Glossary.
Every term this publication uses in a specific analytical sense. First-party entries are coined here (13 terms). Cited externals are industry, academic, or regulatory terms with primary-source links (38 terms).
A
- A2A protocolIndustryaka agent-to-agent protocol, A2A, inter-agent protocol
Agent-to-agent (A2A) is an emerging open standard for inter-agent communication, originally proposed by Google in 2025 and adopted by working groups across multiple vendors. It defines how one agent…
- Action classIndustryaka action category, agent action class
A classification of the actions an AI agent can take, used to define approval gates, error budgets, and audit-retention policies per category. Standard action classes used in this publication's frame…
- Agent modeIndustryaka agentic mode, AI agent mode, the agent model
The operating mode in which an AI system uses tools, carries state across multiple steps, and acts on external systems with limited per-action human supervision. Most enterprise software vendors use…
- Agentic AIIndustryaka agentic, AI agents, agent mode
Software systems built on large language models that plan multi-step tasks, call external tools, and act on a goal without per-step human prompts. Distinguished from a single-shot AI assistant by aut…
- AI agentIndustryaka agent, autonomous agent
An LLM-driven program that plans, decides, and executes tool calls toward a stated goal. Differs from an AI assistant (single-turn helper) by carrying state across steps and acting on the world via t…
- AI Bill of Materials (AIBOM)Industryaka AIBOM, AI bill of materials, AI SBOM
A structured inventory of every component that contributes to an AI system: the foundation model and version, training-data sources, fine-tuning data, retrieval indexes, tool integrations, prompt tem…
- Annex IIIIndustryaka EU AI Act Annex III, Annex III categories
Annex III of the EU AI Act — the list of high-risk AI use-case categories. AI systems falling into any Annex III category (biometric identification, critical infrastructure management, education, emp…
C
- Chain of thoughtIndustryaka CoT, chain-of-thought reasoning, reasoning trace
A prompting technique and emergent capability of large language models in which the model produces intermediate reasoning steps before arriving at a final answer. Originally surfaced as an emergent c…
- Computer useIndustryaka browser use, screen agent, computer-use agent
A capability of agentic AI systems in which the agent perceives the user's screen via screenshots and acts by emitting mouse clicks, keyboard input, and scroll events — operating any application the…
- Conformity assessmentIndustryaka EU AI Act conformity assessment, Article 43 assessment
Under EU AI Act Article 43, the procedure providers of high-risk AI systems must complete to demonstrate compliance with Articles 9-15 before placing the system on the EU market. For most Annex III s…
- Context windowIndustryaka context length, context size, input window
The maximum amount of input tokens (system prompt, user prompt, retrieved context, conversation history, tool-call results) a large language model can process in a single inference call. Frontier mod…
- Correction logFirst-partyaka corrections, correction trail
An appended-only, dated revision history attached to every Holding claim whose status moves to Partial or Not holding. Entries explain what changed and why. Original claim text remains visible.
- Cross-agent prompt injectionIndustryaka agent-to-agent injection, multi-agent prompt injection
An attack class in which adversarial instructions are placed into the context of one AI agent and then propagate to another AI agent through inter-agent communication, retrieval, shared memory, or to…
D
E
- EchoLeakIndustryaka EchoLeak attack, cross-agent echo
A class of cross-agent prompt-injection attack in which adversarial content placed in a low-trust source (an email, a calendar invite, a shared document) is retrieved by one agent, becomes part of th…
- EmbeddingIndustryaka vector embedding, text embedding, embeddings
A high-dimensional numerical vector representation of text, image, audio, or other content. Embeddings encode semantic meaning such that content with similar meaning sits close together in the vector…
- EU AI ActIndustryaka Regulation (EU) 2024/1689, AI Act
The European Union's AI regulation, in force since 1 August 2024. Tiered risk classification (unacceptable, high, limited, minimal) with the strictest obligations on high-risk systems. Provisions pha…
F
G
- GAUGEFirst-partyaka Enterprise Agentic Governance Benchmark, WAGI, Walda Agentic Governance Index
GAUGE is an annual scored benchmark of the top enterprise agent-mode deployments across six governance dimensions, weighted to a 0–100 index. First publication: Q4 2026.
- GroundingIndustryaka factual grounding, evidence grounding, source grounding
The technique of constraining a large language model's output to be supported by retrieved evidence — typically through retrieval-augmented generation (RAG), citation-with-source-link enforcement, or…
- GuardrailIndustryaka AI guardrail, agent guardrail, safety filter
A policy-enforcement primitive that constrains an AI agent's input or output at runtime — content filters, denied-topic lists, PII redaction, prompt-injection detection, output validation, jailbreak…
H
- HallucinationIndustryaka AI hallucination, model hallucination, confabulation
Output produced by a large language model that is presented as factual but is not grounded in real evidence — fabricated citations, invented quotations, non-existent companies, made-up statistics, or…
- High-risk AI systemIndustryaka Annex III system, EU AI Act high-risk, high-risk AI
Under the EU AI Act, an AI system that falls into one of the categories listed in Annex III (or that is used as a safety component of a regulated product) inherits the full Article 8–17 obligations:…
- Holding claimFirst-partyaka tracked claim, AM claim, OPS claim
A single declarative sentence the publication has asserted, registered with an immutable ID (AM-NNN or OPS-NNN), a publish date, a current verdict, a next-review date, and an appended-only correction…
- Holding rateIndustryaka claim holding rate, trust rate
The percentage of every claim Agent Mode AI has made that is currently marked Holding (still defensible against the latest evidence) as opposed to Partial (substantively revised) or Not holding (fals…
- Holding-upFirst-partyaka Holding-up system, Holding-up protocol
The publication's discipline of tracking every primary claim it asserts on a 30–90 day review rhythm. Each claim is marked Holding, Partial, or Not holding. Status changes; claim text never changes.
I
- Indirect prompt injectionIndustryaka IPI, second-order prompt injection
Prompt injection delivered via content the LLM retrieves rather than via the user's direct prompt — a poisoned web page, email, document, or tool response that the agent ingests and treats as instruc…
- InferenceIndustryaka model inference, LLM inference, inference call
The runtime process of running an input through a trained large language model to produce an output. Inference is the operating phase (as opposed to training); each enterprise agent invocation is one…
J
L
M
- Model cardIndustryaka system card, model documentation
A standardised disclosure document published by a model provider summarising the model's intended use, evaluation results, training data sources, known limitations, ethical considerations, and safety…
- Model Context ProtocolIndustryaka MCP, MCP server, MCP client
An open protocol Anthropic published in late 2024 that standardises how LLM applications connect to data sources and tools. MCP servers expose resources and tools; MCP clients (such as agent runtimes…
- MTTD-for-AgentsFirst-partyaka Mean Time To Detect (MTTD) for Agents, Mean Time To Detect for Agents, MTTD-A
A leading indicator for enterprise agent-mode safety, adapted from SRE MTTD to cover cross-agent delegation and emergent behaviour. Targets: < 4h for high-risk agents at large enterprises, < 24h at m…
- Multi-agent systemIndustryaka MAS, agent network, multi-agent architecture
A production deployment in which two or more autonomous AI agents share state, share context, or coordinate on tasks. The threshold for governance purposes is the inter-agent communication path: if i…
N
- NIS2 DirectiveIndustryaka NIS2, EU NIS2, Network and Information Security Directive 2
Directive (EU) 2022/2555 — the second-generation Network and Information Security Directive. Establishes cybersecurity obligations for entities classified as essential or important across 18 sectors,…
- NIST AI RMFIndustryaka NIST AI Risk Management Framework, AI RMF 1.0
The U.S. National Institute of Standards and Technology's voluntary AI risk-management framework, published January 2023. Organises AI risk under four functions: Govern, Map, Measure, Manage.
- Non-Human IdentityIndustryaka NHI, machine identity, agent identity
Any identity in an enterprise system that is not a human user — service accounts, API keys, OAuth tokens, machine certificates, and now agent-bound credentials. Outnumber human identities at typical…
O
P
Q
R
- Reasoning modelIndustryaka thinking model, reasoner, extended-thinking model
A class of large language model trained or configured to allocate compute on intermediate reasoning before producing the final answer — using inference-time scaling, chain-of-thought tokens, or self-…
- Reasoning traceIndustryaka agent trace, decision trace, reasoning log
The recorded sequence of an agent's intermediate reasoning steps from initial prompt to final action, including the system prompt, retrieved context with provenance, model output (including any chain…
- Red teamingIndustryaka AI red team, adversarial testing, AI red-teaming
Adversarial testing of an AI system by a team that simulates attackers, edge-case users, or malicious prompts to surface failure modes, jailbreaks, or policy violations the system did not catch in st…
- Retrieval-augmented generationIndustryaka RAG, retrieval augmented generation
An LLM application pattern that grounds generation in retrieved documents fetched at query time. Originally introduced by Lewis et al. (Facebook AI) 2020. Now the default architecture for enterprise…
- Risk management systemIndustryaka AI risk management system, RMS, Article 9 RMS
Under EU AI Act Article 9, the continuous, iterative process providers of high-risk AI systems must establish to identify, evaluate, and mitigate risks throughout the system's lifecycle. The RMS prod…
S
- Status grammarFirst-partyaka Holding, Partial, Not holding, verdict
The publication's three-state vocabulary for every Holding claim: Holding (still supported by evidence), Partial (one substantive part revised, correction logged), Not holding (claim falsified or ove…
- System promptIndustryaka system message, system instruction, developer prompt
The instruction passed to a large language model that defines the agent's role, behaviour, allowed actions, and operating constraints. In agent-mode deployments the system prompt is typically several…
T
- The LedgerFirst-partyaka Holding-up index, Holding-up ledger, claim ledger
The public index at /holding/ that lists every claim the publication has made, with current verdict, last review, and next-review countdown. Filters by segment (Reporting / Operators) and status.
- Tool useIndustryaka function calling, tool calling, agent tool use
The capability of a large language model to invoke external functions, APIs, or services as part of its reasoning loop. Tool use turns a stateless text-in-text-out model into an agent: the model deci…
V
- Vector databaseIndustryaka vector store, vector index, vector search engine
A database optimised for storing and querying high-dimensional vectors (embeddings) using approximate-nearest-neighbour (ANN) search. The retrieval primitive of RAG-based agents. 2026 production opti…
- VigilFirst-partyaka Vigil chip, OPS-LEDGER
The persistent fixed-position chip on every page that surfaces the count of claims reviewed in the past seven days. Click-through opens the Ledger. Hidden on /holding/* itself.