Glossary.

Software systems built on large language models that plan multi-step tasks, call external tools, and act on a goal without per-step human prompts. Distinguished from a single-shot AI assistant by aut…

An LLM-driven program that plans, decides, and executes tool calls toward a stated goal. Differs from an AI assistant (single-turn helper) by carrying state across steps and acting on the world via t…

An appended-only, dated revision history attached to every Holding claim whose status moves to Partial or Not holding. Entries explain what changed and why. Original claim text remains visible.

The European Union's AI regulation, in force since 1 August 2024. Tiered risk classification (unacceptable, high, limited, minimal) with the strictest obligations on high-risk systems. Provisions pha…

GAUGE is an annual scored benchmark of the top enterprise agent-mode deployments across six governance dimensions, weighted to a 0–100 index. First publication: Q4 2026.

A single declarative sentence the publication has asserted, registered with an immutable ID (AM-NNN or OPS-NNN), a publish date, a current verdict, a next-review date, and an appended-only correction…

The publication's discipline of tracking every primary claim it asserts on a 30–90 day review rhythm. Each claim is marked Holding, Partial, or Not holding. Status changes; claim text never changes.

Prompt injection delivered via content the LLM retrieves rather than via the user's direct prompt — a poisoned web page, email, document, or tool response that the agent ingests and treats as instruc…

An open protocol Anthropic published in late 2024 that standardises how LLM applications connect to data sources and tools. MCP servers expose resources and tools; MCP clients (such as agent runtimes…

A leading indicator for enterprise agent-mode safety, adapted from SRE MTTD to cover cross-agent delegation and emergent behaviour. Targets: < 4h for high-risk agents at large enterprises, < 24h at m…

The U.S. National Institute of Standards and Technology's voluntary AI risk-management framework, published January 2023. Organises AI risk under four functions: Govern, Map, Measure, Manage.

Any identity in an enterprise system that is not a human user — service accounts, API keys, OAuth tokens, machine certificates, and now agent-bound credentials. Outnumber human identities at typical…

An attack where adversary-controlled text is interpreted by an LLM as instructions, overriding the developer's intent. Catalogued as LLM01 in OWASP's Top 10 for LLM Applications. The leading exploit…

An LLM application pattern that grounds generation in retrieved documents fetched at query time. Originally introduced by Lewis et al. (Facebook AI) 2020. Now the default architecture for enterprise…

The publication's three-state vocabulary for every Holding claim: Holding (still supported by evidence), Partial (one substantive part revised, correction logged), Not holding (claim falsified or ove…

The public index at /holding/ that lists every claim the publication has made, with current verdict, last review, and next-review countdown. Filters by segment (Reporting / Operators) and status.

The persistent fixed-position chip on every page that surfaces the count of claims reviewed in the past seven days. Click-through opens the Ledger. Hidden on /holding/* itself.