The boards are asking. The regulators are next. Most teams are still using the same words to mean different things. Here's what we did about it.
A 2026 GitGuardian survey found 84% of organizations lack effective non-human identity governance. A separate Gravitee report found 75.6% of organizations can't see how their AI agents communicate with each other. Both numbers are bad. The deeper problem is worse: the people responsible for fixing this aren't using the same vocabulary. CISOs, board members, engineering leaders, and legal teams say "agent governance" and mean different things. Conversations stall. Policy gets written on shaky ground. Procurement teams sign contracts they can't enforce because nobody agreed on what the words meant.
We released the AI Agent Governance Glossary today at verifiedagents.ai/glossary. Fifty terms. Plain language. Each entry dated, with examples, disambiguation, and cross-links. Free. Citable. Permanent.
Read the full 50-term version: The AI Agent Governance Glossary: All 50 Terms Defined. Each term includes a one-line definition, longer explanation, examples where relevant, and a disambiguation note.
Key takeaways:
The new AI Agent Governance Glossary at verifiedagents.ai/glossary defines 50 terms shaping AI agent security, identity, and governance in 2026.
Each entry includes a one-line definition for fast scanning, a longer 50 to 80 word definition with named entities, one concrete example, a "often confused with" line for disambiguation, and cross-links to related terms.
The glossary is dated and updates quarterly. The first quarterly refresh lands the first Monday of July 2026.
Vocabulary problems aren't cosmetic. A 2026 industry survey found 71% of CISOs say agents have access to core systems but only 16% govern that access effectively. Most of the 55-point gap is a definition gap before it's a control gap.
Use the glossary by linking to specific term anchors. The URL verifiedagents.ai/glossary#prompt-injection links to the prompt injection entry directly.
What problem does an AI agent governance glossary solve?
It fixes the conversation. AI agent governance is roughly 18 months old as a recognized discipline. The vocabulary isn't settled. CISOs use "service account" when they mean "non-human identity." Engineering leaders say "guardrail" when they mean "output validation." Boards hear "agent" and don't know whether that's a workflow automation or a fully autonomous system. Every one of those gaps slows policy by weeks. Multiplied across an enterprise, the slowdown is what keeps governance behind the threat curve.
A glossary fixes this when it's plain-language, dated, citable, and linked. Vague glossaries (the kind written by committee, full of buzzwords) make the problem worse. The version we're publishing today errs on the side of one example, one disambiguation, and one date per entry. If you can't tell the term apart from a related one after reading the definition, the entry isn't doing its job.
What's actually in the glossary?
Five categories. Core agent concepts. Governance framework. Identity. Threats. Defense and operations. Plus standards and references. Fifty terms total. Each one stands alone. Each one links to two or three related entries so the picture connects.
The core agent concepts cover the foundational vocabulary: AI agent, agentic AI, multi-agent system, orchestrator agent, worker agent, agent framework, tool use, skill, memory state, reasoning trace. If you can't define those, you can't govern what runs on them.
The governance framework section maps to the Agentic Trust Framework: identity, behavioral monitoring, capability boundaries, audit trail, recovery. Plus the operational vocabulary: named human owner, agent inventory, kill switch, behavioral baseline, four-field agent log, re-verification, containment playbook.
The identity section covers non-human identity (NHI), task-level least privilege, workload identity, agent-to-agent authentication, and just-in-time credentials. This is the vocabulary boards have started asking about because GitGuardian's report put it on every regulator's reading list.
The threats section is where the vocabulary fight is loudest right now. Prompt injection. Direct, indirect, multi-step, jailbreak chaining, persistence injection. Privilege escalation specific to agents. Agent-to-agent trust inheritance. Cloud metadata abuse. Credential leakage through outputs. Latent compromise. Supply chain compromise via skills. Each entry tells you how to spot it and what it's not.
The defense and operations section covers output validation, sandboxed and isolated workspaces, guardrail models, output-task mismatch, scope expansion, agent dwell time, forensic replay, re-baselining, and the autonomy ladder.
Which terms are most likely to surface in your next board conversation?
Five. Named human owner. Non-human identity. Prompt injection. Task-level least privilege. Output-task mismatch. If you can define those five in plain language, your next board conversation goes faster.
Named human owner. Every AI agent needs one accountable person. Not a team. Not a queue. The owner is the most important sensor in the detection stack because they're the only one who knows what the agent should be doing.
Non-human identity. Any account, token, key, or credential that authenticates a system instead of a person. NHIs outnumber human identities 10 to 50 times in cloud-native enterprises. As of April 2026, 84% of organizations lack effective NHI governance.
Prompt injection. An attack where hidden instructions in content the AI agent reads cause the agent to act on the attacker's behalf. The attack surface is reasoning, not code. OWASP lists this as the #1 risk in its Top 10 for Agentic Applications.
Task-level least privilege. Granting an AI agent only the permissions required for the specific task currently running, with privileges that expire when the task ends. This is the single most effective control against prompt-driven privilege escalation.
Output-task mismatch. When an AI agent's output doesn't match the work it was assigned, regardless of whether the output looks plausible. The 11-day refund agent at a mid-size company in 2025 was an output-task mismatch that ran undetected because nobody compared what theagent was doing to what it was supposed to be doing.
How was this glossary built differently from the others?
Four design choices. Per-term anchor URLs. Per-term dates. One concrete example per term. One disambiguation line per term. Most existing glossaries miss two or more of those. The result is content that gets cited disproportionately by AI search tools and human readers alike.
Per-term anchor URLs mean every entry has its own stable link. You can write verifiedagents.ai/glossary#prompt-injection in any document, and the link goes straight to the entry. Other content can deep-link without breaking when the page reorders.
Per-term dates mean every entry has its own "Updated" field. The full glossary is dated, but each definition is dated separately. AI search tools weight freshness per piece of extracted content. A glossary refreshed selectively (some entries every quarter, others stable for a year) signals authority better than a single page-level date.
One concrete example per term prevents the glossary from drifting into abstraction. If a term doesn't have a clear example, the definition is probably too vague to be useful.
One disambiguation line per term addresses the actual problem. Most vocabulary fights aren't about the definitions of words people don't know. They're about confusion between words people think they know. Output validation vs input sanitization. Persistence injection vs backdoor. Workload identity vs service principal. The disambiguation line is the part most readers actually need.
Frequently asked questions
Why publish a glossary instead of more blog posts?
Glossaries get cited disproportionately by both human readers and AI tools because they're stable, structured, and self-contained. A blog post earns one citation when it's published. A glossary earns citations every time someone wants to define a term, for as long as the page stays live. The math favors the glossary on any time horizon longer than 90 days.
Will this glossary stay current?
Yes. Quarterly updates land the first Monday of January, April, July, and October. Each entry carries its own "Updated" date so readers can see at a glance which terms changed. A changelog at the bottom of the page tracks new additions.
Can I cite this in my own work?
Yes. Use the per-term anchor URL for direct citations. For academic or industry publications, the recommended citation is: Woodruff, J. (2026). AI Agent Governance Glossary. MassiveScale.AI. Retrieved [date] from https://verifiedagents.ai/glossary.
What if a term I need is missing?
Email josh@massivescale.ai with the term, a one-line description, and a link to where you encountered it in the wild. The next quarterly update will include any term that has clear industry usage.
Where does this fit alongside OWASP and NIST?
The OWASP Top 10 for Agentic Applications is a risk list. The NIST AI RMF is a risk management framework. Neither one is a vocabulary reference. This glossary fills the vocabulary gap that sits underneath both. Use OWASP to scope your threat model. Use NIST to structure your risk management. Use this glossary so your team is reading both with the same definitions in mind.
The bottom line
AI agent governance is moving faster than the vocabulary that supports it. Every week the gap widens makes board conversations less productive, contracts less enforceable, and incident response slower. A plain-language glossary, dated and citable, is one of the highest-leverage pieces of content any team in this space can publish or use. The new glossary at verifiedagents.ai/glossary is free, permanent, and built specifically for the conversations security and engineering leaders need to have in 2026.
If your team has been using "agent governance" to mean different things, this is the page that fixes the conversation.
Which two or three terms in your last AI governance conversation were used to mean different things by different people, and what did that miscommunication cost you?
Want to see where your organization stands? The free Agentic Trust Framework assessment at [verifiedagents.ai] takes ten minutes. For a deeper read, check out Agentic AI + Zero Trust: A Guide for Business Leaders and the Agentic Trust Framework. For a plain-language primer on the terms in this glossary, see AI Agent Security Explained for Business Leaders.