Glossary
Shared terminology for AI security and compliance operations.
Key takeaways
- This glossary gives engineering and security teams shared definitions for policy, incident reports, audit responses, and board materials.
- Core inventory terms include the AI system register, control catalog, and evidence map that ties controls to stored proof.
- Risk vocabulary covers residual risk (what remains after controls) versus risk appetite (what leadership will accept).
- Operational terms span prompt injection, tool calling, human-in-the-loop approval, data minimization, and break-glass access.
Terms
| Term | Meaning |
|---|---|
| AI system register | Inventory of AI features, models, tools, vendors, owners, and risk class |
| Control catalog | List of security controls mapped to risks and evidence |
| Evidence map | Where proof of each control is stored and how often it is refreshed |
| Prompt injection | Attack that uses text input or retrieved content to alter model behavior |
| Residual risk | Risk remaining after controls are applied |
| Risk appetite | Amount and type of risk leadership is willing to accept |
| Tool calling | Model-driven invocation of external functions, APIs, or actions |
| Human-in-the-loop | Human approval or review before risky action is completed |
| Data minimization | Reducing data exposure to what the task actually needs |
| Break-glass access | Emergency privileged access with strict logging and review |
Usage
Use this glossary when writing policy, incident reports, audit responses, and board materials so engineering and security teams use the same language.