AI Governance Glossary: 40+ Terms Defined

Why a Glossary Matters

AI governance is an emerging discipline. The vocabulary is not yet standardized. Different vendors use different terms for the same concepts, or worse, the same terms for different concepts. This ambiguity makes it harder for teams to evaluate solutions, harder for engineers to implement governance, and harder for compliance teams to map controls.

This glossary defines the terms as Intended uses them. Where our terminology aligns with industry standards, we note that. Where it differs, we explain why.

Core Concepts

**Intent.** A structured representation of what an AI agent wants to do. An intent includes the action type, the target resource, the agent identity, and contextual metadata. Intents are the fundamental unit of governance in Intended. Every governance decision starts with an intent.

**Authority Token.** A cryptographic token issued by the Authority Engine when an intent is approved. The token is signed, timestamped, and includes a nonce for replay protection. An agent must present a valid authority token to execute an authorized action. The token is proof of authorization.

**Authority Engine.** The core governance runtime that evaluates intents against policies and issues authority tokens. The Authority Engine performs intent classification, policy evaluation, risk scoring, and token issuance.

**Domain Pack.** A curated package of policies, risk models, and compliance mappings for a specific operational domain. Domain packs provide out-of-the-box governance for common use cases without requiring customers to write policies from scratch. Intended ships 14 domain packs.

**Intended Intent Reference (MIR).** The taxonomy that classifies all AI agent actions into domains, categories, and action types. MIR contains 14 domains and over 300 specific intent types. It is the classification standard that makes cross-system governance possible.

**Risk Score.** A numeric value (0-100) that quantifies the risk of a specific intent based on eight contextual dimensions. Risk scores drive graduated governance responses: allow, allow with conditions, escalate, or deny.

**Evidence Bundle.** A collection of audit artifacts for a specific governance decision. An evidence bundle includes the original intent, the classification result, the policy evaluation, the risk score, the authority token, and the execution outcome. Evidence bundles are the unit of compliance evidence.

Policy Concepts

**Policy.** A rule that defines governance behavior for a category of intents. Policies specify conditions under which intents are allowed, denied, escalated, or allowed with conditions. Policies are evaluated by the Authority Engine during intent processing.

**Policy Pack.** A collection of related policies bundled together. Policy packs are typically organized by domain, compliance framework, or use case. Domain packs include default policy packs.

**Policy Evaluation.** The process of matching an intent against applicable policies and determining the governance outcome. Policy evaluation considers the intent's domain, category, action type, resource, agent identity, and contextual metadata.

**Fail-Closed.** A governance mode where the default behavior, when no policy matches or when the governance system encounters an error, is to deny the action. Fail-closed prioritizes safety over availability. It is the recommended default for production environments.

**Fail-Open.** A governance mode where the default behavior, when no policy matches or when the governance system encounters an error, is to allow the action. Fail-open prioritizes availability over safety. It is appropriate only for non-critical environments or during controlled migration periods.

**Escalation.** The routing of a governance decision to a human reviewer when the automated evaluation cannot determine the appropriate outcome with sufficient confidence. Escalations occur when risk scores fall in the ambiguous range or when policies explicitly require human approval.

**Escalation Policy.** A policy that defines how escalations are routed, who reviews them, what the timeout is, and what happens if the timeout expires. Escalation policies are distinct from governance policies.

Technical Concepts

**Intent Compiler.** The subsystem that transforms raw agent requests (natural language or structured) into classified intent objects. The compiler performs extraction, classification, and enrichment.

**Connector.** An integration component that connects Intended to an external system (GitHub, Jira, Salesforce, AWS, etc.). Connectors receive events from external systems, normalize them into the unified intent format, and deliver them to the Authority Engine.

**Normalizer.** The component within a connector that transforms system-specific event formats into the unified intent format. Each connector has its own normalizer.

**Connector SDK.** The development kit for building custom connectors. The SDK provides the ingestion infrastructure, and the developer implements the system-specific normalization logic.

**Hash-Chained Audit Ledger.** The tamper-evident audit store where every governance decision is recorded. Each record includes the SHA-256 hash of the previous record, creating a chain that detects tampering if any record is modified.

**Chain Verification.** The process of validating the integrity of the hash-chained audit ledger by recomputing hashes and comparing them to stored values. Chain verification is performed by an open-source tool that operates independently of Intended's infrastructure.

**Nonce.** A cryptographically random value included in every authority token. The nonce prevents token replay by ensuring each token is unique. After a token is verified, its nonce is marked as consumed and cannot be reused.

**TTL (Time-to-Live).** The maximum validity period of an authority token. After the TTL expires, the token is invalid regardless of whether it has been used. Default TTL is 300 seconds.

Risk Scoring Concepts

**Scope of Impact.** A risk dimension measuring how many systems, users, or resources are affected by an action. Broader scope means higher risk.

**Reversibility.** A risk dimension measuring whether an action can be undone. Irreversible actions score higher.

**Data Sensitivity.** A risk dimension measuring the sensitivity of data accessed or modified by an action. PII, financial data, and credentials score higher than operational data.

**Environment Classification.** A risk dimension based on the target environment. Production scores higher than staging, which scores higher than development.

**Velocity.** A risk dimension measuring the rate at which an agent is performing actions. Abnormally high velocity indicates potential malfunction or compromise.

**Agent Trust Level.** A persistent attribute of each agent representing its established trustworthiness based on historical behavior. Higher trust results in lower risk scores.

Architecture Concepts

**Ingestion Perimeter.** The first security boundary where agent requests enter the governance system. The ingestion perimeter handles authentication, format validation, and rate limiting.

**Evaluation Perimeter.** The second security boundary where governance decisions are made. The evaluation perimeter performs intent classification, policy evaluation, and risk scoring.

**Execution Perimeter.** The third security boundary where authority tokens are verified and actions are enforced. The execution perimeter ensures that only authorized actions are executed.

**Audit Perimeter.** The fourth security boundary where every governance event is recorded in the tamper-evident ledger. The audit perimeter ensures accountability and compliance evidence.

**Stateless Evaluation.** The architectural property that each Authority Engine instance processes requests independently without maintaining session state. Stateless evaluation enables horizontal scaling.

Deployment Concepts

**Managed Cloud.** A deployment model where Intended runs in Intended's cloud infrastructure, either multi-tenant or single-tenant.

**Hybrid Deployment.** A deployment model where Intended runs in the customer's cloud account (VPC), managed by Intended.

**Air-Gapped Deployment.** A deployment model where Intended runs on the customer's on-premise infrastructure with no outbound network connectivity.

**Domain Lim.** The domain-level intelligence module that applies domain-specific rules and signals during intent evaluation. Each domain pack includes a corresponding domain lim configuration.

Compliance Concepts

**SOC 2 Type II.** An audit standard that evaluates whether an organization's controls operated effectively over a sustained period. Intended maintains a current SOC 2 Type II report.

**Trust Service Criteria.** The five categories evaluated in a SOC 2 audit: Security, Availability, Processing Integrity, Confidentiality, and Privacy.

**Controls Mapping.** A document that links specific compliance controls (SOC 2, ISO 27001, etc.) to Intended capabilities and evidence artifacts.

**Audit Period.** The time range covered by a compliance audit. For SOC 2 Type II, the audit period is typically six to twelve months.

**Evidence Export.** The process of extracting compliance evidence from Intended in auditor-ready formats (JSON, PDF, CSV).

Agent Concepts

**Agent Identity.** The unique identifier and associated metadata for an AI agent registered in Intended. Agent identity includes the agent's name, team, authorized domains, and trust level.

**Agent Enrollment.** The process of registering an AI agent with Intended and establishing its identity, authorized scopes, and initial trust level.

**Behavioral Baseline.** The statistical profile of an agent's normal behavior, derived from historical actions. Deviations from the baseline are used in risk scoring and anomaly detection.

**Multi-Agent Governance.** The governance of systems where multiple AI agents collaborate on workflows. Multi-agent governance requires coordination of authority tokens across agents and tracking of delegated authority.

This glossary is a living document. As AI governance evolves and new concepts emerge, we will update it. If you encounter a term that is not defined here, let us know and we will add it.