ExtraHop named a leader in the Gartner® Magic Quadrant™ for Network Detection and Response

Search
  • Platformchevron right
  • Solutionschevron right
  • Modern NDRchevron right
  • Resourceschevron right
  • Companychevron right

The Enterprise AI Glossary

Core concepts for artificial intelligence and enterprise operations

Loading…

Agentic SOC

Agentic operations
Agentic operations are a framework where AI agents don’t just suggest actions, but execute multi-step operational tasks — such as updating firewall rules or isolating hosts — with varying degrees of autonomy.
 Agentic SOC
An agentic SOC is a security operations center architecture where autonomous agents handle the "L1/L2" workload, allowing human analysts to focus exclusively on high-level strategy and complex hunting.
AI analyst
An AI analyst is a specialized generative model or agent trained on security datasets to perform correlation, summarization, and hypothesis testing on behalf of a human user.
AI Search Assistant
The ExtraHop AI Search Assistant is a generative AI-powered search tool within the ExtraHop RevealX NDR platform that enables security analysts to use natural language queries to investigate threats, discover devices, and search network records. It accelerates threat hunts and reduces the skill gap for new analysts.
Automated Retrospective Detection
Automated Retrospective Detection is a feature within the ExtraHop RevealX platform that automatically analyzes historical network data for evidence of previously unknown threats as soon as new indicators of compromise (IoCs) emerge, allowing security teams to identify past compromises and minimize attacker dwell time.
Claude Mythos
Claude Mythos is an advanced frontier AI model developed by Anthropic that possesses expert-level autonomous capabilities for discovering, chaining, and exploiting high-severity software vulnerabilities at scale, leading to its restricted release under the Project Glasswing defensive initiative.
Defensible AI
Defensible AI is the ability to prove, after the fact, why an automated system did what it did. With defensible AI, automated decisions can be reconstructed, explained, and justified using evidence that a regulator, board, or court would accept.
Agentic context
Agentic context is the high-fidelity ground truth, encompassing real-time network traffic, identity behavior, and device, user, and application telemetry, that provides the deterministic foundation for AI agents to reason accurately, execute complex autonomous workflows, and achieve mission-critical outcomes with human-level precision.
Investigation agents
Investigation agents are purpose-built AI entities designed to follow an investigative lead, pivot through data sources across the enterprise, and autonomously reconstruct the full timeline and scope of a compromise.
Mean time to augment (MTTA)
Mean time to augment (MTTA) is a metric measuring how quickly AI delivers the comprehensive context and situational awareness a human analyst needs to move an investigation forward and make a confident decision.
Security agent
A security agent is a goal-oriented AI entity that helps enforce security controls, protect critical assets, and mitigate active risks.
Smart Investigations
ExtraHop's Smart Investigations are AI-driven, automated workflows that map an attack’s progression by correlating related detections and forensic evidence into a unified timeline, allowing analysts to move from an alert to its root cause in three clicks or fewer.
Smart Triage
Smart Triage is an AI-powered capability within the ExtraHop RevealX platform that automatically prioritizes and categorizes security alerts based on their risk level and blast radius, enabling analysts to instantly focus on the most critical threats while filtering out noise.
Threat hunting agents
A threat hunting agent is a proactive AI entity that continuously searches for subtle, stealthy attacker behaviors that traditional detection tools would miss.

Agent Basics

Agent-to-agent (A2A)
Agent-to-Agent is a protocol that facilitates the secure, machine-speed coordination and data exchange between multiple autonomous AI systems working toward a shared strategic objective (e.g., a detection agent instructing a firewall agent to block a malicious IP)
Agent Communication Protocol (ACP)
Agent Communication Protocol is a standardized set of rules and syntax that ensures different AI models can exchange structured data and commands reliably.
Context window
A context window is the maximum amount of data an AI model can hold in memory at one time.
Ephemeral workloads
Ephemeral workloads are temporary, short-lived computational tasks (like serverless functions or containers) that AI must track and secure before they disappear.
Model Context Protocol (MCP)
Model Context Protocol is an open industry standard that enables AI models to securely connect to external data sources, tools, and enterprise systems, like SIEMs or threat intel platforms, without requiring custom-coded integrations for every new connection.
Non-human identity (NHI)
A non-human identity is a unique digital persona assigned to an autonomous agent or service account that defines its permissions, tracks its actions, and governs its secure access to data and systems without human intervention.
OpenAPI specification (OAS)
An OpenAPI specification is a structured, machine-readable description of what an API can do and how to use it, enabling automated discovery and interaction with external tools and services.
Agent Network Protocol
An agent network protocol is the underlying transport layer (often built on top of HTTPS or gRPC) designed to route tasks and data across a distributed network of AI agents.
Agent-User Interaction Protocol
Agent-User Interaction Protocol is the ruleset governing how an AI requests clarification, permission, or feedback from a human user during an automated workflow.
Agora Protocol
The Agora Protocol is a decentralized framework that lets agents "auction" or trade tasks and information to coordinate work within a multi-agent marketplace.

Autonomous Workflows

Agentic workflow orchestration
Agentic workflow orchestration is the central logic that determines which AI agents to activate and in what sequence to solve a complex security objective.
Agentic workflows
Agentic workflows are iterative cycles where AI agents interpret a goal, analyze their own progress, and adjust their logic to solve complex tasks that a simple script cannot handle.
Autonomous workflows
Autonomous workflows are self-executing processes where AI agents move from detection to remediation by managing end-to-end tasks without manual intervention.
Human-in-the-loop (HITL)
Human-in-the-loop is a governance model requiring human validation before an AI agent executes high-risk actions that exceed established autonomy thresholds.
Orchestrator
An orchestrator is the central intelligence layer that translates complex business objectives into sub-tasks, delegates them to specialized agents, and synthesizes their individual outputs into a final result.

Agentic Governance

Agent control plane
An agent control plane is the centralized management layer used to monitor agent health, configure permissions, and authorize or terminate active agents across the enterprise.
Agentic policy validation
Agentic policy validation is the process of checking an agent’s proposed actions against corporate security policies (e.g., NIST or ISO) before they are executed.
Agentic risk scoring
Agentic risk scoring is a dynamic assessment of the potential liability posed by an agent based on its level of autonomy, data access, and behavioral history.
AI observability
AI observability is the real-time monitoring and analysis of network-layer activity to identify every AI service in use, detect shadow AI, and surface security risks like prompt injection or sensitive data leakage within agentic and LLM-based applications.
Automated Asset Discovery
ExtraHop's Automated Asset Discovery is a continuous, agentless process that identifies, profiles, and classifies every device, application, and service communicating on the network in real time to eliminate security blind spots and maintain a live inventory of the entire attack surface.

Agentic Threats

Agent hijacking
Agent hijacking is a technique in which a threat actor gains control of an authorized AI agent to use its permissions for malicious lateral movement or data exfiltration.
Agentic drift
Agentic drift is the phenomenon where an AI agent's behavior gradually deviates from its intended purpose or operational baseline over time due to changing data patterns or environmental feedback.
AI-generated threats
AI-generated threats are scalable, context-aware attacks — including hyper-personalized social engineering and self-evolving malware — engineered by generative models to bypass static defenses and overwhelm human response capacity.
Data poisoning
Data poisoning is a targeted attack in which a threat actor injects malicious or biased information into an AI's training set to corrupt its reasoning and introduce hidden vulnerabilities.
Hallucinations
Hallucinations are confident, but incorrect or nonsensical responses generated by a model that is not grounded in its training data or the provided factual context.
Indirect prompt injection
Indirect prompt injection is an exploit in which an attacker embeds hidden instructions in a webpage or document to subvert an AI agent’s reasoning and trigger unauthorized actions during data processing.
Memory poisoning
Memory poisoning is an attack that injects malicious data into an agent's persistent history, permanently corrupting its decision-making logic to favor an adversary's objectives in future actions.
Over-privileged access
Over-privileged access is when an AI agent has more network or data permissions than required, creating a massive risk if the agent is compromised or "hallucinates" a destructive command.
Polymorphic malware
Polymorphic malware is AI-adaptive malicious code that can continuously alter its structural signature and behavior to evade detection by traditional antivirus tools.
Prompt injection
Prompt injection is an attack in which carefully crafted text is used to trick an AI into bypassing its safety guardrails, potentially leading to unauthorized actions or data leakage.
Shadow agent
A shadow agent is an unauthorized or rogue AI agent deployed within a network without the formal authorization or oversight of the IT security team.
Shadow AI
Shadow AI is the use of unapproved third-party AI tools by employees, which can put corporate data, compliance, and intellectual property at risk.
ExtraHop grid image

AGENTIC SOC USE CASE

Building the Agentic SOC

ExtraHop transforms network telemetry—the most reliable source of truth—into structured, real-time context for machine reasoning.