Key Identity for AI Terminology

A reactive agent that responds to direct commands from a user to perform specific tasks based on explicit prompts. Digital assistants can be thought of as front-line workers managed by an organization that lie mainly or completely within the organization’s trust boundary. They can be both customer-facing and deployed for the workforce:

A managed agent that’s more autonomous than a digital assistant and designed to perform structured, repetitive tasks to automate business processes and workflows. These agents lie completely within the organization’s trust boundary. Examples of this type of our agent solves tasks autonomously for our organization digital worker include a finance assistant, Salesforce Agentforce, and Lindy.ai.

A proactive and autonomous agent that acts on behalf of a user to achieve the user’s goals. This type of agent is highly personalized and acts as a proxy for the user on the user’s device. Personal agents aren’t managed by your organization and lie outside of your organization’s trust boundary. Examples of this type of your agent works for you personal agent include agents that book travel, help with investments or shopping, and large language models (LLMs) such as ChatGPT, Claude, and Google Gemini.

A JSON metadata document used in the agent2agent (A2A) protocol that describes an AI agent’s purpose, skills, endpoint URL, and authentication requirements for discovery and collaboration.

The simulation or replication of human-like intelligence by machines, especially computer systems, to perform tasks such as learning, reasoning, problem-solving, and decision-making.

An agent that interacts directly with graphical user interfaces (GUIs) and command-line interfaces (CLIs), such as web browsers, buttons, menus, and text fields, by emulating human actions. Learn more in Computer-Using Agents (CUAs).

A security vulnerability where a malicious attacker manipulates the input context or prompts provided to an AI agent, subtly altering the agent’s behavior and leading to unintended outputs.

The field of AI that focuses on making AI decisions and outputs understandable to humans, addressing the black box problem of complex models.

AI systems that can create new content, such as text, images, audio, or video, based on learned patterns from existing data. Examples include LLMs, such as ChatGPT, Claude, or Google Gemini, and image generation models.

A type of deep learning AI model designed to understand and generate human-like text by processing vast amounts of textual data. LLMs, such as OpenAI’s GPT series, are capable of performing various natural language processing tasks, including translation, summarization, and question answering.

A subset of AI focused on algorithms and statistical models that enable computers to learn from data and make predictions or decisions without explicit programming for specific tasks.

AI agents that are developed, provisioned, centrally controlled, and governed by an organization, ensuring alignment with established security policies and compliance standards.

A branch of AI that focuses on the interaction between computers and human (natural) languages, enabling machines to understand, interpret, and generate human language in a meaningful and useful way.

An AI technique that combines LLMs with external knowledge sources, such as databases or documents. This enhances the model’s ability to generate accurate and contextually relevant responses by retrieving pertinent information during the generation process.

The unique identity of an AI agent that acts autonomously and makes decisions. Agentic identity encompasses the agent’s permissions, delegated authority, behavioral patterns, credentials, and roles in an identity and access management (IAM) framework.

The application of AI and ML techniques to enhance IAM processes such as user authentication, fraud detection, and access control.

An authorization model that grants or denies access to resources based on a combination of attributes associated with users, AI agents, resources, and current environmental conditions (context).

The process of a human user securely authorizing a specific AI agent to access digital services or interact with other agents on the human’s behalf, with verifiable permissions and scope.

A security model in which employees or customers bring their own AI agents into an organization’s environment. BYOAs aren’t centrally managed or governed by the organization and might not adhere to the organization’s policies and standards.

An OAuth 2.0-based authentication protocol that allows an AI agent to get human approval for a sensitive action. CIBA allows the AI agent to initiate an authentication request to an identity provider (IdP) without direct, real-time user interaction, enabling human-in-the-loop (HITL) for critical tasks.

A model that enables an AI agent to act on behalf of a user without using their personal credentials, allowing the agent to serve as a secure and limited proxy for the user.

An OAuth 2.0 protocol enabling AI agents to programmatically register themselves as OAuth 2.0 clients with an identity provider (IdP) or authorization server (AS) at runtime to obtain unique credentials and define initial scopes and permissions.

A security and governance approach that requires human intervention and approval for critical actions performed by AI agents, ensuring oversight and accountability when full automation isn’t feasible.

A comprehensive solution for securely managing, governing, and auditing the identities and access of AI systems, including autonomous agents, within an organization’s digital ecosystem. Learn more in What Is Identity for AI?.

The process of managing an AI’s identity from creation to retirement to automate the provisioning, authentication, authorization, and deprovisioning of AI identities.

A fundamental security principle that restricts an entity’s (human or AI agent) access rights and permissions to the minimum necessary to perform its legitimate functions, reducing the risk of unauthorized access or actions.

A security protocol that ensures both the client (AI agent) and server authenticate each other using digital certificates during communication, providing a higher level of trust and security.

Any digital identity assigned to an automated system, application, or device rather than a human user to manage and secure the access of non-human entities to digital resources.

An OAuth 2.0 extension that allows an AI agent to securely send authorization requests directly to the authorization server (AS) instead of through a user agent such as a web browser. This separates the authorization request from the final authorization URL and is useful for AI agents that operate without direct human interaction.

An extension to OAuth 2.0 that enables AI agents to include rich, detailed information about their intended actions in authorization requests, such as specific permissions, constraints, and context, allowing for more granular and dynamic access control decisions.

A conceptual line that separates an organization’s digital assets into different levels of trust and security. Assets inside the boundary, such as employees, digital workers, and authorized applications, are managed and controlled by the organization’s policies and operate with a higher baseline of implicit trust. Untrusted assets outside the boundary, such as external customers or personal agents, aren’t managed by the organization and require additional authorization and verification.

An open-source standard for how AI systems, particularly LLMs, securely and dynamically interact with external tools and data sources. MCP defines an MCP server as a standardized interface that exposes a specific tool, API, or data source to an AI agent. The MCP server acts as a smart adapter or universal connector for AI. Learn more in What is Model Context Protocol (MCP)? and Securing MCP servers.

An open-source protocol that enables secure and standardized communication between AI agents. A2A facilitates interoperability, allowing agents to share information, authenticate each other, delegate tasks, and coordinate actions while maintaining security and trust. Learn more in What is Agent2Agent Protocol (A2A)?.