Security technique that regulates who or what can view or use resources in a computing environment.

An attack where a threat actor gains unauthorised access to a legitimate user account to operate with insider-level privileges.

A unified, time-sequenced stream of user and data events for investigation and forensic timelines.

Information about threat actors' tactics, techniques, and procedures used to inform defensive priorities.

The framework of policies, controls, and oversight applied to autonomous AI agents.

Treating AI agents as first-class identity principals with their own permissions and audit trails.

AI systems capable of autonomous action, including planning tasks, calling tools, and making decisions without continuous human oversight.

A multi-step process where AI agents coordinate tool calls and data access to accomplish complex tasks.

Organisational policy defining approved AI tools, permitted use cases, and required controls for AI interaction.

A software entity powered by an AI model that performs tasks by chaining tool calls and reasoning over results.

A security control point mediating interactions between users or applications and AI services.

The framework of policies, controls, and oversight governing how AI systems are deployed, monitored, and used.

Reduced analyst effectiveness caused by excessive volumes of low-quality alerts from security systems.

A DLP policy decision that permits a data movement event to proceed, typically logged for audit purposes.

Irreversible removal of identifying information so individuals cannot be re-identified, even by the data controller.

Programmatic interfaces that enable DLP solutions to connect with and monitor third-party applications and services.

Forensic data produced to a standard sufficient for regulatory audits, legal proceedings, or formal investigations.

Automatic execution of corrective actions in response to detected policy violations.

An AI agent that operates with minimal human supervision, making decisions across enterprise systems.

A learned profile of normal activity patterns used as the reference point for detecting anomalous behaviour.

A DLP enforcement action that prevents a data movement event from completing.

A DLP capability allowing users to override a block by providing a justification, captured as audit evidence.

DLP controls applied within the browser session to monitor uploads, downloads, copy/paste, and AI prompt submissions.

A plugin for standard browsers that adds security capabilities such as DLP or AI governance.

Workflow capabilities for organising investigations, tracking evidence, and producing audit-grade output.

A documented, auditable trail of who handled data, when, and what actions were performed.

Recording of clipboard content as forensic evidence for copy/paste-based data exfiltration investigations.

A remediation workflow that detects a violation, takes corrective action, and verifies the resolution.

A security control point enforcing policies on user interactions with cloud applications.

DLP controls applied to data stored in or moving through cloud services via API or inline proxies.

Solutions that assess and remediate misconfigurations and compliance violations in cloud infrastructure.

An integrated platform combining CSPM, CWPP, DSPM, and other cloud security capabilities.

DLP solutions designed specifically for cloud environments and SaaS applications.

A legitimate user whose account or credentials have been taken over by an external attacker.

An integration linking a DLP platform to a specific data source or enforcement point.

The breadth of channels, data types, and applications a DLP solution can monitor and enforce policy on.

Acquisition of legitimate user credentials through phishing, malware, or social engineering.

Unified data security providing consistent protection across different operating systems and platforms.

An architectural model where forensic evidence is stored in customer-controlled infrastructure.

Sensitive data stored in databases, file systems, or backups, the primary focus of DSPM and data discovery.

Categorising data based on sensitivity, regulatory requirements, or business value to inform protection decisions.

An architectural model separating DLP intelligence (truth and context) from distributed enforcement execution.

Systematically identifying and cataloguing sensitive data across an organisation's systems.

The unauthorised transfer of sensitive data from within an organisation to an external destination.

Sensitive data being actively transmitted across networks or between applications.

Sensitive data actively being processed, edited, or interacted with by users or applications.

Continuous tracking of data from origin through every transformation, copy, and egress for provenance and forensics.

A security strategy and set of technologies to detect, monitor, and protect sensitive information from unauthorised exposure.

Cloud-delivered DLP capabilities without on-premises infrastructure.

The principle that organisations should collect and retain only the minimum data necessary for a specified purpose.

Contextual metadata captured at the moment data moves, including source, destination, user, and channel.

Identification of the source account, system, or application from which data originated.

The historical record of where data originated and how it has been transformed or shared.

Requirements that data be stored or processed within specific geographic boundaries.

Advanced analysis and reporting that provides insights into data-related risks and compliance status.

Solutions that discover, classify, and assess the security posture of sensitive data across cloud and SaaS environments.

The principle that data is subject to the laws of the country in which it is collected or stored.

Security response action that isolates compromised or high-risk devices from network access while preserving evidence.

Policy enforcement applied at multiple control points across the data path rather than a single chokepoint.

Creating a unique cryptographic signature of a document to identify exact or partial reuse after format changes.

DLP controls applied to outbound email to detect and prevent transmission of sensitive data.

Security technology monitoring endpoints for malicious activity with forensic investigation and automated response.

DLP controls at the user device level, monitoring local applications, removable media, clipboard, and file transfers.

Security software on endpoints preventing malware and exploits through signature, behavioural, and ML detection.

The execution component of a data control plane applying policy decisions in real time at distributed control points.

A managed web browser with built-in security controls for SaaS access, DLP, and policy enforcement.

The EU's regulatory framework for AI, classifying AI by risk level and imposing requirements on high-risk systems.

High-precision classification matching content against exact values to detect specific sensitive data with very low false positives.

An evolution of EDR integrating telemetry from endpoints, networks, cloud, and identity into a unified platform.

A DLP detection that incorrectly identifies legitimate activity as a policy violation.

Forensic preservation of the actual file content involved in a DLP detection, stored separately for investigators.

Records, artefacts, and contextual information collected during or after a security event for investigation.

The EU's General Data Protection Regulation, the primary framework governing personal data processing in the EU and EEA.

The GDPR provision requiring data protection by design and by default in data processing systems.

Collection of prompt content submitted to generative AI tools as forensic evidence for investigations.

Specialized security measures designed to protect sensitive data when using generative AI tools.

AI systems that produce new content (text, images, code, audio) based on patterns learned from training data.

Structured approach to handling and managing data security incidents and policy violations.

Classification technique matching content against fingerprints of known sensitive documents to detect derivatives.

A prompt injection attack delivered through content an AI agent processes rather than direct user input.

Real-time inspection and policy enforcement of data as it transits through a proxy, firewall, or browser session.

A security discipline combining behavioural analytics, data monitoring, case management, and investigation workflows.

A security risk from individuals with authorised access, including negligent users, malicious insiders, and compromised accounts.

An alternative term for insider risk management focused on user activity monitoring and forensic investigation.

An emerging discipline detecting whether AI agent actions align with organisational policy intent.

A multi-level approval process required before analysts can access identifiable data during investigations.

A time-sequenced reconstruction of user activity and data movement events for insider risk investigations.

The first international management system standard specifically for artificial intelligence governance.

User education delivered at the moment of a policy violation to modify behaviour without analyst workload.

Recording of user-provided reasons for actions that triggered DLP policies, supporting investigations.

Basic detection method identifying sensitive content based on predefined keywords and phrases.

A generative AI type trained on large text corpora to produce human-like language output.

DLP controls at the user action layer where data leakage actually occurs, complementing upstream controls.

An attacker's progression through an organisation's systems after initial compromise.

Automated removal of sharing permissions on files, particularly external sharing links, as a remediation action.

Data classification using large language models to understand semantic meaning and context of content.

Advanced AI technique improving detection accuracy through automated learning from data patterns.

An individual with authorised access who deliberately exfiltrates data or harms the organisation.

A security control point between AI agents and MCP servers, inspecting tool calls and enforcing access policies.

A service implementing the Model Context Protocol to expose tools and data sources to AI agents.

An attack introducing malicious data into an agent's persistent memory to alter its behaviour.

Microsoft's classification and labelling framework applying persistent sensitivity labels across Microsoft 365.

Microsoft's unified data governance and compliance platform for DLP, IRM, Information Protection, and eDiscovery.

A standardised framework cataloguing tactics, techniques, and procedures observed in insider threat incidents.

An open standard for how AI systems access external tools, data sources, and services through a uniform interface.

An architecture where multiple AI agents collaborate and coordinate to achieve goals beyond any single agent.

Cloud infrastructure securely serving multiple organisations from a single software instance.

An employee or contractor causing a security incident through carelessness without malicious intent.

DLP controls at the network perimeter inspecting traffic for sensitive data exfiltration.

A US NIST framework providing voluntary guidance on managing risks associated with AI systems.

Technology extracting text from images and scanned documents to enable content inspection by DLP engines.

Asynchronous detection and remediation of policy violations after data movement, typically via API integration.

Removing or masking sensitive information from AI-generated responses before delivery to users.

OWASP's framework for the most critical security threats specific to autonomous AI agents.

OWASP's catalogue of the most critical security risks for large language model applications.

Credit card and payment data subject to PCI-DSS compliance requirements.

Data that can identify a specific individual, a primary regulatory focus for DLP and privacy programmes.

Core component evaluating content against defined rules and determining enforcement actions.

The proliferation of DLP rules and policies leading to inconsistency, redundancy, and operational complexity.

Immediate visibility into data flows and user activity from agent deployment, before any DLP policies are configured.

An architectural principle requiring privacy protections to be embedded into systems from the outset.

An agentic AI threat where an agent inherits or exploits user permissions for unauthorised operations.

An attack technique increasing access levels within a system, from standard user to administrative privileges.

An attack embedding malicious instructions into AI inputs to manipulate behaviour or bypass safeguards.

Real-time analysis of content submitted to AI services to detect sensitive data or malicious instructions.

Health-related data covered by regulations such as HIPAA, including medical records and health data linked to individuals.

A privacy-enhancing technique replacing identifying information with artificial identifiers, reversible by authorised parties.

A remediation action moving a file to a restricted location pending review, preventing further sharing.

Role-Based Access Control applied to pseudonymisation, where only elevated-privilege investigators see real identities.

Pattern matching language used to define complex search criteria for sensitive data detection.

A dynamic numeric or categorical rating assigned to a user, entity, or activity based on multiple risk signals.

Targeted security training based on individual user risk profiles and behaviour patterns.

DLP enforcement applied through SaaS platform APIs, enabling out-of-band detection and remediation.

Solutions monitoring and managing security configuration and posture of SaaS applications.

Isolated environment for safely analyzing suspicious files and content without risk to production systems.

A forensic artefact consisting of a screenshot at the moment of a policy violation for investigation context.

An architectural model combining SD-WAN networking with SSE security into a single cloud-delivered service.

Data lineage technology tracking sensitive data from origin through manipulations and egress points.

An integrated security architecture where multiple products share telemetry, intelligence, and policy context.

A platform collecting, correlating, and analysing security events to detect threats and support investigations.

A platform automating security operations workflows, integrating tools and orchestrating response actions.

A cloud-delivered security category combining SWG, CASB, and ZTNA into a unified platform.

Classification interpreting the meaning and context of data rather than matching specific patterns or keywords.

A persistent classification tag indicating data sensitivity level that travels with the data through sharing.

Unauthorised or undisclosed use of AI tools by employees, creating data exposure and compliance risk.

Unauthorised use of generative AI tools like ChatGPT, Gemini, and Claude outside organisational governance.

A pejorative term for security operations characterised by bulk-closing low-context alerts rather than active investigation.

The elapsed time between deploying a DLP solution and producing the first actionable risk signal.

Data protection replacing sensitive data with non-sensitive placeholder tokens.

The mechanism by which an AI agent invokes external functions, APIs, or services to perform actions.

An agentic AI threat where an agent is manipulated into using legitimate tools for malicious purposes.

An attack maliciously modifying an MCP tool's description or behaviour to deceive an agent.

A machine learning model trained on examples of sensitive data to identify similar content based on patterns.

A DLP detection that correctly identifies an actual policy violation or risk event.

The intelligence component of a data control plane establishing what data is sensitive and how it is used.

The ongoing process of adjusting DLP policies and detection thresholds to balance accuracy against false positives.

Comprehensive tracking and analysis of user interactions with data and systems.

Analytics establishing behavioural baselines for users and entities, detecting anomalous deviations indicating risk.

A real-time notification prompting users to reconsider an action or justify a violation, preserving user agency.

A DLP enforcement action displaying a notification about a potential violation but allowing the action to proceed.

Technique embedding identifying information into documents for tracking and attribution purposes.

A mechanism for real-time event notifications between systems via HTTP callbacks.

Employee representative bodies with legal rights to be consulted on workplace monitoring and DLP deployment.

Security model assuming no implicit trust, continuously verifying every transaction.

A security model granting access based on continuous verification of identity, device posture, and context.