AI Security Glossary

A

• AI BiasSystematic differential treatment by an AI system across groups, whether defined by protected characteristics, operational context or data segments. AI Bias is the failure mode that fairness controls exist to prevent.
• AI ExplainabilityThe capacity of an AI system to describe, in human-understandable terms, why it produced a specific output, so that decisions can be justified to regulators, auditors and affected parties.
• AI FairnessThe property of an AI system that produces consistent, equitable outputs across different demographic groups, datasets and operating conditions, without systematically disadvantaging protected characteristics such as race, gender, age or disability.
• AI GovernanceThe structured framework of policies, roles, controls and accountability mechanisms that ensures AI systems are deployed safely, fairly and in compliance with applicable law.
• AI Security Gap AnalysisA structured assessment that maps an organisation's current AI security and governance controls against a target framework, typically ISO 42001, NIST AI RMF or its own risk appetite, then produces a prioritised remediation roadmap.
• AI TraceabilityThe capacity to reconstruct why an AI system produced a specific output, using logged inputs, model version records, decision trails and human-override history sufficient for post-hoc audit.
• Algorithmic AccountabilityThe principle that named individuals or roles are responsible for the outcomes of AI systems, including the decisions made, the controls applied and the evidence retained.

C

• CIA TriadThe foundational information security model defining three properties every system must protect: Confidentiality (data accessible only to authorised parties), Integrity (data accurate and unaltered) and Availability (systems accessible when needed).
• CIA+EFT FrameworkAn integrated AI security model that extends the traditional CIA triad with three AI-specific dimensions (Explainability, Fairness and Traceability), giving organisations one coherent vocabulary for assessing risk across both classical security and AI-specific failure modes.

E

• EU AI ActThe world's first comprehensive AI regulation (Regulation (EU) 2024/1689), in force since 1 August 2024 and applying in phases, which classifies AI systems into four risk tiers and imposes binding obligations on the organisations that build and deploy them.

I

• ISO 42001ISO/IEC 42001:2023, the international standard for AI management systems, published in December 2023, which provides a certifiable framework for organisations to govern AI systems across risk assessment, supplier controls, operational monitoring and incident response.
• ISO 42001 Lead AuditorThe accredited professional who plans and runs the certification audit of an organisation's AI management system and decides whether it meets the requirements of the ISO/IEC 42001 standard.

M

• Model Context Protocol (MCP) ServerA runtime component that exposes tools, data sources and system capabilities to AI agents through a standardised interface, allowing those agents to read files, execute commands and interact with internal systems on a user's behalf.

S

• Shadow AIAI tools, applications and services that employees use without IT or security team oversight, the AI counterpart to shadow IT.