Technical Glossary

Plain‑English definitions for the acronyms and concepts we use across the site, kept tight and buyer‑friendly.

Cryptography & Compute Isolation

TEE (Trusted Execution Environment): Hardware-isolated enclave that runs code and holds keys out of reach from the OS and operators.
SGX / TDX / SEV / CCA: Intel SGX & TDX, AMD SEV, ARM CCA — vendor technologies that provide TEEs on different CPUs.
Remote Attestation: A cryptographic proof from a TEE that says 'this exact code ran on genuine hardware.'
ZK / Zero‑Knowledge Proofs: Math proofs that confirm something happened (or a rule was met) without revealing the inputs.
HE / FHE (Homomorphic Encryption): Perform computations directly on encrypted data; outputs decrypt to the correct result.
SMPC (Secure Multi‑Party Computation): Split a computation across parties so no single party sees all the data.
Merkle Proof / Transparency Log: A cryptographic receipt that an event is included in an append‑only log.
HSM (Hardware Security Module): Tamper‑resistant device that safeguards cryptographic keys.

PoP (Proof‑of‑Personhood): Verifies a unique human identity without exposing PII to stop Sybil/bot swarms.
WebAuthn / Passkeys: Phishing‑resistant login using device‑bound keys (FIDO2 standard).
UCAN / Delegation Tokens: Verifiable credentials that grant scoped, chained permissions across services.
RBAC / ABAC: Role‑ or Attribute‑based access control models for enforcing permissions.
mTLS (Mutual TLS): Both client and server authenticate with certificates before exchanging data.

EU AI Act (AIA): EU regulation setting risk tiers and duties for AI systems.
GDPR / CCPA: Data‑protection laws (EU/California) covering privacy, consent, and user rights.
SOC 2 / ISO 27001: Security assurance frameworks for controls (SOC 2) and ISMS certification (ISO 27001).
ODD (AI System Documentation): Operational & Technical dossier (e.g., AIA Art. 13) auto‑assembled from evidence.
RegPack Manager: Zaubern's rules engine that updates regulatory and policy packs quickly.
LDTE (Learn‑Do‑Test‑Explain): Controlled experimentation method producing statistically sound compliance evidence.

Evidence Bus: Tamper‑evident event stream; every action is signed, hashed, and linkable via Merkle proofs.
AEGIS Attribution: Root‑cause engine that localizes failures to the responsible step/agent fast.
Provenance: Full who‑did‑what‑when‑with‑what trail, replayable for audits and incident response.
TOCTOU (Time‑of‑Check/Time‑of‑Use): A gap where state can change between validation and execution; Zaubern seals this with signed gates.

Sentinel: Runtime policy probes and drift detection enforcing governed decision paths.
SAL (Service Authorization Level): Graduated permission tiers; agents are promoted/demoted by measured behavior.
Backdoor / Sleeper Agent: Hidden behaviors activated by triggers; Zaubern detects via activation/behavioral signals.
Collusion Guard: Detects coordinated multi‑agent manipulation using game‑theoretic signals.

LLM / SLM: LLM means Large Language Model. In Zaubern, SLM means Symbolic Logic Model: a deterministic authority artifact, not a smaller neural model. Canonical definition: /slm-symbolic-logic-model.
PEFT / LoRA: Parameter‑efficient fine‑tuning methods to adapt models at low cost.
LLM→SLM Offload: Keeping quality within ±2% of baseline while shifting work to cheaper SLMs.
DSPy: Framework for composing modular reasoning/prompt programs with verifiable structure.
GEPA: Genetic Evolutionary Prompt/Policy optimization to reduce tokens and improve accuracy.
Code2MCP: Converts repos into machine‑callable tools (MCP), slashing integration time.

N‑BEATS: Neural time‑series forecaster used for multivariate predictions.
GNN (Graph Neural Network): Learns from service/agent topology to reduce false positives.
PPR (Personalized PageRank): Graph‑based re‑scoring that propagates anomaly signals across neighbors.
p50 / p95: Latency or score percentiles (median / 95th percentile).
MTTR: Mean time to recovery/resolution.
PICP / CRPS: Coverage and probabilistic accuracy metrics for forecast intervals.
JS Divergence / φ_D: Drift/distance measures tracking behavior or distribution shifts.

Data‑Fortress: Residency‑locked processing; encryption keys bound to enclave geography.
DLP Canary: Harmless 'honeypot' token to detect unauthorized data movement.
Minimization: Process only what's necessary; proven via signed step‑level provenance.

IP‑Fortress: Vendor code never in plaintext to the customer; attested execution only.
Process‑Fortress: Every workflow step signed; rollback and tamper are detectable.
Tier A / B / C: Protection tiers—TEE (A), TEE+ZK (B), HE/SMPC (C)—selected per workload risk/perf.

DCAP: Intel attestation stack for SGX/TDX.
KMS (Key Management Service): Customer‑controlled keys; Zaubern never holds plaintext keys.
Key Binding: Cryptographically tying data/code access to a specific enclave & policy.

Citation surface

Version: Citation package v0.1

Last updated: 2026-04-07

Suggested citation:

Zaubern. "Zaubern Glossary" zaubern.ai. Citation package v0.1, 2026-04-07. https://zaubern.ai/glossary