Security Glossary

The ability to provision and support computing infrastructure using code instead of manual processes and settings.

Verification that software has not been altered or tampered with.

An independent, objective assurance and consulting activity designed to add value and improve an organization's operations.

Metrics used to provide an early signal of increasing risk exposures in various areas of an enterprise.

Practices and tools used to deploy, manage, and maintain large language models (LLMs) efficiently and effectively.

Advanced AI systems, such as OpenAI's GPT-4, that generate human-like text by processing and understanding vast datasets, enabling applications from automated customer service to content creation.

Ensuring that software components comply with licensing agreements and open-source licenses.

A knowledge base that catalogs the tactics, techniques, and case studies of adversarial attacks on machine learning (ML) and artificial intelligence (AI) systems to help organizations understand and mitigate these threats.

Knowledge base of adversary tactics and techniques based on real-world observations, used as a foundation for developing threat models and methodologies in the cybersecurity community.

The practice of deploying, managing, and monitoring machine learning models in production to ensure they operate efficiently and effectively.

The process of integrating a machine learning model into a production environment where it can make predictions on new data and deliver business value.

Testing technique used to identify vulnerabilities and weaknesses in machine learning models by inputting random, unexpected, or malformed data to observe how the model responds.

Continuously tracking the performance, accuracy, and behavior of deployed machine learning models to ensure they operate correctly and efficiently over time.

The process of analyzing machine learning models for vulnerabilities, biases, and compliance with security and ethical standards to ensure they are safe and reliable for deployment.

The process of deploying machine learning models into production environments where they can process real-time data and generate predictions or insights.

Protecting the integrity and security of machine learning models throughout their development, deployment, and operational lifecycle to prevent tampering, unauthorized access, and vulnerabilities.

An agency of the US Department of Commerce whose mission is to promote American innovation and industrial competitiveness

U.S. government repository of standards-based vulnerability management data represented using the Security Content Automation Protocol (SCAP).

List of the most critical security risks associated with large language models (LLMs), providing guidance for identifying, understanding, and mitigating these vulnerabilities to enhance the security and integrity of AI systems.