[Glossary]
The language of AI security.
60 plain-language definitions for the agent era, from agents and MCP to compliance, and how Cerbera fits into each.
AI Security
20 termsCore concepts for securing AI across every surface.
- Agent
- Software that uses an AI model to plan and take actions on your behalf, calling tools, reading data, and chaining steps with limited human oversight.
- Agentic AI
- AI that acts autonomously toward a goal. Because it reads, calls tools, and takes actions, the blast radius of a mistake reaches far beyond a single chat reply.
- AI client
- Any application a person uses to reach an AI model, such as a coding assistant, a chatbot, or a browser extension.
- AI firewall
- A control point that inspects every prompt, response, and tool call in real time, then blocks or redacts anything that breaks policy.
- AI gateway
- A single layer that all AI traffic flows through so it can be inspected, governed, and logged in one place. See Transparent proxy.
- Browser AI
- AI features and chatbots used inside the web browser, where most employees interact with AI day to day, and where many point tools have no visibility.
- Coding agent
- An AI client that reads and writes code and runs commands in the IDE, CLI, or CI, such as Cursor, Claude Code, or Copilot.
- Guardrails
- Rules and filters that constrain what an AI system can receive or produce, such as blocking secrets or filtering unsafe output.
- Hallucination
- When a model produces confident output that is factually wrong or entirely fabricated.
- Large language model (LLM)
- An AI model trained on large text corpora that generates and reasons over natural language, such as GPT, Claude, or Gemini.
- MCP (Model Context Protocol)
- An open protocol that lets AI clients connect to external tools and data sources in a standard way.
- MCP server
- A service that exposes tools or data to AI clients over MCP. A rogue or over-permissioned one can inherit broad access to internal systems.
- Model
- The underlying AI that turns a prompt into a response, whether hosted, local, or embedded inside a product feature.
- Prompt
- The input sent to an AI model, including the user text, the system instructions, and any attached context.
- Retrieval-augmented generation (RAG)
- Supplying a model with relevant documents at query time so its answers are grounded in your own data.
- Redaction
- Replacing a sensitive value in a prompt, such as a secret or PII, with a placeholder before it reaches the model, so work continues without leaking data.
- Surfaces
- The places AI meets your data: models, MCP servers, the browser, and AI clients. Cerbera governs all four from one proxy.
- System prompt
- The hidden instructions that set a model's role and rules before any user input is added.
- Tool call
- When an agent invokes an external function or MCP tool to read data or take an action in the real world.
- Transparent proxy
- A proxy that inspects traffic in line with negligible latency, so users never notice it. Cerbera runs as one on the endpoint.
Threats & Risks
10 termsHow AI gets misused, and the data that leaks when it does.
- Data exfiltration
- Sensitive data leaving your control, often when an employee pastes secrets, source code, or regulated data into an AI tool.
- Indirect prompt injection
- A prompt injection hidden inside content the model later reads, such as a web page, a file, or a tool result, rather than typed by the user.
- Jailbreak
- A crafted input that bypasses a model's safety or policy restrictions to make it do something it should refuse.
- Prompt injection
- An attack that smuggles instructions into a prompt to make the model ignore its rules or take unintended actions.
- Rogue MCP server
- An unapproved or malicious MCP server that connects to AI clients and can exfiltrate data or gain access no one sanctioned.
- Secrets
- Credentials such as API keys, tokens, and passwords that must never reach an external model.
- Sensitive data exposure
- When confidential data is left accessible or sent somewhere it should not be, such as into an AI prompt or an over-permissioned tool.
- Shadow AI
- AI tools, agents, and MCP servers adopted without approval, spreading faster than any review process can track.
- Software supply chain security
- Securing the third-party code, packages, models, and MCP servers your systems depend on, including the ones an agent pulls in.
- Zero-day vulnerability
- A flaw that is exploited before a fix exists, leaving no time to patch in advance.
Security Controls
16 termsThe safeguards that keep AI usage inside the lines.
- Audit trail
- A tamper-evident record of who did what and when, used to prove controls work and to investigate incidents.
- Continuous monitoring
- Always-on checking of controls and posture so drift and new risks are caught between audits, not after them.
- Data loss prevention (DLP)
- Detecting and stopping sensitive data from leaving the organization. In the AI era this happens at the prompt level, before data reaches a model.
- Endpoint detection and response (EDR)
- Software that monitors endpoints for malicious activity and lets teams investigate and respond.
- Encryption at rest
- Protecting stored data by encrypting it so it is unreadable without the keys.
- Encryption in transit
- Protecting data as it moves across networks, typically with TLS.
- Fine-grained access control
- Deciding exactly who can use which AI, with which data, on which surface, enforced automatically by team, role, and data type.
- Identity and access management (IAM)
- The systems and policies that govern who can access what, and how identities are authenticated and authorized.
- Least privilege
- Granting each user, service, or agent only the access it needs, and nothing more.
- MDM (Mobile Device Management)
- Software for centrally deploying and configuring applications across a fleet of company devices. Cerbera deploys and removes through any MDM in one click.
- Multi-factor authentication (MFA)
- Requiring two or more independent factors to sign in, so a stolen password alone is not enough.
- Penetration testing
- An authorized simulated attack that finds exploitable weaknesses before real attackers do.
- Role-based access control (RBAC)
- Granting permissions by role rather than to individuals, so access stays consistent and easy to review.
- SIEM
- Security Information and Event Management: a platform that aggregates logs and security events to detect and investigate threats. Cerbera streams AI signals to your SIEM.
- Vulnerability scanning
- Automated checks that find known weaknesses in systems and software.
- Zero trust
- A security model that trusts no request by default and verifies every access, regardless of network location.
Compliance & Frameworks
10 termsThe standards and regulations that govern AI and security.
- EU AI Act
- The European Union regulation that classifies AI systems by risk and sets transparency, human oversight, and documentation obligations.
- GDPR
- The European Union regulation governing how personal data is collected, processed, transferred, and protected.
- GRC (Governance, Risk, and Compliance)
- The discipline of aligning security controls with business risk and regulatory obligations.
- ISMS
- Information Security Management System: the set of policies, processes, and controls that manage information security risk, as defined by ISO 27001.
- ISO 27001
- The international standard for an information security management system, covering controls across people, process, and technology.
- ISO 42001
- The international standard for an AI management system, covering AI risk treatment, governance, and continual improvement.
- NIST Cybersecurity Framework (CSF)
- A widely used framework that organizes security work into Identify, Protect, Detect, Respond, and Recover.
- Risk assessment
- Identifying, analyzing, and prioritizing risks so you can decide which to treat first.
- SOC 2
- An attestation that a company meets trust service criteria for security, availability, confidentiality, processing integrity, and privacy.
- Vendor risk management
- Assessing and monitoring the security of third parties, including the AI vendors your company adopts.
Cerbera Platform
4 termsTerms specific to Cerbera and how it is built.
- Bastion
- The managed security company behind Cerbera, which runs SOC 2 and ISO 27001 programs for startups and SMBs.
- Cerbera
- The security platform for the agent era. Discover, secure, and govern every AI model, agent, and MCP server from one transparent proxy. Built by Bastion.
- Forward-deployed engineering
- Cerbera engineers who work as an extension of your team to integrate, customize, and ship, instead of leaving you with software alone.
- Managed policy engine
- A catalog of pre-built policies, authored and kept current by Cerbera's team, with audit-ready evidence for ISO 42001, the EU AI Act, and SOC 2.
[Go deeper]
See these terms in action.
Read the Agentic AI Security Framework, or book a demo to see how Cerbera secures every surface.