Market categories
The labels people use to understand product space, problem framing, and category fit.
Glossary
This is a reference layer built for search and clarity. Use it when a security term is being searched directly, when a category label is too broad to be useful on its own, or when the acronym is more familiar than the explanation underneath it.
Current glossary coverage
Definition lanes
Start with the exact term you need defined, not the internal shorthand your team is used to.
Identity, access, and trust
5 termsTerms that show up when teams are trying to explain modern authentication, identity risk, and access control without falling back on vague IAM language.
Cloud, data, and posture
5 termsThe category labels and acronyms that usually break first when posture, exposure, and SaaS risk are being described too broadly.
AI, software, and threat language
5 termsTerms that need clean definitions when the conversation moves into software supply chain, AI attacks, and operational risk rather than product slogans.
Market categories
The labels people use to understand product space, problem framing, and category fit.
Platform acronyms
The compressed labels that need unpacking before they become useful working language.
Operating principles
The terms that sound obvious until a page has to prove that the company actually means them.
Term index
These are not filler dictionary entries. Each page is written to define the term, separate it from the adjacent language around it, and connect it to related categories and deeper reading.
Market category
AI security is the practice and product space focused on protecting AI systems, models, data, prompts, agents, and AI-enabled workflows from misuse, manipulation, leakage, unsafe behavior, and operational security risk.
Adjacent term Identity Security
Open termOn this site, ASPM means application security posture management: a platform approach that brings together application-security findings, context, and remediation logic so AppSec teams can prioritize what matters instead of triaging disconnected signals.
Adjacent term Exposure Management
Open termMarket category
Attack surface management is the practice of identifying, monitoring, and understanding the assets, services, systems, and exposure points that an attacker could discover, reach, or exploit across an environment.
Adjacent term Exposure Management
Open termCNAPP stands for cloud-native application protection platform. In practical terms, it refers to a cloud-security platform category that combines multiple cloud-risk functions, such as posture, workload, identity, and related controls, into a more unified way of managing cloud exposure.
DSPM stands for data security posture management. It refers to a category focused on discovering, classifying, monitoring, and reducing risk around sensitive data across cloud, SaaS, data-store, and identity-connected environments.
Market category
Exposure management is the practice and product space focused on identifying, correlating, and prioritizing the weaknesses, attack paths, assets, and findings that create meaningful risk across an environment.
Market category
Identity security is the discipline and product space focused on controlling, monitoring, and reducing risk around human, machine, and privileged identities across authentication, authorization, governance, and threat detection workflows.
ITDR stands for identity threat detection and response. It refers to the detection, investigation, and response practices or platforms focused on identity compromise, misuse, privilege abuse, and other identity-centered attack activity.
Adjacent term Identity Security
Open termOperating principle
Least privilege is the security principle of granting a user, identity, process, or workload only the minimum level of access and permission necessary to perform its intended task.
MDM stands for mobile device management. It refers to the tools and workflows used to enroll, configure, control, secure, and manage mobile devices and related access policies across an organization.
Adjacent term Identity Security
Open termMarket category
A non-human identity is a digital identity used by software, workloads, services, applications, scripts, bots, devices, or infrastructure components rather than by a human user. These identities still need authentication, authorization, governance, and security controls because they can create significant access risk.
Adjacent term Workload Identity
Open termPAM stands for privileged access management. It refers to the tools, controls, and workflows used to govern, restrict, monitor, and secure elevated access to critical systems, accounts, infrastructure, and administrative functions.
Adjacent term Identity Security
Open termOperating principle
Passkeys are passwordless sign-in credentials built on public key cryptography. They let a user authenticate with a device-based credential, usually unlocked with biometrics or a PIN, instead of typing a traditional password.
Adjacent term Passwordless Authentication
Open termOperating principle
Passwordless authentication is an approach to sign-in that does not rely on the user typing a traditional password. Instead, it uses other factors or credential models, such as passkeys, device-bound credentials, biometrics, or hardware-backed authentication, to verify identity.
Operating principle
Phishing-resistant MFA is multi-factor authentication that is designed to prevent attackers from stealing and replaying login factors through phishing or real-time interception. It typically relies on cryptographic, device-bound, or origin-aware authentication methods rather than reusable one-time codes alone.
Threat language
Prompt injection is an attack in which an adversary provides crafted input that causes an AI system or language model to ignore, override, or manipulate its intended instructions, often leading to unsafe behavior, data exposure, or unintended actions.
Adjacent term AI Security
Open termThreat language
Ransomware is a type of malicious activity that uses encryption, disruption, data theft, or extortion pressure to force an organization to pay or comply in order to recover systems, protect data, or limit business damage.
SBOM stands for software bill of materials. It is a structured inventory of the components, dependencies, libraries, and other building blocks that make up a software product or application.
Adjacent term Software Supply Chain Security
Open termSCA stands for software composition analysis. It refers to the tools and processes used to identify, inventory, and analyze the open-source or third-party components inside software so teams can understand licensing, dependency, and security risk.
Operating principle
Secure by design means building products, defaults, and engineering decisions so that security risk is reduced from the start instead of leaving customers to assemble basic protections through heavy configuration or compensating controls later.
Adjacent term AI Security
Open termMarket category
Software supply chain security is the practice of reducing risk across the components, dependencies, build processes, tools, repositories, and delivery paths involved in creating, packaging, and distributing software.
SSPM stands for SaaS security posture management. It refers to the practices or platforms used to identify, evaluate, and reduce security risk across SaaS applications by examining configuration, permissions, exposure, integrations, and related control weaknesses.
Market category
Workload identity is the identity used by a workload such as an application, container, service, or compute instance to authenticate and access other resources. It gives that workload a controlled way to prove who it is and what it is allowed to do.
Adjacent term Non-Human Identity
Open termXDR stands for extended detection and response. It refers to a detection-and-response platform approach that brings together signals from multiple security layers to improve investigation, alert prioritization, and response workflows.
Adjacent term Exposure Management
Open termOperating principle
Zero trust is a cybersecurity approach that assumes no user, device, workload, or network flow should be trusted implicitly. Access decisions are made through explicit verification, context-aware policy, and continuous evaluation rather than broad default trust.
Adjacent term Least Privilege
Open term