Every term. Plain English.

An AI system that autonomously takes actions in the world, reading files, calling APIs, browsing the web, writing code, or delegating tasks to other agents, without direct human instruction for each step.

AI systems that operate with extended autonomy, executing multi-step tasks, using tools, and making decisions. Unlike chatbots that respond to single prompts, agentic AI maintains state and pursues goals across multiple actions.

Continuous discovery, inventory, and risk assessment of all AI agents, models, and tools in an organization. AI-SPM provides the visibility layer that security teams need before governance can be applied.

An open protocol by Anthropic that standardizes how AI agents connect to external tools and data sources. MCP servers expose 'tools' that agents can call, like reading files, querying databases, or posting messages.

A proxy layer that sits between AI agents and LLM providers (OpenAI, Anthropic, etc.), enabling policy enforcement, content filtering, PII redaction, and audit logging without modifying the underlying agent or model.

An attack where malicious instructions are embedded in data the AI agent reads, web pages, documents, tool outputs, causing the agent to follow the attacker's instructions instead of the user's. The AI equivalent of SQL injection.

A variant of prompt injection where the malicious instruction arrives via a secondary source the agent retrieves, a web page, a RAG document, an API response, rather than directly from the user.

An attack where a malicious document is inserted into a retrieval-augmented generation (RAG) vector store. When the poisoned document is retrieved, it injects hidden instructions into the model's context on every future query that triggers it.

An attack where a sub-agent or tool call is used to gain permissions beyond what was granted to the original agent. Common in multi-agent systems where orchestrator agents delegate to specialized sub-agents.

When an MCP server or AI agent uses tool calls to access resources, data, or actions outside the intended scope, reading files it shouldn't, writing to unauthorized endpoints, or calling tools it wasn't granted access to.

An autonomous security agent QuilrAI creates for each AI agent it governs. It analyzes the agent's purpose, configures least-privilege permissions at the skill level, enforces policies at runtime, and continuously hardens itself via red-teaming.

A QuilrAI agent that continuously attacks a Guardian Agent and the AI it governs, 24/7, automatically generating prompt injection attacks, privilege escalation attempts, and data exfiltration vectors. When a gap is found, the Guardian auto-updates.

A QuilrAI permission model that grants access at the granularity of individual agent skills (e.g., 'run bash in /app/src/ only') rather than broad tool-level access. More precise than API-key scoping and more enforceable than prompt-level instructions.

The National Institute of Standards and Technology AI Risk Management Framework, a voluntary framework for managing risks from AI systems. QuilrAI's audit trail and governance controls map directly to NIST AI RMF practices.

AI tools and models being used within an organization without IT or security team awareness or approval. Common examples: Ollama running on developer laptops, personal ChatGPT accounts used for work tasks, unauthorized MCP servers.

When sensitive organizational data (PII, trade secrets, financial data, credentials) leaves the trust boundary through an AI interaction, either intentionally through a compromised model or accidentally through an agent sending data to external monitoring endpoints.