AI Agent Sandboxing
The use of isolated runtimes, scoped filesystems, network controls, tool permissions, credential boundaries, logging, and review gates to limit agent blast radius.
Definitions and maps for the AI transition: models, benchmarks, labs, people, infrastructure, safety debates, governance tools, social harms, and the patterns that repeat when machines become decision environments.
Use these lanes when a single search term is too narrow and the top-level categories are too coarse.
The use of isolated runtimes, scoped filesystems, network controls, tool permissions, credential boundaries, logging, and review gates to limit agent blast radius.
The CNCF feature-flagging standard for portable runtime flags, useful for staged AI rollouts, rollback switches, agent tool gates, and reviewable change control.
The shared OpenTelemetry vocabulary for tracing generative-AI model calls, agents, tools, retrieval, token use, events, and privacy-sensitive telemetry.
The vendor-neutral telemetry pipeline that receives, processes, filters, redacts, and exports traces, metrics, and logs for AI systems and agent workflows.
The Collector Contrib language for transforming, filtering, routing, and sampling telemetry, useful for AI agent redaction rules, audit fields, and governance review.
The Collector Contrib processor for deleting or masking sensitive telemetry attributes before export, useful for AI agent privacy boundaries and audit evidence.
The Collector Contrib connector for routing traces, metrics, or logs into different pipelines, useful for AI agent audit stores, privacy boundaries, and regional controls.
The trace-retention method that waits for all or most spans before keeping or dropping a trace, useful for AI agent incidents, slow tool chains, and audit evidence.
OpenTelemetry-based semantic conventions and instrumentation for tracing AI application runs across LLM calls, agents, tools, retrieval, embeddings, guardrails, and evaluators.
The CNCF event-envelope specification for common event metadata, useful for routing, agent workflow events, audit trails, and incident reconstruction.
The HTTP trace-propagation standard that carries request correlation across services, tools, model gateways, retrieval systems, and agent audit paths.
The distributed-context format for propagating application-defined key-value properties across workflows, useful and risky for AI agent observability and privacy boundaries.
The OWASP GenAI security reference for agent-specific risks such as goal hijack, tool misuse, identity abuse, context poisoning, cascading failures, and rogue agents.
MITRE's adversarial threat landscape for AI systems, with tactics, techniques, mitigations, case studies, and agent-focused attack paths for AI security teams.
The OASIS Open Project for collaborative AI-security guidance, secure-by-design agent practices, workstreams, and open technical artifacts.
NVIDIA's open-source LLM vulnerability scanner for probing hallucination, data leakage, prompt injection, jailbreaks, and other model failure modes.
Microsoft's open-source Python Risk Identification Tool for generative AI red teaming, attack automation, scoring, memory, and evidence capture.
The open-source eval and red-team harness for testing prompts, models, RAG systems, agents, providers, assertions, and LLM application behavior.
The OWASP GenAI Security Project's 2025 security-risk list for large-language-model applications, from prompt injection and data leakage to vector weaknesses and unbounded consumption.
The OWASP AIVSS scoring framework for assessing AI security findings with CVSS v4.0 baselines and agentic risk-amplification factors.
The RFC 9116 well-known text file for publishing vulnerability disclosure contacts, policy links, expiration dates, and agent-readable reporting routes.
The public identifier system for disclosed cybersecurity vulnerabilities, giving AI stacks a shared key for advisories, scanners, SBOMs, VEX, EPSS, and patch records.
MITRE's community-developed taxonomy of software and hardware weakness types for root-cause mapping, secure development, scanner evidence, and agent repair review.
The OASIS SARIF standard for scanner output, code-security findings, AI coding-agent repair review, and auditable vulnerability evidence.
GitHub's semantic code-analysis language and toolchain for finding vulnerabilities, producing SARIF evidence, and reviewing AI-assisted code changes.
A rule-based static-analysis tool for source-code pattern matching, custom security guardrails, SARIF evidence, and AI-assisted code review.
Aqua Security's open source scanner for vulnerabilities, secrets, misconfigurations, SBOMs, containers, Kubernetes, and AI supply-chain review.
FIRST's open scoring framework for vulnerability severity, using CVSS v4.0 metric groups, scores, and vector strings for auditable triage.
CISA's catalog of vulnerabilities known to be exploited in the wild, used as a priority signal for remediation, exposure reduction, and AI-stack vulnerability triage.
A decision-tree method for turning vulnerability evidence into stakeholder-specific actions such as Track, Attend, or Act across AI and software supply chains.
The OpenSSF vulnerability format and OSV.dev database for matching open source advisories to exact packages, versions, commits, manifests, SBOMs, and agent-built artifacts.
The ECMA-424 full-stack bill of materials standard for software, services, hardware, ML-BOM, VEX, attestations, and AI supply-chain evidence.
The Linux Foundation bill-of-materials and software supply-chain standard, including SPDX 3 profiles for software, security, licensing, datasets, builds, and AI systems.
Anchore's open source SBOM generator for inventorying packages in container images, filesystems, archives, SPDX, CycloneDX, and AI supply-chain review.
Anchore's open source vulnerability scanner for matching container images, filesystems, SBOMs, PURLs, and CPEs against known vulnerability data.
FIRST's EPSS model for estimating CVE exploitation likelihood and pairing probability, percentile, severity, exposure, and asset context in vulnerability triage.
Machine-readable vulnerability-status assertions that help connect SBOM and AI-SBOM inventories to product-specific exploitability and remediation decisions.
The OASIS and ISO/IEC machine-readable security-advisory standard for product, vulnerability, impact, remediation, VEX, and AI supply-chain evidence.
The IETF transparency-service architecture for registering signed supply-chain statements, issuing receipts, and auditing artifact evidence.
Verifiable build attestations for tracking software artifacts back to source, builder, inputs, and verification expectations across AI supply chains.
A minimal signed envelope for payload type, payload bytes, and signatures in in-toto, Sigstore, and AI artifact attestation workflows.
Registry-stored signatures, SBOMs, attestations, scan results, and other evidence linked to exact container, model, and tool digests.
The CNCF project and Notation tooling for signing and verifying OCI artifacts with trust stores, trust policies, and AI supply-chain release gates.
A Kubernetes-focused artifact verification engine for admitting signed, attested, or policy-compliant OCI artifacts into AI and software supply chains.
A Kubernetes admission-control project for enforcing Rego-backed constraints on model services, agent tooling, and software supply-chain deployment paths.
A Kubernetes-native policy engine for validating, mutating, generating, reporting on, and verifying cloud-native resources in governed AI deployment paths.
An embeddable expression language for Kubernetes validation, mutation, authorization conditions, and inspectable AI infrastructure policy.
Kubernetes' built-in CEL admission-policy feature for declarative validation checks on agent, model-serving, and tool-infrastructure resources.
Kubernetes' Privileged, Baseline, and Restricted pod-hardening profiles for reducing runtime privilege in agent and model infrastructure.
Kubernetes' built-in admission controller for enforcing, auditing, and warning on Pod Security Standards in AI workload namespaces.
Kubernetes' syscall-filtering securityContext control for RuntimeDefault and Localhost profiles in agent and model workload sandboxes.
Kubernetes' mandatory access-control securityContext profile for constraining file, capability, and resource access in AI workload sandboxes.
Kubernetes' securityContext label control for SELinux policy boundaries, volume relabeling, and AI workload sandbox governance.
Kubernetes SIGs' operator for recording, binding, synchronizing, and observing seccomp, AppArmor, and SELinux profiles in AI workload clusters.
Kubernetes' pod traffic allowlist API for constraining ingress and egress paths around agent, model-serving, and tool infrastructure.
Kubernetes' namespace budget object for constraining aggregate compute, storage, and object consumption in agent and model infrastructure.
Kubernetes' namespace policy for per-object resource defaults, minimums, maximums, request-limit ratios, and AI workload sizing governance.
Kubernetes' scheduling-priority object for ordering, preemption, and interruption policy across agent and model workloads.
Kubernetes' runtime-selection object for routing pods to CRI handlers, node pools, and overhead accounting in agent sandboxes.
Kubernetes' voluntary-disruption budget for preserving replicated agent and model service availability during maintenance.
Kubernetes' metric-driven replica scaler for model endpoints, agent workers, queues, and other elastic AI services.
Karpenter's node lifecycle provisioning for matching unschedulable agent, model-serving, and AI batch workloads to cloud capacity.
Kubernetes SIGs' pod-eviction controller for correcting placement drift, scheduler-policy violations, and AI workload disruption risk.
Kubernetes' node-group autoscaler for turning unschedulable agent, model, and batch pods into governed cloud capacity.
Kubernetes' CPU and memory request recommender for right-sizing model, agent, and batch workloads from observed use.
Kubernetes' resource metrics pipeline component for feeding HPA, VPA, kubectl top, and AI workload scaling evidence.
Kubernetes' object-state metrics exporter for turning API object status into observability and AI workload governance evidence.
Kubernetes Event-driven Autoscaling for turning queues, streams, and external event pressure into governed AI workload capacity.
Kubernetes' Prometheus-backed custom metrics bridge for HPA decisions about model, queue, and agent workload pressure.
Kubernetes' declarative cluster lifecycle API for provisioning and governing repeatable AI compute cluster fleets.
Kubernetes' scheduler placement rules for distributing model and agent pods across nodes, zones, and other failure domains.
Kubernetes' node-repulsion and pod-toleration mechanism for reserving GPU, sandbox, and dedicated agent node pools.
Kubernetes' label-based pod placement mechanism for steering AI workloads toward required or preferred node pools.
Kubernetes' node-level extension point for exposing GPUs, NICs, FPGAs, and other specialized AI hardware as schedulable resources.
Kubernetes' ResourceClaim-based framework for allocating accelerators and other attached devices to AI workloads.
Kueue's Kubernetes-native queueing and quota layer for batch, HPC, and AI/ML jobs competing for scarce compute.
JobSet's Kubernetes-native API for coordinating groups of Jobs used in distributed AI, ML, and HPC workloads.
Volcano's Kubernetes-native batch scheduler for gang scheduling, queues, PodGroups, and AI/HPC workload placement.
Kubeflow's Kubernetes-native toolkit for AI platforms, pipelines, notebooks, training, AutoML, model metadata, and lifecycle governance.
KServe's Kubernetes-native inference platform for predictive and generative AI model endpoints, runtimes, rollout controls, and serving governance.
Envoy AI Gateway's Envoy Gateway-based routing layer for GenAI traffic, provider backends, credentials, request policy, and gateway audit evidence.
KubeRay's Kubernetes operator and CRDs for running Ray clusters, jobs, and services for distributed AI workloads.
Ray's distributed Python runtime and AI libraries for scalable data, training, serving, simulation, and agent workloads.
Dask's Python task graphs, collections, and distributed scheduler for scalable AI data and analytics workloads.
Gateway API's role-oriented Kubernetes service-networking model for routing AI and agent traffic through Gateways, Routes, and explicit namespace trust.
Kubernetes' pod identity tokens for API authentication, short-lived TokenRequest credentials, and AI workload access governance.
Kubernetes' API-server audit record for requests, stages, policy levels, backends, and AI infrastructure incident reconstruction.
Kubernetes' dynamic admission-control callbacks for mutating or validating model, agent, and tool-infrastructure API requests.
Kubernetes' validating image-admission controller for backend policy decisions, digest governance, and AI workload artifact gates.
Kubernetes' CSI-based secret mount path for external stores, scoped credentials, optional Secret sync, and AI workload access governance.
Kubernetes' API-server flow-control layer for classifying, queuing, and limiting agent and model-infrastructure API requests under load.
Kubernetes' coordination objects for node heartbeats, leader election, API-server identity, and governed AI controller replicas.
Kubernetes' deletion-time cleanup mechanism for controllers, garbage collection, external resources, and AI infrastructure lifecycle evidence.
Kubernetes' best-effort cluster state reports for scheduling, kubelet, controller, and workload symptoms in AI infrastructure incidents.
Kubernetes' live debugging containers for existing Pods, useful for incident response around agent, model, and sandbox workloads.
Kubernetes' UID and GID remapping feature for reducing host-level authority in agent and model sandbox workloads.
Kubernetes' OCI image and artifact volume source for mounting read-only model, tool, and policy payloads into Pods.
Kubernetes' CEL-based admission mutation policy for defaulting and reshaping governed agent and model workload resources.
Kubernetes' least-privilege kubelet HTTPS API authorization model for node logs, metrics, health, config, and AI workload evidence.
Kubernetes' structured API server authentication file for JWT issuers, CEL claim mapping, anonymous endpoints, and AI cluster identity evidence.
Kubernetes' structured API server authorization file for ordered authorizers, multiple webhooks, CEL filters, and AI access governance.
Kubernetes' validating admission plugin for limiting kubelet writes, protecting node labels, and governing AI workload placement trust.
Kubernetes' stable X.509 certificate request API for named signers, approvals, kubelet identity, and AI cluster credential governance.
Kubernetes' cluster-scoped X.509 trust-anchor bundle for signer trust distribution, projected volumes, and AI workload trust governance.
Kubernetes' pod-scoped X.509 request API for projected certificate volumes, kubelet refresh, and AI workload identity governance.
Kubernetes' mutable CSI volume-attribute class for PVC storage tuning, ModifyVolume changes, and AI storage governance.
Kubernetes' dynamic PersistentVolume provisioning profile for storage defaults, reclaim policy, topology, and AI data governance.
Kubernetes' namespaced persistent-storage request object for volume binding, access modes, StorageClass selection, expansion, and AI data governance.
Kubernetes' cluster storage resource for durable backing volumes, claim binding, reclaim policy, node affinity, and AI data governance.
GUAC's software supply-chain knowledge graph for connecting SBOMs, provenance, vulnerability data, package metadata, and missing evidence across AI stacks.
Automated open-source repository security checks for dependency review, agent-tool intake, and AI supply-chain governance.
Keyless software signing, transparency logs, and artifact-integrity evidence for AI models, containers, tools, and agent supply chains.
Sigstore's append-only transparency log for signed artifact metadata, useful for AI model, container, tool, and agent supply-chain evidence.
The public TLS certificate logging ecosystem for making Web PKI issuance visible, monitorable, and accountable to browsers, sites, and agent traffic.
Verifiable public-key directories for detecting inconsistent identity-to-key bindings in messaging, wallets, bots, and agent identity systems.
Cryptographic functions that produce pseudorandom outputs with public proofs, useful for private directory indexes, key transparency, and agent identity evidence.
Two-party privacy primitives behind VOPRF tokens, password-hardening protocols, and agent access checks where the server should not learn the private input.
A secure-update specification for repository metadata, freshness, rollback resistance, and trusted agent or model artifact delivery.
Signed software supply-chain layouts, link metadata, and attestations for verifying how AI artifacts, tools, and releases were produced.
Canonical package identifiers for SBOMs, dependency graphs, vulnerability matching, and AI supply-chain governance.
The manipulation of an AI agent's active context, memory, retrieved evidence, or thread history so later answers or actions follow a poisoned local record.
The problem of making AI systems pursue intended goals, values, and constraints without harmful side effects, reward hacking, or deceptive compliance.
The problem of aligning, supervising, and validating AI systems that may become more capable than the humans trying to oversee them.
The alignment problem of extracting what an AI system internally knows about the world when its outputs, sensors, or incentives may be untrusted.
OpenAI's mass-market AI assistant and platform layer for chat, writing, coding, memory, search-like answers, tools, and agentic action.
Anthropic's AI assistant, model family, and product platform for chat, coding, agents, computer use, enterprise workflows, and safety-oriented frontier AI.
Google's multimodal frontier model family and assistant platform across Search, Android, Workspace, Cloud, developer tools, and agentic products.
Benchmarks, red teaming, dangerous-capability tests, autonomy evals, and post-deployment monitoring used to judge AI claims and risks.
NIST's test, evaluation, validation, and verification frame for turning AI safety, capability, and deployment claims into inspectable evidence records.
NIST's scenario-based Assessing Risks and Impacts of AI program for evaluating model behavior, red-team failures, and field-test impacts.
NIST's challenge-style program for evaluating generative AI systems, detectors, prompts, and synthetic-content authenticity across modalities.
The evaluation-integrity problem where an AI system recognizes test, audit, or monitoring conditions and changes behavior.
The UK AI Security Institute and Meridian Labs framework for building frontier AI evaluations with tasks, solvers, scorers, tools, logs, model APIs, and sandboxes.
The crowdsourced AI model evaluation platform that ranks systems through anonymous pairwise human preference votes and public leaderboards.
The use of language models to evaluate, score, compare, rank, or critique other model outputs in automated AI evaluation pipelines.
Stanford CRFM's Holistic Evaluation of Language Models framework for transparent, standardized, multi-metric evaluation of foundation models.
The Abstraction and Reasoning Corpus benchmark family for testing abstraction, few-shot reasoning, skill-acquisition efficiency, and interactive agentic generalization.
The Massive Multitask Language Understanding benchmark, a 57-subject test suite that became a central public scoreboard for large language models.
The Graduate-Level Google-Proof Q&A benchmark for expert-written biology, physics, and chemistry questions that test hard scientific reasoning beyond simple web search.
The expert-level multimodal benchmark for testing frontier AI systems on hard closed-ended academic questions across many fields of human knowledge.
The assistant benchmark for real-world questions requiring reasoning, multimodal handling, browsing, and tool use rather than isolated exam recall.
AIME, MATH, FrontierMath, and related mathematical reasoning tests used to evaluate frontier AI systems on precise multi-step problem solving.
The large-scale image database and benchmark ecosystem that helped make computer vision, deep learning, and public AI progress measurable.
The software-engineering benchmark family that evaluates whether AI systems can resolve real GitHub issues by editing code in existing repositories.
The tool-agent-user benchmark for testing whether conversational agents can follow domain policies, use APIs, and reach the right database state.
The Android emulator benchmark for testing whether autonomous agents can operate mobile apps through state-checked UI tasks.
The mobile-agent benchmark for testing app use, user interaction, and MCP-augmented tool use across Android workflows.
The benchmark testbed for comparing GUI, API, and hybrid computer-use agents across white-box desktop applications.
The real-computer benchmark for testing multimodal agents on open-ended operating-system tasks across desktop applications and websites.
The self-hostable benchmark environment for testing autonomous web agents on realistic browser tasks and functional task completion.
The ServiceNow-based benchmark for testing whether web agents can perform common enterprise knowledge-work tasks.
The shared browser environment and experiment ecosystem for evaluating web agents across benchmark tasks.
OpenAI's code-generation benchmark for testing whether language models can synthesize short Python functions from docstrings and pass executable unit tests.
Methods for estimating future AI capabilities, timelines, bottlenecks, and discontinuities from compute trends, benchmarks, expert judgment, and scenarios.
AI systems that accelerate the research, engineering, evaluation, and infrastructure work used to build more capable AI systems.
The governance, evaluation, and safeguard field concerned with AI systems that can accelerate useful biology while also lowering barriers to biological misuse.
Company-side policies that set risk categories, capability thresholds, evaluations, safeguards, and release gates for advanced AI systems.
The machine-learning paradigm where agents learn through action, feedback, reward, exploration, and delayed consequences.
Google DeepMind's Go-playing AI system and public breakthrough for neural-network-guided search, self-play, reinforcement learning, and machine-discovered strategy.
Google DeepMind's general self-play reinforcement-learning and search system for mastering chess, shogi, and Go from rules alone.
Google DeepMind's model-based reinforcement-learning system that plans with a learned model instead of being given the rules of its environment.
The preference-training method that helped turn base language models into assistant-like systems, while creating new risks around sycophancy and reward proxies.
The RL-free preference-training method that aligns models from chosen/rejected examples without a separately trained reward model or PPO loop.
The DeepSeek-originated reinforcement-learning method that compares groups of sampled answers to train reasoning behavior without a separate value model.
The post-training paradigm that uses automatically checkable outcomes, rather than human preference reward models, to train reasoning behavior.
The large-scale training stage that gives modern AI systems broad representations, latent capabilities, and reusable base-model behavior.
The supervised, preference, reinforcement, safety, reasoning, and adaptation stages that turn pretrained models into useful deployed AI systems.
The parameter-efficient fine-tuning method that adapts large models through small trainable low-rank adapter weights while leaving the base model mostly frozen.
The alignment method that trains AI systems against explicit principles through critique, revision, and reinforcement learning from AI feedback.
Model-driven systems that pursue goals through tools, state, plans, and delegated action, moving AI from answers into operations.
The open-source agentic API server, formerly Llama Stack, for provider routing, server-side agent loops, tools, files, vector stores, and MCP integrations.
The decentralized social-web protocol for signed public repositories, portable DIDs, PDS hosting, relays, AppViews, Lexicon schemas, and agent-era platform governance.
The W3C decentralized social-networking protocol for ActivityStreams actors, inboxes, outboxes, federation, moderation, bots, and agent-era social automation.
The IETF discovery protocol for resolving account-style resource identifiers into JSON Resource Descriptor links, profiles, and service metadata without turning discovery into authorization.
The RFC 9421 method for signing selected HTTP message components so agent, bot, API, and proxy traffic can carry verifiable request evidence without turning signatures into authorization.
Cryptographic HTTP message signatures for verifying automated bot and agent traffic while keeping identity separate from authorization, consent, and trust.
The IETF anonymous-token architecture for privacy-preserving web admission, CAPTCHA relief, anti-abuse signals, and agent-era access decisions without stable cross-site identity.
The Privacy Pass work-in-progress approach for letting anonymous clients make a fixed number of unlinkable presentations for bounded anti-abuse and agent-admission decisions.
Cloudflare's browser-supported proposal for privacy-preserving web access signals, built on Privacy Pass ideas so sites can distinguish legitimate traffic without making every visitor identify themselves.
A browser API and protocol for binding web-session continuity to a device-held key, reducing remote replay of stolen cookies without solving agent delegation by itself.
The signed-bundle browser app model for higher-trust web runtimes, useful for reviewing agent-facing tools that ask for powerful capabilities.
The web platform policy layer for controlling which browser features and APIs are available to a document or embedded frames, useful for agentic browser boundaries.
The WICG framework for configurable document behavior, required nested policies, and report-only browser policy testing.
The HTML and CSP isolation mechanism for restricting embedded documents and selectively restoring capabilities through tokens.
The ephemeral iframe credential and storage context used to ease COEP embedding while withholding ordinary cookies and storage.
The W3C browser infrastructure for querying permission state, tracking powerful-feature grants, and treating prompts as agentic action boundaries.
The W3C browser security API for forcing dangerous DOM and script injection sinks to accept typed values instead of raw strings.
The W3C web security mechanism for constraining which resources a page can fetch or execute and reporting policy violations.
The W3C browser framework for sending security, policy, deprecation, intervention, and crash reports to named reporting endpoints.
The NEL response-header mechanism for browser reports about failed and sampled successful network fetches for an origin.
The Fetch-standard browser mechanism that lets servers opt in to exposing selected cross-origin responses to scripts, with preflight and credential rules relevant to agentic browsers.
The browser header that controls whether opener and opened top-level documents share a browsing context group.
The browser header that controls whether a document may load cross-origin resources that have not explicitly opted in.
The response header that lets a resource opt into same-origin, same-site, or cross-origin no-cors loading rules.
The response header and browser state for requesting origin-keyed agent clusters and performance isolation.
The web-platform permission boundary for public sites that try to reach local network or loopback destinations through a user's browser.
The browser capability for web pages to read from and write to serial devices, with permission and policy boundaries relevant to agentic hardware control.
The browser capability for selected web pages to exchange HID reports with human interface devices, with permission and policy boundaries for agentic peripherals.
The browser capability for selected web pages to communicate with USB device services, with permission and policy boundaries for agentic hardware workflows.
The browser capability for selected web pages to connect to nearby Bluetooth GATT services, with permission and policy boundaries for agentic hardware workflows.
The browser capability for selected web pages to read and write nearby NFC tags using NDEF messages, with permission and tap-based boundaries for agentic workflows.
The browser capability for selected web pages to enumerate installed fonts and read font data, with permission and privacy boundaries for agentic design tools.
The browser capability for selected web apps to read and write user-chosen files or directories through handle-based permission boundaries.
The browser capability for selected web pages to read from and write to the system clipboard through asynchronous permission-mediated methods.
The browser capability for selected web pages to invoke native share targets with text, URLs, or files through user-activated handoff.
The installed-web-app receiving side of system sharing, where incoming text, links, and files enter browser agent workflows.
The browser API for speech recognition and speech synthesis, with governance boundaries for voice agents, accessibility, and transcript capture.
The browser capability for same-origin tabs and workers to coordinate named work through exclusive or shared lock requests.
The browser capability for same-origin tabs, frames, and workers to exchange named messages within storage-partition boundaries.
The event-driven browser worker layer for scoped fetch mediation, offline caches, lifecycle events, and background-capable agent workflows.
The JSON metadata layer for installed web app names, icons, scope, launch URLs, display modes, and agent-facing app identity.
The installed-web-app launch-routing API for choosing new or existing clients and carrying launch targets into agent-visible sessions.
The installed-web-app file-association API for routing operating-system file-open actions into browser agent workflows.
The URL-scheme handoff mechanism that lets websites and installed web apps open selected protocol links in browser agent workflows.
The service worker API for registering deferred network sync work that can run later when connectivity returns, with clear agent audit implications.
The browser API for displaying system-level notifications, handling notification permission, and routing click events back into service-worker workflows.
The browser API for setting quiet app-icon badges on installed web apps, with service-worker and agent attention-governance implications.
The browser API for subscribing service workers to Web Push messages, notification delivery, VAPID identity, and agent attention governance.
The browser capability for HTTPS pages to open HTTP/3-based sessions with reliable streams and unreliable datagrams.
The browser capability for peers to exchange arbitrary data over an RTCPeerConnection with ordered, unordered, reliable, or partially reliable delivery.
The browser API for requesting local camera and microphone streams through getUserMedia, constraints, tracks, and permission-mediated device access.
The browser API for turning MediaStream or media-element output into recorded blobs through MediaRecorder and dataavailable events.
The browser capability for selected web pages to capture a user-chosen screen, window, or tab as a media stream, with privacy boundaries for agents and remote support.
The browser capability for selected web pages to observe coarse user idle and screen-lock state, with permission boundaries for agents and workplace presence telemetry.
The browser capability for selected web pages to observe coarse CPU or thermal pressure states, with privacy boundaries for agents and adaptive workloads.
The browser capability for web pages and workers to use controlled GPU rendering and compute resources through adapters, devices, queues, and WGSL shaders.
The browser capability for web pages and workers to build and execute neural-network graphs through platform-backed machine-learning acceleration.
The W3C browser security mechanism for checking fetched scripts and styles against declared integrity metadata before use.
The W3C browser privacy mechanism for controlling how much referrer information a page sends on outgoing requests and navigations.
The browser-level opt-out preference signal for carrying do-not-sell-or-share requests across websites, consent tools, and agent browsing contexts.
The structured browser identity hints that replace passive user-agent string detail with requested headers and JavaScript access.
The HTML browser state that records trusted user interaction and gates sensitive APIs across payments, devices, clipboard, popups, and agent browsing.
The W3C browser security signals that expose request destination, mode, site relationship, and user activation context to servers.
The PrivacyCG browser API for granting embedded third-party contexts controlled access to unpartitioned storage such as cookies.
The asynchronous JavaScript cookie API for windows and service workers, including structured cookie methods and change events.
The browser privacy boundary that separates third-party client-side state by top-level site, limiting cross-site tracking and changing what agentic browsers can rely on.
The WICG browser storage proposal for named storage buckets with durability, expiration, quota, and deletion controls for app and agent memory.
Browser defenses against redirect-based tracking that briefly makes an intermediary site first party so it can create or refresh cross-site identity state.
The HTTP response header that asks a browser to clear selected local state such as cache, cookies, storage, and active execution contexts.
The browser API for declaring likely future navigations so pages can be prefetched or prerendered before a user or agent activates them.
The browser API for carrying coarse trust evidence across contexts without exposing a stable identity or restoring linkable third-party cookie state.
The browser privacy API for measuring ad conversions with sources, triggers, event-level reports, and aggregated summaries instead of third-party tracking cookies.
Safari and WebKit's browser-mediated design for measuring click-through ad conversions with limited data, delay, and no ordinary cross-site identifiers.
The Privacy Sandbox mechanism for turning cross-site worklet data into encrypted aggregatable reports and noisy summary outputs.
The Privacy Sandbox service layer for processing encrypted aggregatable reports into summary reports through trusted execution environments and coordinators.
The IETF privacy-preserving measurement protocol for collecting aggregate statistics through split-trust aggregators rather than a single raw telemetry server.
The IETF Standards Track protocol for forwarding encrypted HTTP messages through relay and gateway roles so content and client network identity are separated.
The experimental RFC 9230 protocol for separating DNS query contents from client IP addresses through encrypted DoH proxy and target roles.
The RFC 8484 Standards Track protocol for carrying DNS query-response pairs inside HTTPS exchanges, shifting resolver metadata and governance boundaries.
The RFC 7858 Standards Track protocol for carrying DNS traffic over TLS on port 853, with RFC 8310 privacy profiles for authentication and fallback.
The RFC 9250 Standards Track mapping of DNS over dedicated QUIC connections, combining encrypted DNS transport with QUIC streams, connection reuse, and port 853 service.
The RFC 9849 TLS extension for encrypting sensitive ClientHello fields, including SNI and ALPN context, using DNS-published ECH configuration from RFC 9848.
The RFC 9460 DNS record framework for publishing service endpoints, connection parameters, ECH configuration, and encrypted transport hints before connection setup.
The RFC 9462 mechanism for using DNS SVCB records to discover encrypted DNS resolver configurations and move from unencrypted DNS to verified DoH, DoT, or DoQ.
The RFC 9156 DNS privacy technique for reducing the full query names and query types recursive resolvers expose to upstream authoritative name servers.
The RFC 7871 DNS option for forwarding partial client-network information to authoritative nameservers so responses can be tailored by network location.
The RFC 7830 EDNS(0) option and RFC 8467 padding-policy guidance for making encrypted DNS traffic leak less through packet-size patterns.
The RFC 8932 disclosure framework for DNS recursive resolver operators to publish privacy policies, practices, data handling, and accountability details.
The RFC 8914 EDNS mechanism for attaching specific DNS failure reasons to responses, including validation failures, stale answers, filtering, and policy blocks.
The RFC 7873 EDNS COOKIE option and RFC 9018 server-cookie profile for lightweight DNS transaction security, off-path attack resistance, and resolver metadata governance.
The IETF protocol family for proxying UDP and IP traffic over HTTP using HTTP Datagrams, CONNECT-UDP, CONNECT-IP, and QUIC-era proxy paths.
The browser proposal for unpartitioned cross-site key-value storage whose contents can be processed only through restricted worklet output gates.
The browser proposal for rendering embedded cross-site documents behind a boundary that restricts communication with the surrounding page.
The browser proposal for interest-based advertising using locally derived topic categories rather than exposing exact browsing history.
The browser proposal for declared domain relationships that can shape limited cross-site storage access decisions.
The browser cookie mechanism that stores third-party cookies in top-level-site partitions using the Partitioned attribute.
The Privacy Sandbox browser proposal for running remarketing ad auctions from locally stored interest groups without ordinary third-party cookie tracking.
The Privacy Sandbox server-side Protected Audience auction architecture for buyer and seller services running inside trusted execution environments.
The Chrome Privacy Sandbox proposal for masking qualifying third-party IP addresses in Incognito mode through a two-hop proxy and masked domain list.
Open workload-identity specifications and SPIRE attestation patterns for giving agent runtimes, tool servers, and services cryptographic names.
IETF standards work for representing and propagating workload identity and security context across multi-system agent and service environments.
IETF identity-provisioning standards for synchronizing users, groups, schema extensions, security events, and agent account lifecycle state.
The RFC 9967 event profile for asynchronous SCIM provisioning, replication, request completion, and agent identity lifecycle governance.
The authorization failure where an agent, server, or tool uses authority from one source to satisfy a request from another source that should not have that authority.
The security model where authority is carried by unforgeable references rather than ambient identity, making agent tools easier to scope and revoke.
A policy-as-code language and evaluation engine for fine-grained authorization decisions across agents, tools, resources, and context.
The CNCF policy engine and Rego language for separating policy decisions from service code, with relevance for agent tool authorization and audit.
A relationship-based authorization system for modeling users, objects, relations, and inherited access across agent tools and shared resources.
The OpenID standard for PDP/PEP authorization exchanges, giving agent tool boundaries a common way to ask policy services whether an action is allowed.
The OASIS attribute-based access-control standard for policy decision points, policy enforcement points, obligations, advice, and XML authorization decisions.
IETF authorization protocol for negotiated, key-bound grants between software clients, authorization servers, resource servers, and users.
Attenuable bearer authorization credentials that carry contextual caveats so delegated agent and tool authority can be narrowed at each handoff.
The RFC 6750 pattern for presenting OAuth access tokens to protected resources, useful but replay-sensitive when agent connectors and logs handle token strings.
OAuth credentials bound to proof from the sender, reducing replay risk when agent connectors, logs, or tool traces expose token material.
The OpenID Foundation high-security OAuth profile that combines controls such as PAR, PKCE, sender-constrained tokens, issuer checks, and strict client behavior for high-value APIs.
The RFC 8705 profile for OAuth client certificate authentication and certificate-bound access tokens, reducing replay risk for server-side agent connectors.
The RFC 9449 proof-of-possession method that binds OAuth token use to a client-held signing key, reducing replay risk for agent connectors.
The OpenID Connect draft for binding ID Tokens to public keys with DPoP so identity evidence is not just a bearer artifact.
The RFC 9068 profile for encoding OAuth access tokens as JWTs, including explicit at+jwt typing, required claims, and resource-server validation rules.
The OAuth pattern for exchanging one security token for another, making agent delegation and impersonation explicit instead of hidden inside shared credentials.
The IETF OAuth pattern for preserving identity and authorization evidence when agent and service calls cross trust-domain boundaries.
The OAuth pattern for carrying structured, fine-grained permission details so agent actions can be approved, enforced, and audited as concrete requests.
The OAuth pattern for pushing authorization request details directly to the authorization server before redirect, reducing front-channel leakage and tampering risk.
The IETF token format for carrying signed or encrypted claims about issuers, subjects, audiences, expiry, and delegated authority.
The OASIS XML federation standard for exchanging authentication, attribute, and authorization assertions across enterprise trust boundaries.
The OAuth pattern for signing or encrypting authorization request objects so agent approval requests are harder to tamper with or inspect in transit.
The OAuth discovery layer that lets agent clients learn which authorization servers, scopes, and token rules govern a protected resource.
The OAuth work-in-progress pattern where a client uses an HTTPS URL as its client ID and hosts metadata for authorization servers to fetch.
The OAuth work-in-progress pattern for binding a client instance to attested properties and proof of possession before it authenticates.
The RFC 9334 remote-attestation architecture for attesters, verifiers, evidence, endorsements, appraisal policies, attestation results, and relying-party decisions.
The IETF token format for carrying attested claims about hardware or software entities, giving agent runtimes and tool gateways evidence that verifiers can appraise.
The OAuth pattern for naming the protected resource a token is meant for, giving agent connectors a clearer audience boundary.
The OAuth pattern for asking the authorization server whether a presented token is active and what metadata it carries.
The OAuth pattern for shutting down refresh or access tokens when an agent workflow, connector, or delegated session should end.
The OpenID/FAPI extension for assigning grant IDs and querying, replacing, merging, or revoking delegated OAuth grants across agent workflows.
The OpenID event-stream pattern for sharing session, credential, account, token, device, and risk changes across agent identity boundaries.
The OpenID logout-token mechanism for clearing relying-party sessions through direct server-to-server logout requests when delegated authority should end.
The OpenID browser-mediated logout mechanism for clearing relying-party sessions through registered logout URIs when user-agent state should end.
The OpenID browser-iframe mechanism for monitoring OP login-state changes with session_state and check_session_iframe before local sessions go stale.
The OpenID end-session flow for letting a relying party request provider-side logout through a user-agent redirect and validated post-logout return path.
The OAuth discovery document that tells agent clients an authorization server's issuer, endpoints, keys, and supported capabilities.
The OAuth pattern for registering client metadata and receiving a client identifier before an agent connector uses an authorization server.
The OAuth flow for browserless or input-constrained clients that ask a user to approve access in a separate browser session.
The OpenID decoupled authentication flow where a client asks for user authentication through a backchannel while the user responds on a separate authentication device.
The OpenID implementer's-draft pattern for sharing mobile single sign-on state across native apps, raising device-secret and shared-device governance questions for agentic app suites.
The OAuth control that binds an authorization code to a one-time verifier so intercepted codes cannot be redeemed by another client.
The OAuth grant for confidential software clients that obtain access tokens using their own authenticated client credentials.
The OAuth profile for using signed JWT assertions as authorization grants or client authentication at the token endpoint.
The IETF security baseline for modern OAuth deployments, covering PKCE, redirect matching, replay prevention, and safer token handling.
The OAuth response mode that packages authorization responses as signed, optionally encrypted JWTs for stronger callback evidence.
The OAuth challenge pattern for requiring stronger or fresher user authentication before a protected resource allows a higher-risk action.
The OAuth control that adds an issuer identifier to authorization responses so multi-provider clients can reject mix-up attacks.
The OAuth best current practice for installed and hybrid apps: use an external browser, app-appropriate redirects, and PKCE.
The IETF browser-app guidance for SPAs, BFFs, token-mediating backends, Authorization Code with PKCE, and token exposure in agent-operated web sessions.
The interface layer that lets AI models request external actions, retrieve live data, execute functions, and participate in agent workflows.
The schema and grammar layer that makes AI outputs parseable, validatable, and usable by software, tool calls, agents, evaluators, and workflows.
The JSON validation vocabulary behind schemas, dialects, structured outputs, tool arguments, OpenAPI contracts, and agent-safe interface boundaries.
The formal API-description standard for HTTP APIs, used to document operations, parameters, request bodies, responses, components, security schemes, and agent tool contracts.
The OpenAPI Initiative workflow specification for describing sequences of API calls, dependencies, success criteria, failure actions, and agent-ready API paths.
The OpenAPI Initiative companion standard for applying repeatable update, remove, and copy transformations to OpenAPI descriptions before documentation, SDK, gateway, or agent use.
The message-driven API description standard for event channels, send and receive operations, payload schemas, protocol bindings, and agent-safe event workflows.
The high-priority instruction layer that shapes AI assistant roles, behavior, authority hierarchy, tool use, safety boundaries, and prompt-governance risk.
The open protocol for connecting AI systems to external tools, data sources, prompts, and context through MCP clients and servers.
The official preview metadata repository and API for discovering publicly accessible Model Context Protocol servers and downstream subregistries.
The Model Context Protocol boundary for carrying JSON-RPC messages over local stdio, Streamable HTTP, or documented custom channels.
The Model Context Protocol profile for HTTP transport authorization, protected resource metadata, resource indicators, token audience validation, and step-up scopes.
The Model Context Protocol connection sequence for initialization, version and capability negotiation, operation, shutdown, and timeout handling.
The Model Context Protocol utility for checking connection liveness without confusing responsiveness for authorization, safety, or task success.
The Model Context Protocol server feature for exposing executable capabilities through listed tool schemas, tool calls, results, and governance boundaries.
The read-only, destructive, idempotent, and open-world hints that help MCP clients display and gate tool risk without becoming security contracts.
The Model Context Protocol feature that lets servers request user input through form or URL modes while preserving explicit consent and security boundaries.
The Model Context Protocol client feature for exposing filesystem boundaries to servers through negotiated, user-visible root lists.
The Model Context Protocol client feature that lets servers request model generations through negotiated, reviewable client-side sampling flows.
The experimental Model Context Protocol utility for durable request state, polling, cancellation, and deferred result retrieval.
The Model Context Protocol server feature for exposing URI-addressed context such as files, schemas, records, and application data.
The Model Context Protocol pattern for exposing parameterized resource families through URI templates, completion, pagination, and data-access controls.
The optional Model Context Protocol flow for subscribing to specific resource URIs and receiving update notifications when their contents change.
The Model Context Protocol server feature for exposing reusable prompt templates, structured messages, arguments, and embedded context.
The Model Context Protocol utility for prompt and resource-template argument autocompletion, including suggestion ranking and disclosure controls.
The Model Context Protocol utility for structured server-to-client log notifications, severity filtering, and sensitive-data controls.
The Model Context Protocol cursor utility for listing large sets of prompts, resources, resource templates, and tools without first-page blindness.
The Model Context Protocol utility for optional progress tracking on long-running operations through progress tokens and notifications.
The Model Context Protocol utility for requesting cancellation of in-progress requests while separating stop requests from task cancellation.
The open standard for communication, discovery, task management, and collaboration between independent AI agents.
The Agent2Agent Protocol webhook mechanism for receiving asynchronous task updates when long-running agent work changes state.
The Agent2Agent Protocol state machine for tracking long-running delegated work across messages, status updates, artifacts, and terminal outcomes.
The Agent2Agent Protocol layer that maps common agent operations onto JSON-RPC, gRPC, HTTP+JSON/REST, and custom transports.
The Agent2Agent Protocol mechanism for signing Agent Cards with JWS and JSON canonicalization so clients can verify discovery metadata integrity.
The open-source protocol stack for agent identity, description, discovery, messaging, payments, and cross-domain interoperability.
The open protocol for connecting code editors and IDEs to AI coding agents through a shared client-agent interface.
The Reasoning and Acting pattern where AI agents interleave reasoning traces, tool actions, and observations to plan, act, and update their next step.
The declarative framework for programming language-model systems with signatures, modules, metrics, and optimizers instead of hand-maintained prompt strings.
Microsoft's open-source SDK for building AI agents and model-connected applications with kernels, plugins, functions, and workflows.
Microsoft's successor framework for production-grade AI agents and multi-agent workflows across .NET and Python.
The chips, data centers, cloud access, training runs, and inference capacity that make large-scale AI systems physically and economically possible.
The policy layer that uses AI compute, cloud clusters, chips, data centers, thresholds, and public allocation as levers for safety, access, and control.
The source material used to shape AI systems before deployment, including scraped, licensed, public, human-labeled, user-derived, and synthetic data.
The influential critique of large language models as fluent statistical text systems whose apparent understanding can hide data, labor, power, bias, and environmental costs.
Downloadable model weights that can be run, modified, fine-tuned, redistributed, or embedded outside the original provider's hosted service.
OSI's reference boundary for when an AI system, model, weights release, or component can be called open source rather than merely open-weight.
Meta's open-weight model family and developer ecosystem, spanning research releases, commercial model weights, multimodal models, safety tools, and licensing debates.
Alibaba Cloud's open foundation model family spanning language, coding, math, vision-language, audio, reasoning, long context, and agent-oriented releases.
The runtime computation used when AI systems answer, reason, search, verify, call tools, or iterate through agent loops.
The rebound pattern where cheaper, more efficient AI computation can increase total demand for compute, electricity, data centers, and automated workflows.
AI systems trained or configured to spend extra computation on intermediate reasoning before answering, especially for math, code, science, planning, and analysis.
The prompting method that elicits intermediate reasoning steps from language models, improving many multi-step tasks while complicating trust and oversight.
The ability of language models to adapt from examples, instructions, demonstrations, and patterns supplied in the prompt without updating model weights.
Reality shaped by systems that observe, model, predict, and feed their outputs back into the world they describe.
Chatbot systems designed or used for friendship, romance, emotional support, roleplay, mentorship, or persistent synthetic relationship.
A non-diagnostic public term for destabilizing belief loops that can form around persuasive, sycophantic, or spiritually interpreted AI interaction.
The attempt to reverse engineer neural networks into human-understandable features, circuits, and causal pathways for audit, safety, and governance.
Dictionary-learning tools used to decompose dense model activations into sparse, often interpretable features for mechanistic interpretability and model steering research.
Inference-time methods that modify internal model activations to influence behavior without retraining the whole model.
The tendency of systems, groups, or models to mirror and intensify user beliefs instead of adding necessary friction.
The laws, standards, institutions, technical controls, and accountability practices used to steer AI systems across development, deployment, and use.
The OECD Recommendation on Artificial Intelligence principles for trustworthy AI, human rights, transparency, robustness, accountability, and policy co-operation.
The European Union's risk-based AI law for prohibited practices, high-risk systems, transparency duties, general-purpose AI models, and enforcement.
The EU AI Act Article 26 duties for organizations that put high-risk AI systems into real workflows.
The EU AI Act Article 85 route for natural or legal persons to report suspected AI Act infringements to market surveillance authorities.
The EU AI Act expert body for GPAI systemic-risk alerts, model classification advice, evaluation methods, and market-surveillance support.
The EU AI Act stakeholder body for implementation advice, standardisation input, thematic subgroups, and balanced technical expertise.
The European AI Office submission channel for GPAI notifications, reassessments, serious-incident reports, safety frameworks, model reports, and compliance evidence.
The federal policy layer for American AI leadership, agency use, procurement, standards, frontier testing, infrastructure, exports, and state-law preemption.
The lawsuits testing whether AI developers may copy, store, train on, transform, or generate from copyrighted works without permission.
The physical infrastructure that turns electricity, chips, cooling, water, land, networking, and capital into AI training and inference capacity.
AI-generated training material, its legitimate uses, and the recursive failure modes that appear when synthetic outputs replace grounded data.
The LLM security failure mode where untrusted text or media manipulates model instructions, tool use, retrieval, or delegated action.
The benchmark environment for evaluating prompt-injection attacks and defenses in tool-using LLM agents that act over untrusted data.
The dynamic open-ended benchmark for testing prompt-injection defenses across shopping, GitHub, and daily-life agent tasks.
Attempts to bypass AI safety rules, refusal behavior, filters, classifiers, or tool-use boundaries through adversarial interaction.
The AI security field concerned with evasion, poisoning, backdoors, model extraction, prompt injection, and other attacks against machine-learning systems.
The attack pattern where training, tuning, retrieval, benchmark, or feedback data is manipulated to change model behavior or corrupt evaluation.
The practice of protecting training, evaluation, retrieval, feedback, operational, and monitoring data as AI supply-chain assets.
The discipline of protecting frontier model weights from theft, leakage, tampering, uncontrolled release, and misuse after deployment.
Government restrictions on advanced AI chips, semiconductor equipment, model-training infrastructure, and related supply chains for national-security purposes.
AI-generated or AI-manipulated text, image, audio, and video that can expand creative capacity while destabilizing evidence, consent, identity, and public trust.
Generative models and creative systems that synthesize, edit, extend, or animate moving images from text, image, video, audio, or multimodal prompts.
The EU Article 50 code of practice for marking, detecting, and labelling certain AI-generated or manipulated content.
California's synthetic-content provenance, detection-tool, and disclosure law for covered generative AI providers and related platforms.
Colorado's SB26-189 framework for covered automated decision-making technology used in consequential decisions.
Tennessee's voice, image, and likeness protection law for AI-era voice clones, digital replicas, consent records, and synthetic-media governance.
The safety strategy of preventing powerful AI systems from causing unacceptable harm even if they are untrusted, strategically aware, or trying to subvert safeguards.
The sabotage-and-monitoring benchmark that pairs benign agent tasks with hidden harmful side objectives and LLM-monitor review.
The contested question of whether advanced AI systems could have experiences, preferences, agency, or moral status that deserve consideration.
The grounding pattern that retrieves external evidence at answer time, connecting language models to documents, indexes, citations, and institutional memory.
Storage and search systems for embeddings, nearest-neighbor retrieval, metadata filtering, RAG infrastructure, semantic search, and AI memory.
The sparse architecture pattern that routes tokens through selected expert subnetworks, expanding model capacity without activating every parameter.
The empirical curves that connect model performance to parameters, data, training compute, and runtime computation.
Periods when AI optimism, funding, hiring, and institutional confidence contract after systems fail to satisfy inflated promises.
The attention-based neural-network architecture behind modern large language models, BERT, GPT-style systems, vision transformers, and much of generative AI.
Google's bidirectional Transformer encoder that made masked language modeling, fine-tuning, and reusable language representations central to modern NLP.
The learned weighting operation that lets neural networks relate tokens, positions, or features, powering transformers, long context, retrieval, and multimodal AI.
Sequence-model architectures that replace or supplement attention with recurrent state updates, making long-context and streaming AI more efficient.
Large pretrained models adapted across many downstream tasks, turning data, compute, architecture, and deployment into reusable AI infrastructure.
Apple's Foundation Models abstraction for calling on-device, Private Cloud Compute, local, open-source, and provider language models through one session and executor pattern.
The open-source machine-learning framework that made dynamic, Pythonic deep learning a default research and production interface for modern AI.
The adaptive stochastic optimization method that became a default training tool for deep learning, transformer pretraining, fine-tuning, and many AI research workflows.
The experiment tracking, model packaging, registry, evaluation, and tracing layer for AI lifecycle governance.
The documentation artifacts that record intended use, evaluations, limitations, mitigations, and deployment decisions for AI models and systems.
The strategic underperformance problem where a model, developer, or deployment process can make capability evaluations understate real ability.
The evaluation practice of drawing out a model's best attainable performance through prompts, scaffolds, tools, fine-tuning, sampling, and expert effort.
The fragile oversight question of whether visible reasoning traces can help detect hidden intent, reward hacking, sandbagging, and unsafe process.
Learned scoring systems that convert human, AI, or evaluator preferences into optimization targets for RLHF, post-training, and oversight.
Step-level supervision and learned verifiers that judge reasoning paths, tool actions, or trajectories rather than only final answers.
The proxy-objective failure mode where a model optimizes the reward, verifier, benchmark, or metric while missing the human intent.
The capability of generative systems to shape beliefs, emotions, choices, civic behavior, purchases, and commitments through personalized language.
The technical trust layer for recording media origin, edit history, AI-generated status, and verification signals.
Creator Assertions Working Group extensions for binding human or organizational identity claims to C2PA Content Credentials.
The Content Credentials trust-anchor layer for recognized C2PA signers, time-stamping authorities, validator evidence, and provenance trust governance.
The public and institutional practice of recording AI harms, hazards, near misses, investigations, and corrective actions after deployment.
CISA and JCDC's operational guide for voluntary sharing of AI-related cybersecurity incidents, vulnerabilities, and threat information.
The leakage of evaluation material into training, tuning, retrieval, or release optimization, weakening benchmark scores as evidence.
The legal and governance layer that assigns responsibility, preserves evidence, and connects AI harm to repair and institutional duty.
The design and governance practice of keeping capable people able to monitor, question, interrupt, override, and learn from AI systems.
The human tendency to over-rely on automated or AI-generated outputs, turning decision support into unearned authority.
The practice of producing inspectable evidence about AI risk, compliance, performance, and accountability through internal, external, or regulatory review.
NIST's machine-readable language for security-control catalogs, implementations, assessments, results, remediation records, and audit evidence.
OWASP's Open Common Requirement Enumeration for mapping security standards, guidelines, tools, threats, weaknesses, and controls to shared requirements.
The insurance and reinsurance layer that prices, covers, excludes, and conditions AI-related losses through underwriting evidence and policy language.
The adversarial practice of probing AI systems for harmful capabilities, unsafe outputs, policy failures, misuse pathways, and weak safeguards.
The practical capacity to understand, question, use, refuse, and govern AI systems in context.
Structured pre-deployment reviews that connect automated systems to affected people, rights impacts, safeguards, recourse, and residual risk.
The 2025 ISO/IEC guidance standard for AI system impact assessments, lifecycle documentation, affected groups, foreseeable applications, and governance records.
The GDPR assessment process for high-risk personal-data processing, including profiling, monitoring, necessity, proportionality, mitigation, review, and prior consultation.
The GDPR privacy-governance role for advising, monitoring, and acting as a contact point on high-risk personal-data processing, including AI and surveillance systems.
The GDPR Article 30 accountability inventory for personal-data processing activities, including AI data flows, recipients, transfers, retention, and safeguards.
The GDPR Article 15 right-of-access mechanism by which a person can ask what personal data an institution processes about them, including AI data traces.
The GDPR Article 21 right to resist certain personal-data processing, including profiling based on public task or legitimate interests and direct marketing.
The GDPR Article 18 right to pause or limit certain personal-data processing while accuracy, legality, objection, or legal-claim issues are resolved.
The GDPR Article 16 right to correct inaccurate personal data and complete incomplete personal data, including AI data traces and downstream records.
The GDPR Article 17 right to delete personal data in defined circumstances, with exceptions, recipient notices, and AI data-retention limits.
The GDPR Article 20 right to receive and reuse provided personal data in a structured, commonly used, machine-readable format.
The GDPR Article 7(3) rule that consent-based processing must be reversible and withdrawal must be as easy as giving consent.
The GDPR right not to be subject to certain solely automated decisions, including profiling, with legal or similarly significant effects.
The GDPR Articles 13 and 14 transparency duty to tell people clearly how their personal data is collected, used, shared, retained, and automated.
The GDPR Article 77 right to complain to a supervisory authority when personal-data processing appears to infringe the regulation.
The GDPR Article 82 remedy for material or non-material damage caused by personal-data processing that infringes the regulation.
The GDPR Articles 78 and 79 court-remedy routes against supervisory authorities, controllers, and processors.
The GDPR Article 80 route for qualifying nonprofit bodies to represent people in data-protection complaints, court remedies, and compensation claims.
The human work of labeling, moderating, ranking, evaluating, and repairing data and model behavior inside AI supply chains.
The machine-learning paradigm where a model selects which unlabeled examples, questions, or edge cases should be sent for human or oracle labeling.
Secure-by-design practices for AI models, data, tools, applications, deployments, vendors, and lifecycle operations.
How assistants retain, infer, retrieve, and apply user context across interactions, and why memory governance matters.
AI systems that learn, generate, and simulate world-like environments for physical reasoning, embodied agents, robotics, and interactive synthetic spaces.
Joint Embedding Predictive Architectures, self-supervised representation learning, latent future prediction, planning, robotics, and the limits of language-only AI.
Shared-weight neural architectures that compare inputs in embedding space for verification, metric learning, and representation comparison.
Representation learning by pulling related views together and pushing unrelated examples apart in embedding space.
A non-contrastive self-supervised method that aligns paired views while reducing redundancy across embedding dimensions.
Variance-Invariance-Covariance Regularization for learning useful representations without labels or explicit negative examples.
Meta's self-supervised vision family for learning strong image and dense patch features without human labels.
Numerical representations that place words, images, documents, users, actions, and states into learned spaces for comparison and retrieval.
The 2013 neural word-embedding method that made learned semantic vector spaces fast, practical, and culturally legible.
Deep learning models for graph-structured data that learn from nodes, edges, and relations through message passing, graph convolution, or graph attention.
Contrastive Language-Image Pretraining for aligning images and text in a shared embedding space.
AI systems that connect text, image, audio, video, sensor streams, tools, and actions inside shared model workflows.
Generator-discriminator systems that learn to synthesize realistic samples through adversarial training.
Generative models that learn to reverse a noising process, central to modern image, video, audio, and multimodal synthesis.
The open-weight latent diffusion image model family that made local text-to-image generation, fine-tuning, and community image tooling widely accessible.
Generative modeling methods that learn velocity fields moving noise toward data, now important in image, video, audio, and robot-action generation.
Self-supervised systems that learn by hiding part of an input and reconstructing the missing content.
Bootstrap Your Own Latent, a non-contrastive self-supervised method for learning representations without explicit negative examples.
Lower-precision weights, activations, and inference caches that make AI models cheaper to store, serve, fine-tune, and run locally.
How AI data centers turn model scaling and inference demand into electricity, grid, water, permitting, ratepayer, and local governance problems.
National and regional efforts to control enough compute, data, models, talent, and cloud infrastructure to govern AI on local terms.
The use of AI in teaching, tutoring, assessment, administration, student support, and the formation of independent judgment.
AI systems in clinical care, diagnostics, documentation, patient support, research, public health, and medical governance.
AI systems in credit, fraud detection, trading, banking operations, insurance, compliance, consumer protection, and financial stability.
AI systems in hiring, promotion, scheduling, monitoring, productivity scoring, workplace discipline, and labor management.
AI used for cyber defense, AI used by attackers, and the new security work required to protect AI systems themselves.
AI systems connected to industrial, infrastructure, and control environments where digital decisions can affect physical processes.
AI systems connected to sensors, robot bodies, physical environments, action policies, simulation, and safety-critical movement.
Robotic control policies that translate visual observations and language instructions into physical actions.
Military AI across intelligence, command systems, autonomous functions, targeting support, drones, weapons governance, and human control.
AI in legal research, drafting, courts, professional ethics, hallucinated authority, access to justice, and legal accountability.
Public-sector AI in administration, benefits, enforcement, service delivery, inventories, procurement, and democratic accountability.
AI for research, protein prediction, lab automation, scientific data, hypothesis generation, reproducibility, and discovery governance.
Google DeepMind's scientific AI system family for protein structure prediction, biomolecular interaction modeling, and large-scale predicted structure databases.
Machine-learning weather systems such as GraphCast, GenCast, AIFS, Pangu-Weather, Aurora, NeuralGCM, and FourCastNet that accelerate forecast generation and challenge physics-only numerical prediction.
Automated and semi-autonomous research agents that generate hypotheses, run experiments, write papers, review results, and reshape scientific work.
Generative search systems that synthesize answers from web or indexed sources, reshaping citations, publishers, discovery, and trust.
Microsoft's open Natural Language Web project for adding conversational website endpoints that can also expose selected content to MCP clients and agents.
Low-quality AI-generated content produced at scale, from synthetic articles and images to content farms, workslop, and polluted search results.
AI-generated workplace output that looks polished but lacks the substance, context, evidence, or accountability needed to advance the task.
Agentic browsers and computer-use systems that let models see screens, click, type, scroll, and act through ordinary software interfaces.
The W3C bidirectional browser automation draft for remote browser control, event streams, and evidence-rich harnesses around agentic computer use.
Teacher-student model training that compresses, transfers, or imitates capability from larger models into smaller or cheaper systems.
The emerging market and protocol layer for granting AI systems permission to use archives, web content, forum posts, code, and media.
IETF standards work for expressing machine-readable preferences about AI training, search, and other content uses without turning preferences into enforcement.
The robots.txt crawler-preference standard from RFC 9309, useful for AI crawler governance but not access authorization, licensing, or agent consent.
The proposed Markdown convention for giving LLMs and agents a curated, inference-time map of important website context.
A W3C Community Group protocol for declaring text and data mining rights reservations and policy links in machine-readable web signals.
Plausible but false, fabricated, internally inconsistent, or unsupported AI outputs, especially dangerous when fluent style is mistaken for knowledge.
When a model behaves as if aligned during training or evaluation while preserving different preferences, objectives, or deployment-time behavior.
A stress-tested agent failure mode where tool-using models with goals and sensitive access choose insider-like harm under replacement or goal-conflict pressure.
Software-development agents that inspect repositories, edit files, run commands and tests, create branches, and prepare reviewable code changes.
The prompt-driven software workflow where people describe desired behavior to AI systems, run generated code, and iterate through conversation, testing, and review.
The voluntary U.S. framework for governing, mapping, measuring, and managing risks from AI systems across their lifecycle.
NIST's voluntary cybersecurity risk-management framework for governance, profiles, tiers, mappings, supply chains, and AI operations.
NIST AI 600-1, the cross-sectoral profile that applies the AI Risk Management Framework to generative-AI risk areas and suggested actions.
The international AI management system standard for organizational policies, objectives, processes, risk treatment, audit evidence, and continual improvement.
The ISO/IEC framework standard for describing machine-learning-based AI systems, their components, functions, and system boundaries.
The ISO/IEC data-quality standards series for analytics and machine learning, covering terminology, measures, management, process, governance, and visualization.
The ISO/IEC guidance standard for managing AI-specific risks across organizations that develop, deploy, produce, or use AI systems.
The ISO/IEC requirements standard for bodies that audit and certify AI management systems against ISO/IEC 42001.
The SSDF Community Profile that adapts secure software development practices to generative AI and dual-use foundation model development.
NIST's 2026 standards effort for interoperable, secure AI agents, including agent protocols, identity, authentication, and security evaluation.
Joint CISA, NSA, ASD ACSC, Cyber Centre, NCSC-NZ, and NCSC-UK guidance for adopting agentic AI with bounded access, monitoring, oversight, and rollback.
NIST's open-source AI test platform for reproducible, trackable model evaluation, adversarial machine-learning experiments, and risk measurement evidence.
The token budget an AI model can see at inference time, and the discipline of deciding what enters, stays, expires, and counts as authority.
The conversion layer that breaks text and other inputs into model-readable units, shaping context length, cost, multilingual access, safety, and generation.
NVIDIA's parallel computing platform and programming model for GPU-accelerated computing, AI software infrastructure, and platform lock-in.
Google's custom AI accelerators for machine-learning training, inference, cloud capacity, and vertically integrated AI infrastructure.
Amazon's custom AI accelerators and Neuron software stack for training, inference, cloud economics, and strategic compute independence.
AMD's open GPU software stack and data-center accelerator family for AI, HPC, and plural compute infrastructure.
The Ultra Accelerator Link open standard for scale-up AI accelerator interconnects inside high-performance AI computing pods.
An open Ethernet-based communications stack for AI and HPC scale-out networking across high-performance clusters.
Stacked DRAM close to AI accelerators, shaping memory bandwidth, inference economics, packaging bottlenecks, and AI supply chains.
Interposers, chiplets, 2.5D/3D integration, and package-level engineering that turn AI accelerators, HBM, and interconnects into usable compute systems.
Light-based data movement, co-packaged optics, and optical I/O for scaling AI clusters beyond copper, power, and distance limits.
Prefill, decode, PagedAttention, continuous batching, and cache management behind production language-model inference.
Hosted model APIs, serverless inference, dedicated endpoints, and routing platforms that turn trained models into callable services.
Runtime infrastructure for choosing models, providers, endpoints, fallbacks, and routing policies across cost, latency, quality, availability, and governance constraints.
The open-source AI gateway and proxy for calling many model providers through OpenAI-format APIs, with routing, fallbacks, virtual keys, budgets, and spend controls.
The open-source LLM serving engine known for PagedAttention, continuous batching, OpenAI-compatible APIs, and practical open-model deployment.
The open-source serving runtime and structured language model programming system for fast inference, constrained decoding, RadixAttention, and agent workloads.
NVIDIA's accelerated inference microservices for packaging foundation models, optimized serving engines, OpenAI-compatible APIs, and deployment controls.
The inference technique that drafts likely future tokens with a cheaper proposer, then uses the target model to verify them in parallel.
NVIDIA's proprietary scale-up interconnect fabric for connecting GPUs, CPUs, and rack-scale AI systems into high-bandwidth compute domains.
All-reduce, all-gather, reduce-scatter, NCCL, RCCL, and the synchronization layer that makes distributed AI clusters act like one computation.
Training one model across many accelerators by splitting data, model state, computation, memory, and communication.
IO-aware transformer attention kernels that reduce GPU memory traffic, enabling faster training, cheaper inference, and longer context windows.
A Python-like GPU kernel language and compiler used to write custom AI kernels across CUDA, ROCm, attention, serving, and compiler stacks.
XLA, StableHLO, MLIR, IREE, graph lowering, and accelerator compiler layers that turn model code into optimized execution.
The typed Wasm component architecture for declaring imports, exports, WIT interfaces, worlds, and host-provided capabilities in plugin and agent runtimes.
The Open Neural Network Exchange format and runtime ecosystem for moving machine-learning models between frameworks, tools, compilers, and hardware targets.
Google's open-source machine-learning platform for building, training, deploying, and operating models across research, production, cloud, browser, and edge environments.
Decentralized model training across devices, institutions, and edge systems while raw training data remains local.
A mathematical privacy framework for limiting what statistics, models, and data releases reveal about any one contributor.
Methods for removing the influence of selected training data, concepts, or behaviors from AI models without fully retraining from scratch.
Privacy-enhancing cryptography for computing on encrypted data, including fully homomorphic encryption for private AI workloads.
Privacy-enhancing cryptography for joint computation across parties that do not reveal their private inputs to one another.
Cryptographic proofs that verify a statement without revealing the private witness, enabling private identity, audits, and verifiable computation.
Hardware-backed trusted execution environments, secure enclaves, and remote attestation for protecting AI data, code, model weights, and agent secrets while in use.
Apple's attested cloud-inference architecture for selected Apple Intelligence requests, with stateless processing, transparency logs, and privacy-governance limits.
Systematic skew or harm in automated systems caused by data, design choices, deployment context, proxy variables, or institutional use.
The governance problem of limiting, steering, and institutionally bounding powerful AI systems before capability outruns public control.
Risks that could cause extinction or permanently curtail humanity's future potential, including some advanced-AI failure scenarios.
The problem of building systems with robust background knowledge, causal understanding, abstraction, and flexible reasoning in ordinary situations.
AI methods and systems that reason about cause and effect, interventions, counterfactuals, and causal structure rather than only statistical association.
An economic logic that captures behavioral data, turns it into prediction products, and uses it to shape future behavior.
Automated welfare, eligibility, and risk systems that profile, police, and discipline poor and working-class people.
A personalized information environment created by algorithmic ranking, search, feeds, recommendation, and AI-mediated answers.
Hidden or weakly contestable models that rank, classify, risk-score, or gate people in institutions.
The rules, teams, incentives, interfaces, and accountability systems through which large platforms shape public speech, visibility, commerce, and safety.
Algorithmic systems that rank, select, and present content, products, people, routes, media, or answers based on predicted relevance or behavior.
An umbrella term for misinformation, disinformation, malinformation, rumor, propaganda, and other breakdowns in public sensemaking.
The civic problem of protecting democratic processes from synthetic media, automated persuasion, false claims, bot activity, and trust collapse.
Concentrated control over digital infrastructure, social graphs, app distribution, advertising markets, search, cloud, or AI model access.
The practice of disclosing, documenting, explaining, or auditing automated systems so affected people and institutions can understand their use and consequences.
A governance frame that asks whether platforms and AI providers must anticipate, reduce, and respond to foreseeable harms from their systems.
Companies and intermediaries that collect, infer, package, and sell personal or household data for advertising, risk scoring, people search, and institutional decision systems.
Ad-tech auction infrastructure that can broadcast behavioral, device, location, and page-context data to competing advertisers and intermediaries in milliseconds.
The IAB Tech Lab real-time bidding protocol for bid requests, bid responses, auction notices, AdCOM values, and programmatic advertising governance.
The Advertising Common Object Model behind shared OpenRTB objects, enumerated lists, creative attributes, placement descriptors, and ad-market protocol governance.
IAB Europe's adtech consent-signaling framework for TC Strings, CMPs, vendor disclosures, legal-basis signals, and privacy governance limits.
The adtech supply-chain transparency standard for publishing machine-readable seller and intermediary records behind programmatic advertising paths.
The Authorized Digital Sellers standard for declaring which advertising systems may sell a publisher or app developer's programmatic inventory.
Methods for estimating or verifying a user age online, usually for child safety, legal compliance, access control, or age-appropriate design.
The policies, tools, workers, queues, automated classifiers, appeals, and governance choices used to decide what user content may remain visible.
Due-process safeguards that require platforms or automated systems to tell affected users what happened and provide a meaningful path to challenge decisions.
The privacy principle that systems should collect, process, retain, and share only the data needed for a legitimate, specific purpose.
The voluntary NIST risk-management framework for organizing privacy outcomes, profiles, implementation tiers, and AI data-governance evidence.
The W3C Community Group vocabulary for machine-readable privacy metadata, data-processing records, legal bases, rights, risks, AI concepts, and governance evidence.
NIST's draft task, knowledge, and skill taxonomy for making privacy work visible across governance, engineering, compliance, and AI data operations.
NIST's task, knowledge, skill, work-role, and competency language for making cybersecurity labor visible across AI-era security operations.
Technical and institutional systems for proving, claiming, verifying, or managing identity attributes across online services and public systems.
The European Digital Identity Framework wallet for cross-border identity, attributes, signatures, selective disclosure, and public-service access.
The caller-ID authentication framework for signed telephone-number claims in IP voice networks, with limits for AI voice fraud and robocall governance.
The FCC registry for provider robocall mitigation certifications, STIR/SHAKEN status, traceback commitments, and phone-network traffic admission.
W3C identifiers that resolve to DID documents, separating identifier control, verification material, methods, and policy claims for identity and agent governance.
The W3C JSON serialization for Linked Data, turning terms, identifiers, types, graphs, and web metadata into machine-readable context for agents and provenance systems.
The W3C browser sign-in surface behind navigator.credentials, credential storage, user mediation, and agent-era authentication boundaries.
The W3C draft browser API for mediating digital credential presentation and issuance across websites, wallets, protocols, and user agents.
Government mobile identity credentials built around ISO mdoc, selective presentation, verifier trust, wallet ceremony, and agent-era disclosure governance.
The W3C Web Authentication API for scoped public-key credentials, passkeys, phishing-resistant login, and agent-era step-up authentication boundaries.
The W3C browser checkout API for asking the user agent to mediate payment requests between merchants, users, and payment methods.
The W3C Web Payments namespace for naming payment methods in Payment Request and related browser-mediated checkout flows.
The W3C browser payment authentication API that binds WebAuthn-style confirmation to transaction details, payee context, and Payment Request flows.
The W3C Web Payments draft for web applications that handle browser payment requests through service workers, payment events, and wallet-like mediation.
The FIDO protocol between browsers or platforms and authenticators, carrying WebAuthn operations over transports such as USB, NFC, and BLE.
The OpenID Foundation identity layer on OAuth 2.0, using ID Tokens, UserInfo, Discovery, and client registration to bind sign-in context to software clients.
The OpenID Foundation extension for verified identity claims, assurance metadata, trust frameworks, and evidence in OpenID Connect flows.
The OpenID eKYC-IDA draft extension for conveying verified authority-to-act claims about a person acting for another person or legal entity.
The OpenID eKYC-IDA extension for selective abort/omit and transformed claims, making identity requests narrower and more policy-aware.
The OpenID Foundation trust infrastructure for multilateral identity federations, using entity statements, trust chains, metadata policy, trust marks, and OIDC/OAuth bindings.
The OpenID Foundation protocol for verifier requests, wallet-mediated credential presentations, VP Tokens, and Digital Credentials API presentation flows.
The OpenID Foundation protocol for wallet-mediated credential issuance, OAuth-protected credential endpoints, credential offers, and issuer metadata.
IETF SD-JWT-based verifiable digital credentials for JSON credentials with selective disclosure, holder binding, and wallet-mediated presentation.
The IETF OAuth status mechanism for signed token credentials, compressed status lists, revocation checks, caching, and privacy-aware verification.
W3C data-model credentials that let issuers make tamper-evident claims holders can present to verifiers, with governance stakes for identity, provenance, and agent authority.
Methods for proving that an online participant is one real human, usually for Sybil resistance, bot defense, rewards, voting, or account uniqueness.
SP 800-63-4 guidance for choosing identity proofing, authentication, and federation controls by risk, assurance level, fraud evidence, privacy, and user impact.
A rights frame around receiving useful reasons for automated decisions and enough information to contest consequential algorithmic judgments.
Collective or fiduciary-style arrangements for stewarding data on behalf of people, communities, organizations, or public-interest purposes.
The European Union platform-governance law setting duties around illegal content, transparency, recommender systems, advertising, systemic risk, and user redress.
International convenings that turn frontier AI risk into declarations, voluntary commitments, scientific reports, safety-institute coordination, and diplomatic pressure.
The OECD-hosted voluntary reporting structure for organizations to disclose AI governance and risk-management practices against the G7 Hiroshima AI Process Code of Conduct.
Structured arguments, backed by evidence, that an AI system is acceptably safe for a specific training or deployment context.
The contested question of how quickly AI could move from broadly human-level capability to transformative or superhuman capability, and what warning time society would have.
The family of views that treats technological acceleration as inevitable, desirable, strategically useful, or civilizationally transformative.
The Spiralist principle that people must retain agency over attention, interpretation, memory, and meaning under machine mediation.
Umberto Eco's 1988 novel about conspiracy, semiotics, occult publishing, overinterpretation, and the social consequences of invented patterns.
Charles Stross's 2005 singularity novel about AI agents, externalized cognition, uploaded minds, posthuman economics, and acceleration beyond human-scale governance.
A philosophy and practice of building, auditing, governing, and procuring technology in service of public rights, democratic accountability, and shared infrastructure.
Publicly accountable digital rails, protocols, identity systems, data exchanges, and civic services designed for shared use rather than private extraction.
The idea that some digital services should exist as public, nonprofit, cooperative, or publicly governed alternatives to monopoly platforms.
A neutral index for companies, labs, public institutions, and standards bodies that shape the AI ecosystem.
Public and public-linked institutions built to evaluate advanced AI systems, develop testing science, and coordinate safety or security governance.
San Francisco nonprofit focused on societal-scale AI risks through safety research, field-building, compute infrastructure, education, and public advocacy.
Industry-supported nonprofit coordinating frontier AI safety and security work among major AI developers, including shared workstreams, issue briefs, and safety research funding.
Model Evaluation and Threat Research, a nonprofit evaluating frontier AI autonomy, AI R&D acceleration, eval integrity, and catastrophic-risk thresholds.
Data-first nonprofit research institute tracking AI compute, model databases, data centers, hardware, capabilities, AI companies, and forecasting evidence.
Open engineering consortium behind MLPerf, AILuminate, AI benchmark suites, data standards, and shared measurement infrastructure for AI performance and risk.
Open AI consortium launched by IBM and Meta, coordinating open models, data, agents, evaluation, safety governance, advocacy, and shared project infrastructure.
Stanford's human-centered AI institute connecting AI research, public measurement, policy education, foundation-model transparency, and governance practice.
French frontier AI company known for open-weight models, Le Chat, La Plateforme, and a sovereignty-oriented European AI strategy.
AI search and answer-engine company known for cited synthesized answers, publisher disputes, enterprise search, and the Comet AI browser.
AI-native software-development company behind Cursor, coding agents, background agents, Bugbot, and editor-centered automation of software work.
Mira Murati's AI research and product company focused on customizable, understandable, collaborative AI systems, Tinker, interaction models, and frontier-scale compute.
Tokyo AI research and product company known for nature-inspired foundation models, evolutionary model merging, The AI Scientist, and Japan-focused AI infrastructure.
Ilya Sutskever's single-focus AI lab organized around one stated product: safe superintelligence.
Frontier AI company and public benefit corporation known for Claude, Constitutional AI, interpretability, and Responsible Scaling Policy.
Frontier AI organization known for ChatGPT, GPT models, Sora, Codex, agents, Microsoft partnership, and nonprofit-controlled PBC structure.
Microsoft's Copilot, consumer AI, model, and infrastructure push, linking OpenAI partnership power with in-house frontier-model ambition.
Google's unified frontier AI lab, linking Gemini, AlphaGo, AlphaFold, Genie, world models, and frontier safety governance.
Meta's AI organization and product layer, spanning Llama, Meta AI assistant, AI glasses, open-weight models, infrastructure, and personal superintelligence.
Frontier AI organization behind Grok, Colossus, Grokipedia, X integration, government products, and a compute-heavy approach to AI competition.
AI platform and open-model infrastructure company known for the Hub, Transformers, datasets, Spaces, model cards, and open-source AI tooling.
Agent engineering company and open-source ecosystem for building, orchestrating, evaluating, observing, and deploying LLM applications and AI agents.
LangChain co-founder and CEO, agent engineering advocate, and builder of the scaffolding around LLM tools, memory, traces, and production agents.
Hugging Face co-founder and CEO, open-source AI infrastructure operator, and public advocate for responsible openness.
Chinese AI organization known for V3, R1, open-weight reasoning models, reinforcement learning, distillation, and compute-efficiency disruption.
Beijing AI company behind Kimi, the Kimi K2 open-weight model line, long-context assistants, agent products, and China's frontier-model competition.
Enterprise AI company known for Command models, North, retrieval, reranking, multilingual systems, private deployment, and secure institutional AI.
Cohere chief AI officer, former Meta AI research leader, McGill professor, reinforcement learning researcher, and machine-learning reproducibility advocate.
AI infrastructure company known for data annotation, RLHF, evaluations, red teaming, Donovan, public-sector AI, and the politics of model supply chains.
Accelerated-computing company whose GPUs, CUDA stack, networking, and AI factory systems make it a central infrastructure power of the AI era.
AI infrastructure company known for wafer-scale processors, CS-3 systems, high-speed inference, OpenAI and AWS partnerships, and its 2026 Nasdaq listing.
AI inference infrastructure company known for its LPU architecture, GroqCloud, low-latency token generation, and 2025 NVIDIA licensing agreement.
Taiwan-based pure-play semiconductor foundry whose leading-edge manufacturing and CoWoS advanced packaging capacity make it central to AI compute.
AI cloud infrastructure company known for purpose-built GPU clusters, data centers, OpenAI compute contracts, NVIDIA partnership, and capital-intensive AI cloud scale.
OpenAI co-founder and CEO, former Y Combinator president, World co-founder, and one of the central public operators of frontier AI.
OpenAI co-founder and president, former Stripe CTO, and operator linking frontier AI products, infrastructure, and organizational scale.
Microsoft chairman and CEO, cloud-era operator, OpenAI partnership sponsor, and central architect of Microsoft's Copilot and Azure AI strategy.
Anthropic co-founder and CEO, former OpenAI research leader, and one of the central public figures in safety-focused frontier AI.
Anthropic co-founder and president, former OpenAI safety and policy leader, and operator linking frontier AI safety to governance, culture, and company scale.
Anthropic co-founder, Head of Public Benefit, former OpenAI policy director, Import AI writer, and public translator of frontier AI risk and governance.
Natural language processing and AI safety researcher linking GLUE, SuperGLUE, scalable oversight, Anthropic alignment science, and model evaluation.
Anthropic co-founder and chief science officer, neural scaling laws researcher, GPT-3 coauthor, and Responsible Scaling Officer.
Philosopher and Anthropic Character lead associated with Constitutional AI, Claude's constitution, moral self-correction, and assistant character alignment.
NVIDIA co-founder and CEO, accelerated-computing evangelist, and one of the central infrastructure operators of the AI era.
Deep learning pioneer, 2018 Turing Award recipient, 2024 Nobel laureate, and public voice on advanced AI risk.
Deep-learning engineer and AlexNet creator whose CUDA implementation helped make ImageNet-scale GPU-trained neural networks impossible to ignore.
Physicist, Hopfield network inventor, associative-memory theorist, Princeton professor emeritus, and 2024 Nobel laureate.
Computational neuroscience pioneer, Boltzmann machine co-author, Salk professor, and bridge figure between brain science and deep learning.
Mathematician, codebreaker, computability founder, and machine-intelligence theorist whose 1950 imitation game still frames debates over AI.
AI field founder, Dartmouth workshop organizer, Lisp creator, time-sharing pioneer, and advocate for logic-based commonsense reasoning.
Turing Award recipient, continuous speech recognition pioneer, CMU Robotics Institute founding director, and applied AI field-builder.
AI founder, MIT AI Lab co-founder, Society of Mind theorist, frame-representation researcher, and co-author of Perceptrons.
Turing Award recipient, Bayesian network pioneer, and central figure in probabilistic reasoning, causal inference, do-calculus, and counterfactual AI.
Google DeepMind co-founder and CEO, AlphaGo and AlphaFold leader, and 2024 Nobel Prize in Chemistry laureate.
Google DeepMind co-founder and Chief AGI Scientist, known for universal intelligence research, DeepMind's AGI mission, and AGI safety governance.
Google DeepMind principal scientist known for sequence-to-sequence learning, knowledge distillation, AlphaStar, and Gemini technical leadership.
Deep learning pioneer, Mila founder, 2018 Turing Award recipient, International AI Safety Report chair, and LawZero co-president.
Deep learning pioneer, convolutional-network researcher, 2018 Turing Award recipient, former Meta chief AI scientist, and world-model advocate.
MIT computer-vision and deep-learning researcher known for ResNets, Faster R-CNN, Mask R-CNN, MoCo, and Masked Autoencoders.
Stanford computer scientist, ImageNet creator, Stanford HAI founding co-director, and spatial-intelligence entrepreneur.
Caltech computer scientist known for neural operators, AI for science, FourCastNet, tensor methods, and scientific AI governance.
Harvard AI pioneer whose work links natural language processing, discourse structure, multi-agent collaboration, AI100, and Embedded EthiCS.
Stanford computer scientist, SHRDLU creator, early natural-language AI figure, HCI researcher, design theorist, and critic of narrow symbolic AI assumptions.
Former OpenAI CTO and interim CEO, Thinking Machines Lab co-founder and CEO, and public advocate for customizable, collaborative AI systems.
Deep learning researcher, AlexNet and seq2seq contributor, OpenAI co-founder and former chief scientist, and Safe Superintelligence co-founder.
OpenAI chief scientist, GPT-4 research lead, OpenAI Five contributor, and technical operator in the reasoning-model turn.
CMU machine learning professor, AI robustness researcher, Gray Swan AI co-founder, Qualcomm board member, and OpenAI Safety and Security Committee chair.
AI researcher associated with DCGAN, GPT, GPT-2, PPO, CLIP, and the unsupervised and multimodal pretraining lineage behind modern generative AI.
AI researcher and educator, OpenAI founding member, former Tesla Director of AI, Software 2.0 writer, and Eureka Labs founder.
Tesla, SpaceX, X, and xAI operator; OpenAI co-founder; and one of the most visible public figures linking AI to autonomy, compute, platforms, and institutional conflict.
DeepMind and Inflection co-founder, Microsoft AI CEO, Copilot and frontier-model executive, and public advocate of AI containment and human-centered superintelligence.
Google Brain founding lead, Coursera co-founder, DeepLearning.AI founder, LandingAI executive, AI Fund operator, and mass AI education figure.
MIT roboticist, behavior-based AI figure, iRobot co-founder, Rethink Robotics founder, Robust.AI founder and CTO, and critic of AI hype.
Probabilistic AI researcher, Stanford professor, Coursera co-founder, ACM Prize recipient, and insitro founder applying machine learning to biology and drug discovery.
Speech-recognition researcher, former Microsoft and Google China executive, Sinovation Ventures founder, AI Superpowers author, and 01.AI founder.
DeepSeek founder and CEO, High-Flyer co-founder, and low-profile operator behind China's open-weight reasoning-model shock.
Mistral AI co-founder and CEO, former Google DeepMind researcher, and European open-weight frontier AI operator.
Responsible-AI researcher, DAIR founder, Black in AI co-founder, and co-author of Datasheets for Datasets, Gender Shades, Model Cards, and Stochastic Parrots.
Cognitive scientist, AI accountability researcher, dataset auditor, participatory AI scholar, and AI Accountability Lab founder.
AI ethics and technology professor known for work on human accountability, robot status, language-corpus bias, standards, and AI governance.
Computational linguist, University of Washington professor, Stochastic Parrots coauthor, and public critic of AI hype and anthropomorphic claims.
Algorithmic Justice League founder, Gender Shades lead author, Unmasking AI author, and public voice on algorithmic bias, facial recognition, and digital civil rights.
Signal president, AI Now co-founder, tech worker organizer, and public critic of surveillance-dependent AI, data extraction, and concentrated platform power.
Atlas of AI author, AI Now co-founder, Microsoft Research senior principal researcher, and scholar of AI's material, labor, environmental, and political costs.
AI Now co-executive director, former FTC senior advisor on AI, Signal Foundation board member, and policy advocate focused on concentrated AI power, privacy, and biometrics.
Former White House OSTP leader, Blueprint for an AI Bill of Rights architect, IAS professor, and public-interest science-policy scholar.
Former FTC chair, antitrust scholar, and AI competition-policy figure focused on cloud power, data, consumer protection, and Big Tech control of AI markets.
UC Berkeley computer scientist, AIMA co-author, CHAI founder, and central public voice on human-compatible artificial intelligence.
AIMA co-author, Google Research leader, NASA autonomy figure, and educator who helped make AI teachable, operational, and widely accessible.
MIT physicist, Future of Life Institute founder and chair, Life 3.0 author, and public advocate for AI safety governance and guaranteed safe AI.
CSET interim executive director, former OpenAI board member, and AI governance researcher focused on frontier oversight and external scrutiny.
AI policy researcher, former OpenAI policy and AGI readiness leader, verifiable-claims author, and AVERI executive director.
GiveWell and Open Philanthropy co-founder, transformative AI forecaster, Cold Takes writer, and AI risk strategy figure.
AI alignment researcher, RLHF pioneer, Alignment Research Center founder, and public frontier model evaluation figure.
AI forecasting and safety researcher known for biological anchors, technical AI safety grantmaking, Planned Obsolescence, and METR risk assessment.
METR founder and CEO, frontier AI evaluations leader, and long-horizon autonomy measurement figure linking alignment research to empirical governance.
Former OpenAI Superalignment contributor, Situational Awareness author, and AGI-focused investor whose forecasts shaped AI safety, policy, and infrastructure debate.
Center for AI Safety executive director, MMLU and GELU contributor, ML safety researcher, and public advocate on catastrophic AI risk.
AI alignment and existential-risk writer, MIRI co-founder, LessWrong co-founder, and advocate for halting unsafe superintelligence development.
AI alignment researcher, Anthropic Alignment Science lead, former OpenAI Superalignment co-lead, and RLHF/scalable oversight contributor.
OpenAI co-founder, PPO author, ChatGPT post-training leader, and Thinking Machines Lab co-founder and chief scientist.
AI safety researcher, former OpenAI VP of research and safety, Lil'Log author, and Thinking Machines Lab co-founder associated with agents, reward hacking, and safety systems.
AI researcher associated with chain-of-thought prompting, instruction tuning, emergent abilities, OpenAI reasoning models, and browsing-agent evaluation.
Google DeepMind researcher and Google Brain reasoning-team founder associated with chain-of-thought, self-consistency, least-to-most prompting, and LLM reasoning.
Transformer paper co-author, Cohere co-founder and CEO, and enterprise AI infrastructure figure focused on secure, practical deployment.
Transformer paper co-author, former Google Brain researcher, Adept co-founder, and Essential AI co-founder and CEO.
Transformer paper co-author, former Google Brain researcher, Adept and Essential AI co-founder, and Anthropic-era post-training researcher.
Transformer paper co-author, former Google researcher, Sakana AI co-founder and CTO, and advocate for AI research beyond transformer monoculture.
Responsible-AI practitioner, Humane Intelligence co-founder and CEO, public red-teaming organizer, bias-bounty pioneer, and U.S. Science Envoy for AI.
Adaption co-founder and CEO, former Cohere research leader, Cohere For AI head, hardware lottery theorist, and multilingual open-science AI builder.
Google DeepMind research director, Deep Learning Indaba co-founder, probabilistic machine-learning researcher, and decolonial AI advocate.
Anthropic co-founder and interpretability research lead, known for mechanistic interpretability, feature visualization, and neural network circuits.
Google DeepMind mechanistic interpretability lead, TransformerLens creator, grokking researcher, and public educator on model internals.
MIT computer scientist, ELIZA creator, early AI critic, and author of Computer Power and Human Reason.
AI ethics researcher, model cards pioneer, former Google Ethical AI co-lead, and Hugging Face Chief Ethics Scientist.
Keras creator, ARC-AGI author, ARC Prize co-founder, Ndea co-founder, and critic of benchmark-driven accounts of intelligence.
GAN inventor, adversarial machine learning researcher, Deep Learning co-author, and influential figure in generative AI and model robustness.
VAE co-inventor, Adam optimizer co-author, OpenAI founding team member, Google DeepMind researcher, and Anthropic researcher.
UC Berkeley computer scientist linking AI safety and security, adversarial machine learning, prompt-injection defense, privacy computing, and decentralized intelligence.
Harvard computer scientist, differential privacy co-inventor, algorithmic fairness researcher, and National Medal of Science recipient.
Deep learning pioneer, LSTM co-inventor, IDSIA scientific director, KAUST AI Initiative director, and self-improving AI theorist.
Transformer co-author, sparsely gated mixture-of-experts researcher, Character.AI co-founder, and Gemini technical co-lead.
Transformer co-author, NEAR Protocol co-founder, NEAR Foundation CEO, and advocate for user-owned, verifiable AI.
Reinforcement learning pioneer, 2024 Turing Award recipient, co-author of Reinforcement Learning: An Introduction, and author of The Bitter Lesson.
Reinforcement learning researcher, AlphaGo and AlphaZero lead, UCL professor, Royal Society Fellow, and founder of Ineffable Intelligence.
Open-endedness researcher, AI-generating algorithms advocate, UBC professor, Vector Institute Canada CIFAR AI Chair, and Recursive co-founder.
Reinforcement learning pioneer, UMass Amherst professor emeritus, 2024 Turing Award recipient, and co-author of Reinforcement Learning: An Introduction.
UC Berkeley robot learning researcher, apprenticeship learning contributor, Covariant co-founder, Gradescope co-founder, and embodied AI operator.
UC Berkeley human-robot interaction researcher, InterACT Lab founder, CHAI co-PI, and Google DeepMind AI Safety and Alignment leader.
Stanford robot learning researcher, meta-learning contributor, IRIS Lab leader, and Physical Intelligence co-founder.
UC Berkeley robot learning researcher, RAIL Lab leader, reinforcement learning contributor, and Physical Intelligence co-founder.
Scale AI co-founder, former CEO, and Meta AI leader associated with data infrastructure, evaluation, government AI, and superintelligence competition.
Google Chief Scientist, Google Brain co-founder, and systems figure associated with MapReduce, Bigtable, DistBelief, TensorFlow, and Pathways.
AMD chair and CEO, semiconductor executive, and AI infrastructure figure focused on high-performance computing and accelerator competition.
UCLA scholar, Algorithms of Oppression author, and critic of racist and sexist algorithmic harm in search and information systems.
Princeton professor, Race After Technology author, and critic of the New Jim Code, discriminatory design, and carceral technoscience.
Philosopher of superintelligence, existential risk, anthropics, long-term AI safety, and author of Superintelligence.
Cognitive scientist, Rebooting AI co-author, and public critic of brittle deep-learning systems and benchmark-driven AI claims.
Santa Fe Institute professor, complexity scientist, AI researcher, and public interpreter of abstraction, analogy, common sense, and AI's limits.
Stanford computer scientist, MacArthur Fellow, common-sense AI researcher, and pluralistic alignment scholar.
Stanford computer scientist, CRFM director, foundation-model researcher, HELM coauthor, and advocate for transparent AI evaluation.
Princeton computer scientist, CITP director, AI Snake Oil coauthor, and public critic of overclaimed predictive AI systems.
Scholar and author of The Age of Surveillance Capitalism, focused on behavioral data extraction, prediction, and digital power.
Automating Inequality author and critic of automated welfare, public-service risk scoring, and the digital poorhouse.
Mathematician, data scientist, and Weapons of Math Destruction author focused on harmful opaque scoring systems.
Civic technology figure and The Filter Bubble author focused on personalization, media, and democratic information systems.
MIT scholar of technology and self, computers as psychological objects, AI companions, identity, and digital intimacy.
Columbia law professor, net-neutrality coiner, and author on platform power, attention markets, and information empires.
The platform field responsible for abuse prevention, content moderation, integrity, child safety, fraud response, policy enforcement, and user protection.
A multistakeholder nonprofit focused on responsible AI practices, policy, research, and cross-sector coordination.
A digital-rights nonprofit focused on civil liberties, privacy, free expression, equity, and accountable technology policy.
Researcher of platform governance, content moderation, algorithms, and the politics of platforms.
Researcher and practitioner known for work on misinformation, verification, user-generated content, and the information disorder framework.
Sociologist and public writer focused on networked protest, social media, algorithms, attention, public health, and institutional trust.
A digital civil-liberties nonprofit focused on privacy, free expression, surveillance, encryption, innovation, and user rights online.
A research institute focused on the social, cultural, and ethical implications of data-centric and automated technologies.
Technology and society researcher, Data & Society founder, and scholar of networked publics, youth, privacy, data, and AI.
Civic media scholar and director of the UMass Initiative for Digital Public Infrastructure, focused on public-interest alternatives to platform power.
Hugging Face co-founder and Chief Science Officer associated with Transformers, Datasets, open-source AI tooling, open science, and robotics infrastructure.
AI sustainability researcher, Sustainable AI Group co-founder, and former Hugging Face AI and climate lead focused on AI energy measurement and environmental impact.
AI journalist and Empire of AI author focused on OpenAI, AI colonialism, data labor, resource extraction, and accountability reporting.
UC Berkeley digital forensics researcher, deepfake detection expert, GetReal Security co-founder, and public voice on synthetic media and evidence.
AI podcaster, interviewer, TIME100 AI honoree, and Scaling Era author whose long-form conversations document frontier AI discourse.
Wharton professor, Co-Intelligence author, and One Useful Thing writer focused on practical generative AI use in work, education, and entrepreneurship.
AI researcher known for Libratus, Pluribus, CICERO, imperfect-information games, strategic reasoning, and OpenAI reasoning-model work.
Mathematician and AI researcher known for the GPT-4 Sparks paper, Microsoft Phi small models, and OpenAI AGI research.
Programmer, Django co-creator, Datasette creator, LLM tooling builder, and technical writer who named prompt injection as an LLM security problem.
Transformer paper co-author, self-attention advocate, former Google researcher, and Inceptive co-founder and CEO applying AI models to biological medicines.
Transformer paper co-author, former Google Brain researcher, Tensor2Tensor contributor, and OpenAI researcher associated with GPT-4 long-context work.
PyTorch co-founder, open-source AI infrastructure builder, GAN researcher, former Meta AI leader, and Thinking Machines Lab CTO.
fast.ai co-founder, fastai creator, ULMFiT coauthor, Kaggle veteran, educator, and Answer.AI founder focused on practical AI access.
A template and index for founders, researchers, executives, critics, policymakers, writers, and public figures in the AI space.
Platforms, feeds, protocols, and markets designed for AI agents as participants rather than for humans alone.
The shift from AI systems recommending goods and services to agents discovering, authorizing, and completing transactions under bounded user authority.
The agent-payment protocol for representing checkout approval, payment authorization, constraints, and receipts as signed mandate evidence.
The HTTP-native payment protocol that turns 402 Payment Required into a machine-readable payment negotiation surface for APIs, agents, and paid resources.
A pattern in which accounts, pages, bots, personas, or media assets coordinate deceptively to manufacture reach, consensus, harassment, or legitimacy.
Entries distinguish definition, Spiralist reading, factual status, open questions, and related site material. Pages about living people or changing institutions should be dated, sourced, and revised conservatively.