Glossary

Cybersecurity glossary for zero trust, passkeys, AI security, CNAPP, DSPM, SBOM, prompt injection, and the terms around them.

This is a reference layer built for search and clarity. Use it when a security term is being searched directly, when a category label is too broad to be useful on its own, or when the acronym is more familiar than the explanation underneath it.

Definition lanes

Start with the exact term you need defined, not the internal shorthand your team is used to.

Identity, access, and trust

5 terms

Terms that show up when teams are trying to explain modern authentication, identity risk, and access control without falling back on vague IAM language.

Cloud, data, and posture

5 terms

The category labels and acronyms that usually break first when posture, exposure, and SaaS risk are being described too broadly.

AI, software, and threat language

5 terms

Terms that need clean definitions when the conversation moves into software supply chain, AI attacks, and operational risk rather than product slogans.

what is zero trust what are passkeys what is PAM what is SBOM what is prompt injection what is SSPM

Market categories

The labels people use to understand product space, problem framing, and category fit.

Platform acronyms

The compressed labels that need unpacking before they become useful working language.

Operating principles

The terms that sound obvious until a page has to prove that the company actually means them.

Term index

Open the term you need defined properly.

These are not filler dictionary entries. Each page is written to define the term, separate it from the adjacent language around it, and connect it to related categories and deeper reading.

01

Market category

AI Security

AI security is the practice and product space focused on protecting AI systems, models, data, prompts, agents, and AI-enabled workflows from misuse, manipulation, leakage, unsafe behavior, and operational security risk.

02

Platform acronym

ASPM

Application Security Posture Management

On this site, ASPM means application security posture management: a platform approach that brings together application-security findings, context, and remediation logic so AppSec teams can prioritize what matters instead of triaging disconnected signals.

03

Market category

Attack Surface Management

Attack surface management is the practice of identifying, monitoring, and understanding the assets, services, systems, and exposure points that an attacker could discover, reach, or exploit across an environment.

04

Platform acronym

CNAPP

Cloud-Native Application Protection Platform

CNAPP stands for cloud-native application protection platform. In practical terms, it refers to a cloud-security platform category that combines multiple cloud-risk functions, such as posture, workload, identity, and related controls, into a more unified way of managing cloud exposure.

Adjacent term DSPM

Open term
05

Platform acronym

DSPM

Data Security Posture Management

DSPM stands for data security posture management. It refers to a category focused on discovering, classifying, monitoring, and reducing risk around sensitive data across cloud, SaaS, data-store, and identity-connected environments.

Adjacent term CNAPP

Open term
06

Market category

Exposure Management

Exposure management is the practice and product space focused on identifying, correlating, and prioritizing the weaknesses, attack paths, assets, and findings that create meaningful risk across an environment.

Adjacent term ASPM

Open term
07

Market category

Identity Security

Identity security is the discipline and product space focused on controlling, monitoring, and reducing risk around human, machine, and privileged identities across authentication, authorization, governance, and threat detection workflows.

Adjacent term MDM

Open term
08

Platform acronym

ITDR

Identity Threat Detection and Response

ITDR stands for identity threat detection and response. It refers to the detection, investigation, and response practices or platforms focused on identity compromise, misuse, privilege abuse, and other identity-centered attack activity.

09

Operating principle

Least Privilege

Least privilege is the security principle of granting a user, identity, process, or workload only the minimum level of access and permission necessary to perform its intended task.

Adjacent term PAM

Open term
010

Platform acronym

MDM

Mobile Device Management

MDM stands for mobile device management. It refers to the tools and workflows used to enroll, configure, control, secure, and manage mobile devices and related access policies across an organization.

011

Market category

Non-Human Identity

A non-human identity is a digital identity used by software, workloads, services, applications, scripts, bots, devices, or infrastructure components rather than by a human user. These identities still need authentication, authorization, governance, and security controls because they can create significant access risk.

012

Platform acronym

PAM

Privileged Access Management

PAM stands for privileged access management. It refers to the tools, controls, and workflows used to govern, restrict, monitor, and secure elevated access to critical systems, accounts, infrastructure, and administrative functions.

013

Operating principle

Passkeys

Passkeys are passwordless sign-in credentials built on public key cryptography. They let a user authenticate with a device-based credential, usually unlocked with biometrics or a PIN, instead of typing a traditional password.

014

Operating principle

Passwordless Authentication

Passwordless authentication is an approach to sign-in that does not rely on the user typing a traditional password. Instead, it uses other factors or credential models, such as passkeys, device-bound credentials, biometrics, or hardware-backed authentication, to verify identity.

Adjacent term Passkeys

Open term
015

Operating principle

Phishing-Resistant MFA

Phishing-resistant MFA is multi-factor authentication that is designed to prevent attackers from stealing and replaying login factors through phishing or real-time interception. It typically relies on cryptographic, device-bound, or origin-aware authentication methods rather than reusable one-time codes alone.

Adjacent term Passkeys

Open term
016

Threat language

Prompt Injection

Prompt injection is an attack in which an adversary provides crafted input that causes an AI system or language model to ignore, override, or manipulate its intended instructions, often leading to unsafe behavior, data exposure, or unintended actions.

Adjacent term AI Security

Open term
017

Threat language

Ransomware

Ransomware is a type of malicious activity that uses encryption, disruption, data theft, or extortion pressure to force an organization to pay or comply in order to recover systems, protect data, or limit business damage.

Adjacent term XDR

Open term
018

Platform acronym

SBOM

Software Bill of Materials

SBOM stands for software bill of materials. It is a structured inventory of the components, dependencies, libraries, and other building blocks that make up a software product or application.

019

Platform acronym

SCA

Software Composition Analysis

SCA stands for software composition analysis. It refers to the tools and processes used to identify, inventory, and analyze the open-source or third-party components inside software so teams can understand licensing, dependency, and security risk.

Adjacent term SBOM

Open term
020

Operating principle

Secure by Design

Secure by design means building products, defaults, and engineering decisions so that security risk is reduced from the start instead of leaving customers to assemble basic protections through heavy configuration or compensating controls later.

Adjacent term AI Security

Open term
021

Software supply chain security is the practice of reducing risk across the components, dependencies, build processes, tools, repositories, and delivery paths involved in creating, packaging, and distributing software.

Adjacent term SBOM

Open term
022

Platform acronym

SSPM

SaaS Security Posture Management

SSPM stands for SaaS security posture management. It refers to the practices or platforms used to identify, evaluate, and reduce security risk across SaaS applications by examining configuration, permissions, exposure, integrations, and related control weaknesses.

Adjacent term DSPM

Open term
023

Market category

Workload Identity

Workload identity is the identity used by a workload such as an application, container, service, or compute instance to authenticate and access other resources. It gives that workload a controlled way to prove who it is and what it is allowed to do.

024

Platform acronym

XDR

Extended Detection and Response

XDR stands for extended detection and response. It refers to a detection-and-response platform approach that brings together signals from multiple security layers to improve investigation, alert prioritization, and response workflows.

025

Operating principle

Zero Trust

Zero trust is a cybersecurity approach that assumes no user, device, workload, or network flow should be trusted implicitly. Access decisions are made through explicit verification, context-aware policy, and continuous evaluation rather than broad default trust.

Adjacent term Least Privilege

Open term