A security mechanism that restricts which users, systems, or processes can view or modify resources within a computing environment.

A prolonged and targeted cyberattack in which an intruder gains access to a network and remains undetected for an extended period to steal data or monitor activity. Often abbreviated to APT.

An iterative software development methodology that delivers work in short cycles called sprints, prioritising collaboration, adaptability, and incremental delivery over rigid long-term planning.

A software system that uses a large language model to autonomously plan and execute multi-step tasks by calling tools, APIs, or other models to achieve a defined goal.

A theoretical form of AI that would possess the ability to understand, learn, and apply knowledge across any intellectual task at a level equal to or exceeding human capability. No AGI system exists as of 2026.

A versioned, deployable output of a build process, such as a compiled binary, container image, or packaged library, stored in a repository for use in later pipeline stages.

The total set of entry points through which an unauthorised user could attempt to gain access to a system, including software, network interfaces, APIs, and human factors.

A component of neural network architectures that allows a model to weigh the relevance of different parts of an input sequence when producing an output, forming the basis of the transformer architecture.

The process of verifying that a user, device, or system is who or what it claims to be, typically through passwords, certificates, biometrics, or tokens.

The process of determining what resources or actions an authenticated identity is permitted to access or perform within a system.

A cloud capability that automatically adjusts the number of active compute instances or resources in response to changes in demand, scaling up under load and scaling down when demand drops.

A physically isolated data centre location within a cloud region, designed to provide redundancy so that failures in one zone do not affect workloads running in another.

A cloud service model that provides dedicated physical servers to a single tenant, offering the performance and isolation of on-premises hardware with the provisioning speed of the cloud.

Systematic and unfair skew in a model's outputs caused by imbalanced, unrepresentative, or prejudiced patterns present in training data or model design choices. Also referred to as AI bias.

The internal security team responsible for defending an organisation's systems, detecting attacks, and responding to incidents, typically in contrast to a red team that simulates attackers.

A release strategy that maintains two identical production environments, routing traffic to one while the other is updated, allowing instant rollback if the new version has issues.

A network of internet-connected devices infected with malware and controlled remotely by an attacker, often used to carry out distributed denial-of-service attacks or send spam.

A programme in which organisations invite external security researchers to find and responsibly disclose vulnerabilities in exchange for financial rewards or recognition.

A deployment technique in which a new software version is rolled out to a small subset of users or servers first, allowing teams to monitor for issues before a full release.

Cloud Access Security Broker. A security enforcement point, either on-premises or cloud-hosted, that sits between users and cloud service providers to enforce security policies and provide visibility into cloud usage.

Content Delivery Network. A geographically distributed network of servers that caches and delivers web content to users from the location closest to them, reducing latency and improving load times.

The practice of deliberately introducing controlled failures or disruptions into a system in production or staging to identify weaknesses and improve resilience before real outages occur.

A software application that simulates conversation with users through text or voice interfaces, ranging from rule-based systems to those powered by large language models.

Cloud Infrastructure Entitlement Management. A category of security tooling that discovers, manages, and enforces least-privilege access policies for identities across cloud infrastructure.

An automated sequence of stages, typically including build, test, and deploy, that moves code from a developer's machine to a production environment with consistent, repeatable steps.

A configuration in which an application runs in a private cloud and automatically overflows into a public cloud when demand exceeds available on-premises capacity.

An approach to building and running applications that fully exploits the advantages of cloud computing, typically using containers, microservices, declarative APIs, and dynamic orchestration.

A data centre service in which a business rents physical space, power, and connectivity to house its own servers and networking equipment rather than using cloud-hosted infrastructure.

A field of AI that enables machines to interpret and make decisions based on visual inputs such as images and video, used in applications including object detection, facial recognition, and medical imaging.

The practice of tracking and controlling changes to software and infrastructure configurations, ensuring systems remain in a known and desired state over time.

A lightweight, portable unit of software that packages an application and its dependencies together, running in isolation from other containers on the same host operating system.

A storage and distribution system for container images, allowing teams to push, pull, version, and share images across development and production environments.

The maximum amount of text, measured in tokens, that a large language model can process in a single interaction, encompassing both the input prompt and the generated response.

A software engineering practice in which code changes are automatically built, tested, and prepared for release to production, so that deployment can happen at any time with minimal manual effort.

A development practice in which developers frequently merge code changes into a shared repository, triggering automated builds and tests to detect integration problems early.

Cloud Security Posture Management. A class of tools that continuously monitors cloud environments for misconfigurations, compliance violations, and security risks, providing remediation guidance.

Common Vulnerabilities and Exposures. A public catalogue of known security vulnerabilities, each assigned a unique identifier and severity score, maintained by MITRE and used as a common reference across the security industry.

Dynamic Application Security Testing. A security testing method that analyses a running application from the outside by simulating attacks, identifying vulnerabilities that only manifest during execution.

A set of tools and policies designed to detect and prevent the unauthorised transfer, sharing, or exposure of sensitive data outside an organisation. Commonly abbreviated to DLP.

The legal and regulatory requirement that data be stored and processed within a specific geographic location or jurisdiction, often driven by privacy laws such as GDPR.

Distributed Denial of Service. An attack in which multiple compromised systems flood a target server or network with traffic, overwhelming it and making it unavailable to legitimate users.

A class of generative AI model trained to produce data such as images or audio by learning to reverse a gradual noise-addition process applied to training examples.

An open-source platform that enables developers to build, ship, and run applications in containers, providing tooling to create container images and manage their lifecycle.

A set of four key performance indicators used to measure software delivery performance: deployment frequency, lead time for changes, change failure rate, and time to restore service. Developed by the DevOps Research and Assessment programme.

The deployment of AI models directly on edge devices such as smartphones, cameras, or IoT sensors, enabling inference to occur locally without sending data to a central cloud server.

A distributed computing model that processes data closer to where it is generated, at the network edge, rather than sending it to a centralised data centre, reducing latency and bandwidth consumption.

The ability of a cloud system to dynamically allocate and release compute resources in response to workload demands, ensuring capacity matches usage at any given time.

Numerical vector representations of words, sentences, images, or other data that capture semantic meaning and relationships, enabling AI models to perform tasks such as similarity search and clustering.

The process of encoding data so that only authorised parties with the correct key can read it, protecting information from unauthorised access during storage or transmission.

A security solution that continuously monitors endpoint devices such as laptops and servers to detect, investigate, and respond to threats in real time. Commonly abbreviated to EDR.

The ability to describe how and why an AI model produced a particular output in terms that humans can understand, supporting trust, accountability, and regulatory compliance. Also referred to as XAI.

An automatic process in which a system switches to a redundant backup component, server, or network when the primary one fails, minimising downtime and service disruption.

A software development technique that allows specific features or code paths to be enabled or disabled at runtime without deploying new code, supporting gradual rollouts and A/B testing.

A machine learning approach in which a model learns to perform a task from only a small number of labelled examples, often demonstrated within the prompt for large language models.

The process of further training a pre-trained foundation model on a smaller, task-specific dataset to adapt its behaviour for a particular use case or domain.

A network security device or software that monitors and controls incoming and outgoing network traffic based on predefined security rules, acting as a barrier between trusted and untrusted networks.

A large AI model trained on broad, general-purpose data at scale that can be adapted to a wide range of downstream tasks through fine-tuning or prompting.

A serverless cloud execution model in which developers deploy individual functions triggered by events, running in stateless, ephemeral containers managed entirely by the cloud provider. Commonly abbreviated to FaaS.

A class of AI systems capable of producing new content including text, images, audio, video, and code, by learning patterns from large training datasets.

An operational framework that uses Git repositories as the single source of truth for both application and infrastructure configuration, with automated systems reconciling the actual state with the declared state in Git.

Graphics Processing Unit. A specialised processor originally designed for rendering graphics, now widely used to accelerate AI model training and inference due to its ability to perform many parallel computations simultaneously.

A behaviour in which a large language model generates plausible-sounding but factually incorrect, fabricated, or unsupported information with unwarranted confidence.

A package manager for Kubernetes that uses templated configuration files called charts to define, version, and deploy complex applications onto a Kubernetes cluster.

A design approach in which human judgment is integrated into an AI system's decision-making or training process, providing oversight, correction, or approval at critical steps.

A computing environment that combines private cloud or on-premises infrastructure with public cloud services, allowing data and applications to move between them based on business needs.

A large-scale cloud provider such as AWS, Microsoft Azure, or Google Cloud that operates massive global infrastructure capable of rapidly scaling compute, storage, and networking resources.

Infrastructure as a Service. A cloud service model in which a provider delivers virtualised computing resources including servers, storage, and networking over the internet, with the customer managing the operating system and above.

Identity and Access Management. A framework of policies and technologies that ensures the right individuals have appropriate access to the right resources at the right times, for the right reasons.

Infrastructure as Code. The practice of managing and provisioning computing infrastructure through machine-readable configuration files rather than manual processes or interactive configuration tools.

An approach in which deployed infrastructure components are never modified after deployment. Changes are made by replacing components with newly provisioned versions, improving consistency and reducing configuration drift.

The process of detecting, responding to, resolving, and learning from unexpected service disruptions or degradations to restore normal operations as quickly as possible.

The process of using a trained AI model to generate predictions or outputs from new input data, as opposed to training, which is the process of building the model in the first place.

A monitoring system that analyses network traffic or system activity for signs of malicious behaviour or policy violations and generates alerts when suspicious activity is detected. Commonly abbreviated to IDS.

A security system that actively monitors network traffic and can automatically block or reject packets and connections identified as malicious, extending the capabilities of an IDS. Commonly abbreviated to IPS.

An open-source container orchestration platform that automates the deployment, scaling, and management of containerised applications across clusters of machines.

A type of deep learning model trained on very large text datasets to understand and generate human language, capable of tasks such as summarisation, translation, coding, and question answering. Commonly abbreviated to LLM.

The time delay between sending a request and receiving a response in a networked system, typically measured in milliseconds and influenced by physical distance, network congestion, and processing time.

A technique used by attackers to progressively move through a network after an initial compromise, gaining access to additional systems and data beyond the original entry point.

The process of distributing incoming network traffic or workloads across multiple servers or resources to maximise throughput, minimise response time, and prevent any single resource from becoming overloaded.

A subset of AI in which systems learn to perform tasks by identifying patterns in data rather than following explicitly programmed rules, improving performance as they are exposed to more examples.

A cloud offering in which the provider takes responsibility for the ongoing maintenance, monitoring, and operation of a specific technology such as a database or messaging queue, reducing the operational burden on the customer.

Multi-Factor Authentication. An authentication method that requires users to verify their identity using two or more independent factors, such as a password combined with a one-time code or biometric scan.

An architectural approach in which an application is built as a collection of small, independently deployable services, each responsible for a specific business function and communicating over APIs.

A publicly available knowledge base of adversary tactics, techniques, and procedures observed in real-world cyberattacks, used by security teams for threat modelling, detection, and response planning.

The degradation in a deployed AI model's performance over time, caused by changes in real-world data distributions that differ from the data the model was originally trained on.

A technique that reduces the size and computational cost of an AI model by representing its weights and activations with lower-precision numerical formats, enabling deployment on resource-constrained hardware.

A strategy in which an organisation uses cloud services from two or more providers simultaneously, typically to avoid vendor lock-in, optimise costs, or meet specific regulatory requirements.

An architecture in which a single instance of software or infrastructure serves multiple customers, with each customer's data logically isolated from others.

An AI system capable of processing and generating multiple types of data, such as text, images, audio, and video, within a single model.

A branch of AI concerned with enabling computers to understand, interpret, and generate human language in a way that is meaningful and useful. Commonly abbreviated to NLP.

A computational model loosely inspired by the structure of the human brain, composed of interconnected layers of nodes that process input data to learn patterns and produce outputs.

A data storage architecture that manages data as discrete units called objects, each containing the data itself along with metadata and a unique identifier, suited to storing large volumes of unstructured data.

The ability to understand the internal state of a system based on the data it produces externally, typically achieved through the collection and analysis of logs, metrics, and distributed traces.

A rotation schedule in which engineers are designated to be available to respond to system alerts, incidents, and pages outside of normal working hours to maintain service reliability.

Computing infrastructure physically located within an organisation's own facilities and managed by its own staff, as opposed to being hosted by a cloud provider. Often abbreviated to on-prem.

The automated coordination and management of multiple systems, services, or containers to perform a defined workflow, ensuring they work together correctly and efficiently.

A condition in which a machine learning model learns the training data too precisely, including its noise and outliers, resulting in poor generalisation to new, unseen data.

Platform as a Service. A cloud service model that provides a managed platform for developers to build, run, and manage applications without managing the underlying infrastructure such as servers, storage, or networking.

The numerical weights within a neural network that are adjusted during training to enable the model to make accurate predictions. The number of parameters is commonly used as a measure of model size.

An authorised simulated cyberattack on a system, network, or application carried out by security professionals to identify exploitable vulnerabilities before malicious actors can find them.

A social engineering attack in which an attacker sends deceptive communications, typically email, impersonating a trusted entity to trick recipients into revealing credentials or installing malware.

Public Key Infrastructure. A framework of policies, procedures, hardware, software, and certificates used to manage public-key encryption and authentication across a network.

A discipline focused on building and maintaining internal developer platforms that provide self-service infrastructure capabilities, reducing cognitive load on application development teams.

A structured review conducted after an incident or outage to understand its root causes, timeline, and impact, and to identify improvements that will prevent recurrence.

A cloud computing environment dedicated exclusively to a single organisation, hosted either on-premises or by a third-party provider, offering greater control and isolation than a public cloud.

An attack in which a user or process gains a higher level of access permissions than originally granted, allowing them to perform actions or access data beyond their intended scope.

The practice of designing and refining input instructions given to a large language model to produce desired outputs, including techniques such as chain-of-thought, few-shot examples, and role assignment.

A computing environment in which resources such as servers, storage, and applications are owned and operated by a third-party provider and shared among multiple customers over the internet.

A collaborative security exercise in which red team attackers and blue team defenders work together to improve detection and response capabilities through shared knowledge and coordinated testing.

Retrieval-Augmented Generation. An AI architecture that combines a large language model with a retrieval system, allowing the model to access and incorporate relevant external documents when generating responses, reducing reliance on memorised training data.

A type of malware that encrypts a victim's files or systems and demands payment, typically in cryptocurrency, in exchange for the decryption key needed to restore access.

A group of security professionals who simulate real-world adversarial attacks against an organisation's systems, people, and processes to identify vulnerabilities and test defences.

A geographic area containing one or more availability zones operated by a cloud provider, used by customers to deploy resources close to their users or within specific data jurisdiction requirements.

A machine learning paradigm in which an agent learns to make decisions by taking actions in an environment and receiving feedback in the form of rewards or penalties.

The process of planning, scheduling, and controlling the build, test, and deployment of software releases, coordinating across teams to ensure stable and predictable delivery.

A cloud pricing model in which customers commit to using a specific instance type for a one or three year period in exchange for a significantly reduced hourly rate compared to on-demand pricing.

A framework of principles and practices for developing and deploying AI systems in ways that are safe, fair, transparent, accountable, and aligned with human values and legal requirements.

A documented set of step-by-step procedures for operating and troubleshooting a system, used by on-call engineers to respond consistently to known operational events or alerts.

Software as a Service. A cloud distribution model in which a provider hosts an application and makes it available to customers over the internet on a subscription basis, with no installation or infrastructure management required.

Static Application Security Testing. A security testing method that analyses source code, bytecode, or binary code for vulnerabilities without executing the application, typically integrated into the development pipeline.

A natural language processing technique used to identify and classify the emotional tone of text, such as determining whether customer feedback is positive, negative, or neutral.

A cloud execution model in which the provider dynamically manages infrastructure allocation, allowing developers to deploy code that runs in response to events without provisioning or managing servers.

A curated, self-service portal through which development teams can provision approved infrastructure, tools, and services without requiring manual intervention from platform or operations teams.

A formal contract between a service provider and a customer that specifies the expected level of service, including availability, performance targets, and the consequences of failing to meet them. Commonly abbreviated to SLA.

A quantitative measure of a specific aspect of service performance, such as request latency or error rate, used as the basis for evaluating whether service level objectives are being met. Commonly abbreviated to SLI.

An internal target value or range for a service level indicator that a team commits to maintaining, representing the reliability goal for a particular service. Commonly abbreviated to SLO.

An infrastructure layer that manages service-to-service communication within a microservices architecture, providing load balancing, encryption, observability, and traffic control without requiring changes to application code.

A framework that defines the division of security and compliance responsibilities between a cloud provider and its customers, with the provider responsible for security of the cloud and the customer responsible for security within the cloud.

A practice of moving testing, security, and quality assurance activities earlier in the software development lifecycle, catching defects and vulnerabilities when they are less expensive to fix.

Security Information and Event Management. A platform that aggregates and analyses log and event data from across an organisation's IT environment in real time to detect threats, support investigations, and meet compliance requirements.

Security Orchestration, Automation and Response. A category of security platform that integrates disparate security tools and automates repetitive response tasks, enabling security teams to investigate and remediate threats faster.

Security Operations Center. A centralised team and facility responsible for continuously monitoring an organisation's IT environment, detecting security incidents, and coordinating response efforts.

A manipulation technique in which attackers exploit human psychology rather than technical vulnerabilities to deceive individuals into revealing sensitive information or taking harmful actions.

A cloud pricing model in which unused compute capacity is offered at steep discounts compared to on-demand rates, with the provider able to reclaim the instance with short notice when capacity is needed elsewhere.

Site Reliability Engineering. An engineering discipline that applies software engineering principles to infrastructure and operations problems, with the goal of creating scalable and highly reliable software systems.

A pre-production environment that closely mirrors the production system, used to test software changes under realistic conditions before they are released to end users.

A cyberattack that targets a less-secure element in an organisation's software or hardware supply chain, such as a third-party vendor or open-source dependency, to compromise downstream targets.

A machine learning approach in which a model is trained on a labelled dataset where the correct outputs are provided, learning to map inputs to outputs based on these examples.

Artificially generated data that mimics the statistical properties of real-world data, used to train or test AI models in situations where real data is scarce, sensitive, or difficult to collect.

The accumulated cost of shortcuts, suboptimal design decisions, or deferred work in a codebase that must eventually be addressed to maintain quality, performance, and developer productivity.

An open-source infrastructure-as-code tool developed by HashiCorp that enables teams to define, provision, and manage cloud infrastructure across multiple providers using a declarative configuration language.

Evidence-based information about existing or emerging threats, including details about adversary tactics, techniques, and indicators of compromise, used to inform defensive decisions.

The path or method by which an attacker gains access to a target system or network, such as phishing emails, unpatched software, stolen credentials, or exposed APIs.

Transport Layer Security. A cryptographic protocol that provides authentication, integrity, and encryption for data transmitted over a network, widely used to secure web traffic as the foundation of HTTPS.

Manual, repetitive, automatable operational work that scales linearly with service growth. Google's SRE practice identifies toil as work teams should minimise in favour of engineering that reduces future toil.

The basic unit of text that a large language model processes, typically representing a word, part of a word, or a punctuation character. Token count determines how much text fits within a model's context window.

The dataset used to teach a machine learning model, from which the model learns patterns, relationships, and representations that it applies when making predictions on new inputs.

A machine learning technique in which a model trained on one task or dataset is reused as the starting point for training on a different but related task, reducing the data and compute required.

A deep learning model architecture introduced in 2017 that uses self-attention mechanisms to process sequential data in parallel, forming the foundation of most modern large language models.

A source control practice in which developers integrate small, frequent changes directly into a single shared branch called trunk or main, avoiding long-lived feature branches and reducing merge conflicts.

A condition in which a machine learning model is too simple to capture the underlying patterns in the training data, resulting in poor performance on both training and new data.

A machine learning approach in which a model is trained on data without labelled outputs, discovering hidden patterns, groupings, or structures within the data on its own.

The proportion of time that a system, service, or component is operational and available to users, typically expressed as a percentage and often specified in service level agreements.

The end-to-end sequence of activities required to deliver value to a customer, from initial idea through development, deployment, and operation, used to identify bottlenecks and inefficiencies.

A database designed to store and query high-dimensional vector embeddings efficiently, enabling fast similarity searches used in AI applications such as semantic search and retrieval-augmented generation.

A system that records changes to files over time, enabling teams to track history, revert to previous states, and collaborate on code without overwriting each other's work. Git is the most widely used version control system.

A software-based emulation of a physical computer that runs an operating system and applications in an isolated environment on a physical host, sharing that host's hardware with other virtual machines.

The technology that creates software-based abstractions of physical computing resources such as servers, storage, and networks, enabling multiple virtual instances to run on shared physical hardware.

Virtual Private Cloud. A logically isolated network within a public cloud environment, providing customers with control over IP address ranges, subnets, routing, and security settings for their resources.

A weakness or flaw in a system, application, or process that could be exploited by an attacker to gain unauthorised access, cause damage, or disrupt services.

Web Application Firewall. A security tool that monitors, filters, and blocks HTTP traffic to and from a web application, protecting against attacks such as SQL injection, cross-site scripting, and request forgery.

A mechanism that allows one application to send automated, real-time notifications to another application via an HTTP request when a specified event occurs, enabling integrations between services without polling.

Extended Detection and Response. A security approach that unifies data collection and threat detection across multiple security layers including endpoints, networks, email, and cloud workloads, providing broader visibility than EDR alone.

A human-readable data serialisation language widely used in DevOps tooling for configuration files, including Kubernetes manifests, CI/CD pipeline definitions, and infrastructure-as-code templates. The name is a recursive acronym for YAML Ain't Markup Language.

A security model based on the principle of never trusting and always verifying, requiring strict identity verification for every user and device attempting to access resources regardless of network location.

An attack that targets a previously unknown software vulnerability for which no patch exists, giving defenders zero days to prepare before the vulnerability can be exploited.

A machine learning capability in which a model performs a task it has not been explicitly trained on, relying on generalised knowledge and contextual instructions rather than task-specific examples.