Skip to Content
Glossary

Glossary

Key terms and concepts used across the Arrakis platform.

Agent Lifecycle

The progression of an autonomous agent through governance stages: discovery, classification, risk assessment, approval, runtime monitoring, and deprecation. Each stage has its own security controls and policy evaluations.

Allow-List

A curated set of tools, integrations, or endpoints explicitly permitted for an agent or group of agents. Anything not on the allow-list is blocked by default when the agent operates under a restrictive policy mode.

Capability Drift

The divergence between an agent’s declared capabilities and its observed runtime behavior. Capability drift can indicate prompt injection, configuration changes, or supply-chain compromise.

Circuit Breaker

An automated control that halts agent execution when predefined risk thresholds are exceeded. Circuit breakers can trigger on alert severity, anomalous behavior, or resource exhaustion, and will suspend the agent while notifying the configured response channel.

Credential Rotation

The process of replacing an agent’s authentication credentials on a defined schedule or in response to a security event. Can be automated or policy-enforced.

DLP Rule

A data loss prevention rule that inspects agent inputs and outputs for sensitive data patterns (PII, credentials, proprietary content). DLP rules can redact, block, or alert depending on the configured enforcement action.

Guardian Agent

A specialized monitoring agent operated by the Arrakis platform that observes other agents in real time. Guardian agents analyze trace data and inspect tool call payloads without modifying the monitored agent’s execution.

Identity Graph

A map of all non-human identities associated with autonomous agents, including service accounts, API keys, and platform credentials. It tracks relationships between agents and their credentials, enabling permission audits and blast-radius analysis.

Inline Gateway

A network-layer enforcement point that intercepts agent-to-tool traffic in real time, applying allow-list rules, DLP inspection, and rate limiting. See MCP Gateway Security for the MCP-specific implementation.

Kill-Switch

An emergency control that immediately terminates all execution for a specific agent, group of agents, or entire platform connector. Kill-switches bypass normal policy evaluation and take effect within seconds.

Posture Score

An organization-wide metric that aggregates the security state of all monitored agents into a single 0-100 health score. See Posture Score for details.

Risk Score

A numeric value from 0 to 100 assigned to each agent, representing its overall security risk computed across five security domains. See Risk Scoring.

Security Domain

One of five categories used to decompose agent risk: Identity & Access, Data Protection, Supply Chain & Config, Adversarial Resilience, and Behavioral Integrity. See Security Domains.

SOAR Playbook

A predefined automation workflow that runs in response to specific alert types or severity thresholds. SOAR playbooks can trigger containment actions, enrich alerts, notify stakeholders, or create tickets in connected platforms.

Threat Code

A unique identifier assigned to each threat pattern in the Arrakis Threat Taxonomy. Threat codes are referenced in policies, alerts, and compliance mappings.

Last updated on
OverviewCustomer Portal