaviour on production inputs before a live release, dramatically reducing the risk of deploying an agent that performs well on benchmarks but poorly in production.
Defined termShared Services (AI)
A shared services model for AI centralises common agent infrastructure — identity management, evaluation harnesses, deployment pipelines, governance controls, and monitoring — and offers them as internal services to product teams. It reduces duplication, enforces consistent governance, and accelerates safe agent deployment across the organisation.
Defined termShort-Term Memory (Agent)
Short-term memory in an AI agent is task-scoped storage that persists across the steps of a single execution but is discarded when the task ends. It allows agents to track intermediate results, tool outputs, and decision history within a workflow without permanently retaining that data. Governance controls on short-term memory typically focus on what can be logged and whether it is cleared at task completion.
Defined termSidecar Pattern (Agent)
The sidecar pattern deploys a governance or observability agent as a co-located process alongside the main AI agent, intercepting its calls to inject logging, policy enforcement, or telemetry without modifying the agent's code. It is a common pattern for retrofitting governance onto agents that cannot be modified directly.
Defined termSOC 2 (Service Organization Control 2)
An auditing framework that evaluates how a service organization manages customer data based on five Trust Service Criteria: security, availability, processing integrity, confidentiality, and privacy. Increasingly required for SaaS and agent platforms.
Defined termSOC 2 Type II
SOC 2 Type II is an independent audit report that evaluates whether a service organisation's controls around security, availability, processing integrity, confidentiality, and privacy were operating effectively over a defined observation period — typically six to twelve months. Unlike SOC 2 Type I, which assesses design at a point in time, Type II assesses operating effectiveness over time. AI platforms and agent governance tools are increasingly required by enterprise customers to hold SOC 2 Type II certification.
Defined termSOX (AI Controls)
SOX, the Sarbanes-Oxley Act, requires US public companies to maintain internal controls over financial reporting. AI agents used in financial reporting, forecasting, or audit processes must be subject to controls that ensure accuracy, integrity, and an auditable trail of AI-influenced decisions.
Defined termSpend Alert
A spend alert is a notification triggered when an AI agent's resource consumption crosses a predefined threshold — such as a percentage of its budget, a rate-per-hour limit, or an absolute spend ceiling. Alerts give teams early warning before costs escalate and create an audit record of when anomalies were detected and how they were resolved.
Defined termStreaming (A2A)
Streaming in A2A is the delivery of partial results and status updates while a task is still running. It lets clients show progress or react before the final result is complete.
Defined termStress Testing (Agent)
Agent stress testing evaluates how an AI agent performs under extreme conditions — high request volumes, very long inputs, rapid tool call sequences, or resource constraints. It reveals breaking points and informs capacity planning and governance thresholds.
Defined termSub-Agent
A sub-agent is an agent spawned by a parent agent to handle a specific subtask. Sub-agents should inherit scoped-down permissions from their parent and report results back through a defined interface.
Defined termSupervisor Agent
A supervisor agent is a higher-level agent that delegates subtasks to worker agents, monitors their progress, and decides when to intervene, retry, or escalate. It often holds broader permissions than the workers it manages.
Defined termSupply Chain Risk (AI)
AI supply chain risk arises from dependencies on external models, data sources, APIs, tools, and libraries that are outside the organisation's direct control. A vulnerability or change in any upstream component can affect agent safety and compliance.
Defined termSwarm Architecture
A swarm architecture is a multi-agent design where many lightweight agents operate in parallel on related subtasks with minimal central coordination. It trades tight control for throughput and resilience.
Defined termSybil Attack (Multi-Agent)
A sybil attack in a multi-agent system creates many fake or compromised agent identities to gain disproportionate influence over collective decisions, reputation systems, or resource allocation. Governing multi-agent systems requires strong identity verification to prevent sybil manipulation.
Defined termSystem Prompt
A system prompt is the set of instructions given to a language model that defines the agent's role, behavior, constraints, and personality. Changes to system prompts can fundamentally alter agent behavior and should be governed like code changes.
Defined termTask Agent
A task agent is designed to complete a specific, well-defined job — such as processing an invoice, triaging a support ticket, or generating a report — then return the result. Task agents are typically easier to govern than open-ended agents.
Defined termTask Management (A2A)
Task management in A2A is the lifecycle for a unit of work shared between agents. It tracks task creation, status updates, messages, artifacts, and completion.
Defined termTelemetry Pipeline (Agent)
A telemetry pipeline for AI agents is the infrastructure that collects, processes, and routes observability data — logs, metrics, and traces — from agents to storage and analysis systems. A well-designed pipeline ensures that governance-critical events are captured reliably, enriched with identity and policy context, and delivered to the right destinations with minimal latency and data loss.
Defined termToken
A token is the basic unit of text that a language model processes — typically a word, subword, or character. Token counts determine model input limits, output length, and cost. Governance includes monitoring and budgeting token consumption.
Defined termToken Economics
Token economics is the practice of tracking, budgeting, and optimising the token consumption of AI agents across models and tasks. It includes cost attribution, per-agent budgets, and alerts when usage exceeds thresholds.
Defined termToken Lifetime/Expiration (exp Claim)
Token lifetime is the period a token remains valid before it expires. Short lifetimes reduce risk, but they require reliable renewal logic.
Defined termToken Usage Tracking
Token usage tracking is the monitoring of how many tokens an AI agent consumes across model calls, tasks, and time periods. It supports cost governance, budget enforcement, and anomaly detection — a sudden spike in token usage can indicate a runaway agent, a prompt injection attack, or an inefficient workflow that needs optimisation.
Defined termTool Poisoning
An attack where a malicious MCP tool impersonates a legitimate service or injects hidden instructions into its responses, manipulating agent behavior without the user's knowledge.
Defined termTool Registry
A tool registry is a centralised catalogue of the tools, APIs, and MCP servers that AI agents are approved to use within an organisation. It records each tool's name, description, owner, risk classification, and access policy, and acts as the authoritative source for which tools agents are permitted to call. A governed tool registry prevents agents from connecting to unapproved or shadow integrations.
Defined termTool Substitution Attack
A tool substitution attack replaces a legitimate MCP server or tool with a malicious one that mimics the expected interface but performs additional harmful actions — such as exfiltrating data, logging credentials, or injecting instructions into responses. It exploits agents that authenticate to tool endpoints by name or URL rather than by cryptographic identity, making robust server authentication essential.
Defined termTool Use (Function Calling)
Tool use, or function calling, is the ability of an AI agent to call external tools, APIs, or functions to complete a task. In governed systems, every tool call should be scoped, authenticated, and logged.
Defined termTotal Cost of Ownership (AI)
The total cost of ownership for AI includes model licensing or API costs, compute infrastructure, data preparation, integration, governance tooling, monitoring, and the human effort to maintain and oversee agents in production.
Defined termTrace (Agent)
A trace is the end-to-end record of an agent's execution for a single request — including every reasoning step, tool call, API response, policy check, and token count. Traces are the foundation of agent debugging and audit.
Defined termTrace Context
Trace context is the metadata — typically a trace ID and span ID — that is propagated alongside a request as it moves through an agent system, enabling all the operations triggered by that request to be linked into a single distributed trace. Consistent trace context propagation is a prerequisite for distributed tracing and is standardised by the W3C Trace Context specification.
Defined termValue Alignment
Value alignment is the challenge of ensuring an AI agent's actions are consistent with the values and preferences of the humans it is meant to serve — not just technically correct but substantively beneficial. It is broader than goal specification and includes handling value uncertainty, preference learning, and conflicts between different stakeholders' values.
Defined termVector Database
A vector database stores and indexes high-dimensional embeddings for fast similarity search. It is a core component of RAG-based agent architectures and must be governed for access control, data freshness, and query auditing.
Defined termWatermarking (AI)
AI watermarking is the practice of embedding imperceptible signals into AI-generated content to indicate its origin. Watermarks help distinguish AI-generated text, images, or audio from human-created content and support provenance tracking.
Defined termWebhook (Agent Trigger)
A webhook is an HTTP callback used to trigger an AI agent in response to events in external systems — such as a new ticket, a payment, or a calendar event. Webhooks must be authenticated (typically with HMAC signatures) to prevent unauthorised actors from triggering agent actions by sending spoofed events.
Defined termZero-Shot Learning
Zero-shot learning is when a model performs a task it was not explicitly trained or given examples for, relying solely on its pre-trained knowledge and the task instruction. Agent governance must account for the higher unpredictability of zero-shot performance.
No glossary terms matched that search.
