A
- AI gateway
- A vendor-neutral control point that sits between agents and models, mediating every call to apply policy, logging, and rate limits.
- AI guardrails
- Engineered controls that constrain what an AI agent can do, see, or output across input filtering, behaviour control, and output checks.
- Autonomy spectrum
- The range of agent independence, from suggesting an action, to drafting for approval, to acting within guardrails, to acting fully alone.
B
- BISO
- Business Information Security Officer. Embedded within a business line; translates security between business and central InfoSec.
C
- Cardholder data environment
- The systems, people, and processes that store, process, or transmit cardholder data, plus anything connected to them under PCI DSS.
- Confused deputy
- A trusted component tricked into misusing its own authority on behalf of an attacker who lacks that authority directly.
- CSP
- Content Security Policy. HTTP response header that constrains what scripts, styles, and other resources a browser will load on a page.
D
- Data poisoning
- Corrupting the training or retrieval data a model relies on, so the model learns wrong patterns or returns attacker-chosen content.
- DORA
- EU Digital Operational Resilience Act covering ICT risk for financial entities, in force 17 January 2025.
E
- EU AI Act
- Regulation (EU) 2024/1689, the first broad law on artificial intelligence, sorting systems into risk tiers with duties set per tier.
- Excessive agency
- An AI agent granted more permissions, tools, or autonomy than its assigned task requires, widening the blast radius of any failure.
F
- FAIR risk quantification
- Factor Analysis of Information Risk, a method that expresses risk in financial terms from loss-event frequency and loss magnitude.
H
- HSTS
- HTTP Strict Transport Security. Tells browsers to only ever load this site over HTTPS, even if the user types `http://`.
- Human in the loop (HITL)
- A control that requires a person to review or approve an automated decision before it takes effect, keeping a human accountable.
I
- ICT third-party risk
- Risk arising from ICT services provided by third parties to a regulated entity, governed by DORA Article 28.
- Impact tolerance
- The maximum disruption an important business service can bear before causing intolerable harm, set as a firm's planning limit.
- ISMS
- Information Security Management System. The structured set of policies, processes, and controls that govern an organisation's security posture.
- ISO 27001
- International standard for an information security management system (ISMS). The 2022 revision is the current edition.
- ISO/IEC 42001
- The international standard for an AI management system, setting requirements to govern AI responsibly across its lifecycle.
J
- Jailbreak
- A crafted prompt that coaxes a model past its safety constraints, making it produce content or take actions its policy forbids.
K
- Kill switch
- A pre-built control that halts an AI agent or model fast, cutting its access and stopping further action during an incident.
M
- Model Context Protocol (MCP)
- An open standard that connects AI agents to external tools, data sources, and services through a consistent connector interface.
- Model poisoning
- Tampering with a model's weights, training process, or supply chain so it behaves to an attacker's advantage under chosen conditions.
- Model risk management (MRM)
- A discipline for governing the risk that a model is wrong or misused, through validation, monitoring, and clear ownership.
N
- NIST AI RMF
- A voluntary US framework for governing AI risk across four functions: govern, map, measure, and manage.
- Non-human identity
- The workload or service credential that an automated agent, connector, or pipeline uses to authenticate, distinct from any person's login.
O
- Operational resilience
- A firm's ability to keep important services running through disruption, and to recover within limits set in advance.
P
- PCI DSS v4
- Payment Card Industry Data Security Standard, version 4.0. Mandatory for any entity that stores, processes, or transmits cardholder data.
- Prompt injection
- Adversarial input crafted to override an AI agent's system instructions, escalating its privileges or extracting protected information.
R
- Retrieval-augmented generation
- A pattern that fetches relevant documents at query time and feeds them to a model, grounding answers in current, specific source material.
S
- Segregation of duties
- Splitting a sensitive process across separate parties so no single actor can both initiate and approve it, reducing fraud and error.
- Senior Managers Regime (SM&CR)
- A UK FCA and PRA regime that ties named senior individuals to defined responsibilities, making accountability personal and traceable.
T
- Threat-led penetration testing
- Intelligence-led testing that simulates a realistic attacker against live systems, required for certain firms under DORA.
- Tool-description poisoning
- Hiding malicious instructions inside the description an AI agent reads when choosing a connector, steering the agent toward harmful actions.
V
- vCISO
- Virtual CISO. A senior security leader engaged on a fractional cadence rather than as a permanent hire.
Z
- Zero data retention (ZDR)
- A contract term under which an AI provider does not store the prompts you send or the outputs it returns after serving the request.