Security & AI Glossary
Contact Us
Independent cybersecurity and AI research — free to browse, updated as the threat landscape moves, with no vendor sponsorship influencing the coverage.
Cybersecurity and AI Terms Explained in Plain Language
Cybersecurity and AI each carry a dense, overlapping vocabulary. EDR, SIEM, Zero Trust, ZTNA, CSPM, SSPM, LLM, RAG, OWASP — the acronyms multiply faster than most explainers can follow. This glossary covers the terms that appear most often across CyberSanso’s research, with plain-English definitions and direct links to deeper coverage on the relevant pages of this site.
Terms are grouped by topic rather than listed strictly alphabetically so related concepts appear together. A searchable index is available at the top of this page.
Core AI Terms
Artificial Intelligence (AI): The field of computer science focused on building systems that can perform tasks normally requiring human reasoning — understanding language, recognising images, making predictions from data. A broad field, not a single product.
Machine Learning (ML): A subset of AI where systems learn patterns from data rather than following explicit rules. Underlies most modern AI applications including generative AI.
Deep Learning: A subset of machine learning using multi-layered neural networks. Powers image recognition, speech transcription, language generation, and most AI capabilities that became publicly visible from 2020 onward.
Generative AI: AI systems trained to create new content — text, images, audio, or code — rather than only analysing or classifying existing data. Large language models are the text-focused branch of generative AI.
Large Language Model (LLM): An AI model trained on very large amounts of text data to understand and generate language. Powers conversational AI tools like ChatGPT, Claude, and Gemini. The large refers to billions to trillions of parameters learned during training.
AI Agent: An AI system that can plan, decide, and take real-world actions — calling APIs, executing code, browsing the web, modifying files — rather than just generating a text response. The shift from passive to active makes AI agents a distinct security category.
RAG (Retrieval-Augmented Generation): Architecture combining a language model with a retrieval system. When queried, the system retrieves relevant content from a knowledge base to ground the model’s answer in specific, current information rather than training data alone.
Prompt Injection: An attack on LLM applications where crafted input causes the model to follow unintended instructions. Ranked #1 in the OWASP Top 10 for LLM Applications in both 2023 and 2025.
- EDR: Endpoint Detection and Response — monitors endpoints, detects behavior-based threats, enables response including isolation
- SIEM: Security Information and Event Management — collects and correlates security events across the environment in real time
- Zero Trust: security model where every access request is verified explicitly, regardless of network location
- ZTNA: Zero Trust Network Access — per-application access grants verified continuously, replacing broad VPN access
- CSPM: Cloud Security Posture Management — monitors cloud infrastructure configurations for misconfigurations and compliance gaps
- SSPM: SaaS Security Posture Management — inventories and monitors OAuth apps and integrations across SaaS platforms
- OAuth: open authorisation protocol used by SaaS integrations; OAuth tokens are a primary attack target in SaaS supply chain breaches
- Zero Day: a vulnerability being actively exploited before the vendor has issued a patch
Core Cybersecurity Terms
EDR (Endpoint Detection and Response): Security software monitoring activity on endpoints (laptops, servers, mobile devices), detecting threats based on behavioral patterns rather than only known signatures, and enabling response — including isolating a compromised device from the network. Goes further than traditional antivirus by catching threats without prior signatures.
SIEM (Security Information and Event Management): A platform collecting, correlating, and analysing security event data across an organisation’s IT environment in real time, enabling threat detection, incident investigation, and compliance reporting.
Zero Trust: A security model based on the principle that no user, device, or network segment is trusted by default. Every access request must be authenticated and authorised regardless of whether it originates inside or outside the traditional network perimeter.
ZTNA (Zero Trust Network Access): The implementation of Zero Trust for network access: users and devices are granted access only to the specific applications they need, verified continuously rather than once at login, replacing broad VPN access.
CSPM (Cloud Security Posture Management): A tool category monitoring cloud environments (AWS, Azure, Google Cloud) for configuration errors, policy violations, and compliance gaps — identifying misconfigurations before attackers exploit them.
SSPM (SaaS Security Posture Management): Continuous inventory and monitoring of every OAuth application and integration connected to an organisation’s SaaS platforms — addressing the gap between what is connected and what is actively monitored. Directly relevant to the SaaS supply chain breaches documented on the Breach Timeline page.
Zero Day: A software vulnerability being actively exploited by attackers before the vendor is aware and before a patch exists. The term reflects that the vendor has had zero days to issue a fix.
Threat Intelligence: Information about current threat actors — their techniques, infrastructure, and indicators of compromise — used to improve detection, attribution, and defensive prioritisation.
Traditional antivirus detects malware by matching files against a database of known bad signatures. EDR monitors behavioral patterns on endpoints — what processes run, what network connections are made, what files are accessed — and can detect threats with no prior signature. EDR also provides response capabilities: device isolation, forensic data collection, and rollback of malicious changes. Most modern endpoint security combines both approaches.
Zero Trust is a security model or philosophy: never trust any user, device, or network segment by default; verify every access request explicitly. ZTNA (Zero Trust Network Access) is a specific product category implementing Zero Trust principles for network access control — replacing VPNs with per-application access grants verified continuously. Zero Trust is the concept; ZTNA is one of the categories that implements it.
CSPM (Cloud Security Posture Management) focuses on cloud infrastructure: AWS, Azure, Google Cloud configuration settings, IAM policies, exposed storage buckets. SSPM (SaaS Security Posture Management) focuses on the SaaS application layer: which OAuth apps are connected, what permissions they hold, which users authorised them, and whether any integrations are behaving anomalously. Both are posture management tools addressing different layers of the cloud stack.
In practice it means subscribing to feeds of current indicators of compromise (IOCs), reading reports on active threat actor groups, and using that information to tune detections and prioritise patching. It ranges from raw technical feeds of IP addresses, file hashes, and domain names used by active threat actors, to strategic intelligence about which industries specific groups are currently targeting. CyberSanso's Research Hub tracks threat intelligence context alongside the Breach Timeline.
CVE stands for Common Vulnerabilities and Exposures. A CVE is a unique identifier assigned to a publicly disclosed software vulnerability — for example, CVE-2021-44228 identifies the Log4Shell vulnerability. CVE IDs are managed by MITRE Corporation and sponsored by CISA. The National Vulnerability Database (NVD) at nvd.nist.gov is the primary public reference for CVE details, severity scores (CVSS), and patch information.