The agent-security lexicon.

The layer in the path of every agent action that decides, enforces, and records what each agent can do.

Tracing every agent action back through the agent identity to the accountable human who owns it.

The total damage an agent could do if it's compromised, prompt-injected, or simply wrong.

Your business rules, enforced before an agent's action runs — caps, allowlists, approval thresholds, freeze blocks.

One action that instantly revokes an agent's access across every tool and capability.

Grant an agent the minimum capabilities its job requires, and nothing more — starting from zero.

The immutable, attributable record of every agent action — allowed and denied — recorded in the path as it happens.

An open standard for how agents discover and call tools — powerful, and easy to over-grant without governance.

The 'brain' that decides whether an agent action is allowed — evaluating the request against the agent's scope and guard rules and returning allow, deny, or needs-approval.

The component, in the path of every action, that enforces the policy decision — letting an action through, blocking it, or sending it for approval.

Govern agents by job function — bundle capabilities into roles and assign them, instead of per-agent keys.

Least privilege for agents: the deliberate set of capabilities an agent is granted — and everything else is invisible.

The system your security team uses to collect, correlate, and alert on logs — including your agent audit trail.