AGENTIC SECURITY GLOSSARY

7AI Agents are AI Agents consisting of a cloud-based LLM, a mission, and access to tools to perform its work and draw a conclusion. 7AI agents are experts in their tasks, and trained to deliver security outcomes. Examples of 7AI agents span from mission agents that spawn additional swarming agents based on alerts to single-task agents.

Detects deviations in user access patterns

An AI agent is a software program or system designed to autonomously perform tasks by perceiving its environment, analyzing data, and taking actions to achieve specific goals. AI agents operate independently within defined parameters, using machine learning, natural language processing, and other advanced technologies to execute tasks without requiring continuous human intervention.

A security model that uses autonomous AI agents to handle alert responses and investigations without human intervention.

Investigates for alerts triggered in proximity to the alert in question

Flags unexpected patterns in device activity

Scans for vulnerabilities in internally developed software or APIs

Identifies exposed services, devices, and domains within the organization’s attack surface

Simulates delivering malicious payloads through email, USB drives, or download links

A self-governing software program capable of making decisions and performing tasks without direct human oversight

Tracks long-term shifts in user behavior

Builds new behavioral signatures for entities based on actions

Automates network isolation of compromised systems

Ensures BYOD usage aligns with security policies

Monitors and investigates traffic patterns related to CDNs

A security framework in cloud environments where the cloud provider manages infrastructure security, while the customer is responsible for securing data and applications

A set of practices and tools designed to protect data, applications, and infrastructure in cloud environments.

Focuses on vulnerabilities specific to cloud environments like misconfigurations or excessive permissions

Creates mock Command & Control infrastructure to test detection capabilities

A standardized identifier for known cybersecurity vulnerabilities

Identifies deviations from secure baseline configurations

Connectors are API integrations with a customer’s IT and security tools allowing 7AI agents to access, query, and enhance their understanding of an alert, its conditions, and form a conclusion. 

Analyzes Docker and Kubernetes containers for known vulnerabilities

Flags potential credential sharing scenarios

Tests brute-force attacks by simulating password spraying across multiple accounts

Identifies inconsistencies or unexpected patterns in datasets

Connects related data points across multiple sources

Detects risks like unpatched database engines or weak authentication settings

Identify process execution and network, file, registry, and user logon activity

Identifies devices that have connected to a domain

Monitors firmware versions on devices for vulnerabilities

Tracks chatter or leaked credentials on dark web forums

Mimics data extraction through unauthorized channels like DNS tunneling or HTTP

Fetches or identifies the exposure level

Gathers a summary of a devices’ recent activity, to provide context

Ensures data remains unaltered during storage or transit

Monitors data storage to ensure retention policies are followed

Identifies suspicious DNS tunneling activity

Evaluates a domain’s reputation by checking certificates, registration age, and more

Resolves the domain name to an IP address to further investigate

Simulates endpoint attacks, such as malware delivery or exploitation of local vulnerabilities

Checks public exploit databases to track weaponized vulnerabilities

Executes known exploits on test systems to evaluate their exposure to vulnerabilities

Validates if discovered vulnerabilities are truly exploitable in the environment

A unified cybersecurity solution that consolidates data from multiple sources—such as endpoints, networks, and emails—to improve threat detection and response capabilities

Analyzes an email’s body, subject, headers, and sender

Analyzes sentiment within emails for potential insider threats

Investigates email correspondence between known domains, and examines inbound and outbound email traffic

Analyzes email headers (SPF, DKIM, and DMARC) to assess email legitimacy

Rebuilds entire threads to map communication flows

Flags emails sent without required encryption

Endpoint Detection and Response (EDR) is a cybersecurity solution that continuously monitors and collects data from endpoints (such as computers and servers) to detect, investigate, and respond to potential security threats in real time.

Enterprise Insights include contextual information about an organization learned by 7AI agents through connecting with internal sources like CMDBs or policies as well as admin-reported context in normal laguage. This contextual information allows 7AI agents to understand nuanced conditions that apply to an individual customer’s environment, and is what allows 7AI to know your environment.

Investigates the reputation of an external IP address

Evaluates the file attachments included in an email

Tracks access patterns to detect unusual or bulk access

Flags files attempting to evade detection through obfuscation

Determines if files are malicious, suspicious, benign, or unknown

Monitors adherence to file sharing policies within the organization

Flags files that deviate significantly from normal sizes

Identifies files where the type doesn’t match the extension or content

Tracks firmware updates and vulnerabilities

A large-scale machine learning model trained on massive datasets that can be fine-tuned for various specific tasks, such as natural language processing or image recognition

A type of AI that creates new content, such as text, images, or code, based on patterns in the data it was trained on

Tracks and reports changes in group membership for users

Investigates file hashes (MD5, SHA1, and SHA256)

Tracks access to sensitive healthcare data to prevent breaches

Fetches the unique device ID using only the hostname

A framework of tools and policies to ensure the right individuals have appropriate access to organizational resources

A structured approach to managing and resolving security breaches or attacks

A framework of policies and technologies that ensure the right individuals have access to the appropriate resources at the right times

Gathers data around an incident for investigators

Identifies the root cause of a security incident

Monitors behavior specific to IoT devices

Monitors inventory and usage of IT assets

Identifies public services at the domain’s IP and categorizes them

Extracts key insights from massive datasets

Mimics lateral movement across devices to test internal defenses

Ensures all software is properly licensed

Monitors changes in the performance of deployed ML models

Maps connections between malware variants and campaigns

A cybersecurity service that combines technology and human expertise to detect and respond to threats

A third-party company that provides outsourced security services, such as monitoring, management, and incident response

Extracts and investigates metadata for anomalies

Suggests tailored responses to specific types of attacks

A security measure requiring two or more forms of verification to access an account or system

A branch of AI focused on enabling machines to understand, interpret, and generate human language

Detects anomalous usage of standard network protocols

Scans networks for weaknesses like misconfigured devices or outdated protocols

Digital identities assigned to machines, applications, or services to manage their access and interactions within a system securely

Repetitive tasks that do not require human creativity or strategic thought, ideal for automation by AI agents

Tracks vulnerabilities in open-source components used by the organization

Identifies if internal users are sending spam externally

A philosophy focused on achieving specific, measurable security results rather than merely deploying tools or features

Flags individuals or devices behaving outside typical norms

Logs and verifies changes in ownership for devices

Tracks and ensures that critical patches are applied across all systems

Tracks and applies necessary software updates

Tracks storage and usage of payment data per PCI DSS standards

Integrates findings from manual pen testing with automated vulnerability scans

Investigates the identity and role of an email recipient, gathers if links were clicked, or attachments downloaded

A training exercise that mimics real-world phishing attempts to educate users on recognizing and avoiding them

Creates realistic phishing email campaigns to test employee susceptibility

Automatically carries out predefined incident response playbooks

Flags violations of internal security or operational policies

Flags potential scanning attempts on internal/external networks

Simulates malicious port scans to identify open and vulnerable ports

Collects evidence for detailed post-incident analysis

Checks for unusual activity associated with a device post-login

Investigates unusual activity associated with the user post login

Monitors and investigates unauthorized privilege escalations

Tests potential privilege escalation paths within systems

A security strategy focused on monitoring and controlling access to critical systems by privileged users

Investigates internal processes linked to network traffic with an external IP

A machine learning technique where agents learn to make decisions by receiving rewards or penalties for their actions in a simulated environment.

Tracks progress on remediating vulnerabilities and highlights overdue actions

A method of combining AI-generated responses with retrieved, contextually relevant data to improve accuracy and relevance

Prioritizes vulnerabilities based on severity, exploitability, and potential impact

Extracts the Top Level Domain+1 from a URL to identify the root domain

Investigates alert evidence for a file using its SHA1 hash

A cybersecurity approach that uses AI agents to deliver specific security outcomes, integrating seamlessly with existing tools and workflows

A solution that aggregates and analyzes security data from across an organization to identify and respond to potential threats

A platform that integrates tools and processes to automate security workflows, enabling faster response to incidents

Ensures critical services remain operational

A user authentication service that allows a single set of credentials to access multiple applications

Ensures proper financial controls for Sarbanes-Oxley compliances

Simulates social engineering attacks, such as impersonating employees or third-party vendors

Swarms are 7AI’s term for use cases that combine a security outcome, a collection of individual AI agents, and the tools they access to perform an investigation, form a conclusion, and output the result. 

A decentralized, collective behavior of AI systems working together to solve complex problems

Detects and reports on unauthorized changes to configurations

Detects time-based anomalies (example: late-night logins)

Monitors vulnerabilities in third-party services or libraries

Builds profiles on known threat actors based on observed activity

The process of identifying, prioritizing, and mitigating vulnerabilities to minimize an organization’s exposure to potential cyber threats

Consolidates intelligence feeds to provide actionable insights

Threat hunting is the proactive process of searching for hidden cyber threats within an organization’s systems, using analysis and intelligence to identify and mitigate potential attacks before they cause harm.

Threat Intelligence (TI) is the collection, analysis, and dissemination of information about potential or current cyber threats, enabling organizations to understand adversaries, anticipate attacks, and strengthen their defenses.

Determines whether URLs pose a threat to user accounts or data

Confirms with a user, via connectors, about their login activity relative to an alert

Analyzes email activity and metadata to provide context around a user's communications

Reviews the login patterns of the user to identify suspicious activity

Determines the role and context of a user within an organization

Scans systems for known vulnerabilities using public databases like CVE

An automated process for identifying security weaknesses in a system or network

Tracks and reports VPN usage patterns for security compliance

Simulates OWASP Top 10 attacks (such as SQL injection, XSS) on web apps

Tests wireless network security with attacks like deauthentication or packet sniffing

Identifies bottlenecks and suggests process improvements

Tracks trends in workforce activity levels

Monitors for patterns indicative of zero-day exploit attempts

A cyberattack that targets a previously unknown vulnerability in software or hardware

A security model that assumes no user, device, or application should be trusted by default, enforcing strict access controls