📖 Cloud Security Glossary

📖 Cloud Security Glossary

No terms match your search. clear.

📚 Contents

• Cloud Service & Deployment Models
• Compute, Containers & Serverless
• Identity & Access Management (IAM)
• Networking & Zero Trust
• Data Protection, Secrets & Cryptography
• Logging, Detection & Response
• Posture, Policy & the *PM Family
• Vulnerability & Supply-Chain Security
• Compliance Frameworks
• Threats, Attacker Techniques & Frameworks
• AI, LLM & Agentic-System Security
• DevOps, IaC & Operating Concepts
• Standards Bodies & Authorities

☁️ Cloud Service & Deployment Models

IaaS — Infrastructure as a Service

Raw compute, storage, and network resources on demand. You manage the OS and everything above. Examples: EC2, Azure VM, GCE.

PaaS — Platform as a Service

The provider runs the OS and runtime; you ship code. Examples: App Service, App Engine, Elastic Beanstalk.

SaaS — Software as a Service

Fully hosted application; you manage only your data and users. Examples: Microsoft 365, Salesforce, Workday.

FaaS — Function as a Service

Run a piece of code in response to an event. Provider handles everything else. Examples: AWS Lambda, Azure Functions, GCP Cloud Functions.

Public / Private / Hybrid / Multi-Cloud

Public is shared infrastructure (AWS, Azure, GCP). Private is dedicated. Hybrid mixes them. Multi-cloud uses two or more public providers.

Cloud-Native

Architecture that takes advantage of cloud-specific properties — elasticity, managed services, ephemeral compute, declarative APIs.

Shared Responsibility Model

The provider secures the cloud (hardware, hypervisor, physical sites); the customer secures what's in the cloud (data, identities, configuration). The line shifts depending on the service tier.

Tenant / Multi-Tenant

A logical boundary for one customer's data, identities, and configuration in a shared platform. Multi-tenant SaaS keeps many tenants isolated on the same infrastructure; the cross-tenant boundary is the provider's most security-critical control.

🐳 Compute, Containers & Serverless

Container

An OS-level isolated process bundle. Same kernel as the host, separate userland.

Image

The static template a container is launched from. Layered, immutable, and addressable by digest.

Registry

Where container images live (Docker Hub, ECR, GHCR, ACR, GAR).

Kubernetes (K8s)

Open-source container orchestration. Schedules workloads onto a fleet of nodes via a declarative API.

Pod

The smallest deployable unit in K8s — one or more co-located containers that share a network namespace.

Sidecar

A helper container co-located with an app container in the same pod (commonly for proxies, log shippers, secret fetchers).

Service Mesh

An infrastructure layer that handles east-west service-to-service traffic — mTLS, retries, traffic shifting. Examples: Istio, Linkerd.

Serverless

Compute model where you don't manage servers, scaling, or capacity — typically functions or container runtimes that scale to zero.

EKS / AKS / GKE

Managed Kubernetes from AWS / Azure / Google.

ECS / Fargate

AWS container orchestration (ECS) and its serverless data plane (Fargate).

EC2 — Elastic Compute Cloud

AWS's foundational IaaS compute service: virtual machines you launch, scale, and snapshot on demand. The historical entry point for cloud workloads and the surface most cloud-security misconfigurations show up on (open security groups, public AMIs, exposed IMDS).

Lambda / Functions / Cloud Functions / Cloud Run

FaaS offerings from AWS (Lambda) / Azure (Functions) / Google (Cloud Functions and Cloud Run, the latter for container-based serverless).

Confidential Computing

Hardware-enforced memory encryption (Intel SGX, AMD SEV, AWS Nitro, Azure Confidential VMs) so the cloud provider can't see your workload memory in plaintext.

Hypervisor

Software that creates and isolates virtual machines. Type 1 runs on bare metal (ESXi, Xen, KVM); Type 2 runs on a host OS (VirtualBox, Parallels). The control plane the cloud provider secures.

eBPF

Extended Berkeley Packet Filter — a Linux kernel runtime that safely executes sandboxed programs attached to syscalls, network paths, and tracepoints. The basis of modern runtime-security and observability tooling (Cilium, Falco, Tetragon).

Tetragon

Open-source eBPF-based runtime security from Isovalent. Provides Kubernetes-aware process, network, and file observability with optional inline enforcement.

🔑 Identity & Access Management (IAM)

IAM — Identity & Access Management

Who you are and what you're allowed to do. The control plane for cloud security.

Principal

The acting identity — a user, role, service account, or workload — making an authenticated request.

RBAC — Role-Based Access Control

Permissions assigned to roles, roles assigned to identities. Easy to reason about; coarse-grained.

ABAC — Attribute-Based Access Control

Permissions evaluated against attributes (tag, department, time of day). Fine-grained, harder to audit.

PBAC — Policy-Based Access Control

Decisions made by a centralized policy engine (e.g., OPA) rather than scattered ACLs.

IdP — Identity Provider

The system that authenticates users (Okta, Azure AD / Entra ID, Google Workspace).

SP — Service Provider / RP — Relying Party

The application that trusts the IdP's assertion of who the user is.

SSO — Single Sign-On

Sign in once, get into many applications without re-entering credentials.

SAML 2.0

XML-based federation protocol — the IdP sends a signed assertion to the SP.

OIDC — OpenID Connect

Identity layer on top of OAuth 2.0. Issues JWT ID tokens. The modern default.

OAuth 2.0

Delegated authorization framework. Issues access tokens; the spec doesn't define authentication.

JWT — JSON Web Token

A signed (and optionally encrypted) JSON blob used as a token. Common in OIDC and API auth.

Phishing-Resistant MFA

Multi-factor methods that can't be relayed or replayed by an attacker because the second factor is cryptographically bound to the origin — FIDO2 security keys, passkeys, smartcards. Push prompts, OTP codes, and SMS are explicitly not phishing-resistant.

MFA — Multi-Factor Authentication

Something you know + something you have (or are). Phishing-resistant MFA = WebAuthn / FIDO2.

FIDO2 / WebAuthn / Passkeys

Public-key authentication standards that resist phishing. Passkeys are syncable WebAuthn credentials.

Federation

Trusting tokens from a foreign IdP (e.g., GitHub Actions OIDC tokens trusted by AWS to assume a role).

STS — Security Token Service

Issues short-lived credentials, typically by exchanging a long-lived identity for a temporary role session.

AssumeRole

The AWS STS call that swaps your identity for temporary credentials of a target role.

Service Principal

An Entra ID identity for an application, service, or automation — the Azure analogue of an AWS IAM role for workloads. Pair with a managed identity when possible to avoid managing client secrets.

Service Account / Managed Identity / Workload Identity

The non-human principal a workload uses to authenticate (GCP service account, Azure managed identity, Kubernetes ServiceAccount → cloud role).

OIDC Federation (workload identity federation)

A workload presents a short-lived OIDC token from its host (e.g., GitHub Actions) which the cloud trusts to issue temporary credentials. Removes long-lived secrets from CI.

Conditional Access

Policy that grants access only when contextual conditions are met (device compliant, location, risk score).

JIT — Just-In-Time Access

Permissions are elevated only for the duration of a task, then expire.

Least Privilege / Just-Enough Access

Grant the minimum permissions necessary for the task. The defining principle of cloud IAM.

SCP — Service Control Policy

AWS Organizations guardrail; sets the maximum permissions an account can have, even for the root user.

Permission Boundary

An IAM policy that caps the effective permissions of an entity, regardless of attached policies.

IMDS / IMDSv1 / IMDSv2

Instance Metadata Service — the link-local 169.254.169.254 endpoint that hands credentials to EC2 instances. IMDSv1 is unauthenticated and reachable via SSRF (the Capital One pattern). IMDSv2 requires a PUT-issued session token bound to the requester, defeating SSRF abuse — enforce v2-only on every account.

IAM Access Analyzer

AWS service that flags IAM roles, policies, and resources granting access to external accounts or principals you didn't intend. Also surfaces unused permissions, helping enforce least privilege.

Active Directory (AD)

Microsoft's directory service for on-prem identity. Still the primary user/group/auth backend for most enterprises; cloud identity providers federate to it.

Entra ID / Azure AD

Microsoft's cloud identity service. "Azure AD" is the legacy name; Microsoft renamed it Entra ID in 2023 but the older name is still pervasive in tooling, documentation, and conversation. Hosts users, groups, conditional-access policies, and the SAML/OIDC endpoints behind Microsoft 365 and Azure.

Kerberos

Network authentication protocol using time-bound encrypted tickets. The auth fabric of Active Directory; compromise of the krbtgt account yields a "Golden Ticket".

ACL — Access Control List

A list of rules attached to a resource specifying who can access it and how. Predates RBAC/ABAC; still common on filesystems, S3 objects, and network devices.

🌐 Networking & Zero Trust

VPC / VNet

Virtual Private Cloud / Virtual Network — your isolated network space inside a cloud account.

Subnet

A slice of a VPC's IP range, bound to one availability zone.

Security Group

A stateful per-ENI firewall (AWS / Azure NSG / GCP firewall rule).

NACL — Network Access Control List

A stateless subnet-level firewall (AWS).

Peering / Transit Gateway / Cloud Interconnect

Mechanisms for connecting VPCs / VNets to each other or to on-prem networks.

NAT — Network Address Translation

Lets private-subnet workloads reach the internet through a shared egress IP.

PrivateLink / Private Endpoint / Private Service Connect

Private routable endpoints for cloud services that never traverse the public internet.

Ingress / Egress

Inbound / outbound traffic. Egress controls are where most data exfil hides.

WAF — Web Application Firewall

Layer-7 filter for HTTP traffic — XSS, SQLi, rate limits, geo blocks.

Bastion Host / Jump Box

A hardened entry point into a private network. Modern equivalents: SSM Session Manager, IAP, Azure Bastion.

Zero Trust

Architectural principle: assume the network is hostile. Authenticate and authorize every request, regardless of source.

BeyondCorp

Google's foundational zero-trust paper / model — access decisions based on user + device + context, not network location.

SASE / SSE

Secure Access Service Edge / Security Service Edge — vendor-bundled cloud-delivered SWG + ZTNA + CASB + FWaaS.

ZTNA — Zero-Trust Network Access

Identity-aware proxy that replaces traditional VPN. Per-application access, not network-wide.

CASB — Cloud Access Security Broker

Inline or API-based control point for SaaS usage — DLP, posture, shadow-IT discovery.

Microsegmentation

Fine-grained network isolation between workloads, typically enforced by sidecar proxies or eBPF.

Network Policy

Kubernetes-native firewall rules expressed as YAML, restricting which pods may talk to which. Default-deny network policies are a baseline cluster-hardening control.

DDoS — Distributed Denial of Service

Overwhelming a service with traffic from many sources to make it unavailable. Mitigated by CDNs, scrubbing services, and rate-limited APIs.

AWS Shield

AWS's DDoS mitigation service. The Standard tier is on by default for all customers; Shield Advanced adds 24×7 DDoS Response Team access, cost protection during attacks, and tighter integration with WAF and Route 53.

ENI — Elastic Network Interface

An AWS virtual NIC that can be detached and reattached between EC2 instances. The unit a Security Group is bound to.

🔒 Data Protection, Secrets & Cryptography

S3 — Simple Storage Service

AWS's object storage service. The most common cloud-security failure surface: public buckets, overly broad bucket policies, world-readable objects, and ACL/policy interactions that produce surprises. Capital One, LastPass, Snowflake-adjacent leaks, and many others all involved S3 as the exfil destination.

KMS — Key Management Service

Managed service that creates, stores, and uses cryptographic keys. AWS KMS, Azure Key Vault, GCP Cloud KMS.

Key Vault

Azure's combined KMS and secrets store. Holds keys (software- or HSM-protected), secrets (passwords, connection strings), and certificates. Access governed by RBAC or legacy access policies.

Cloud KMS

Google Cloud's KMS service. Software keys, HSM-backed keys, and external key support. Integrates with Customer-Managed Encryption Keys (CMEK) across most GCP services.

HSM — Hardware Security Module

Tamper-resistant hardware that performs crypto operations and never lets keys leave it.

KEK / DEK — Key Encryption Key / Data Encryption Key

Pattern: encrypt data with a DEK, then encrypt the DEK with a KEK held in KMS/HSM.

Envelope Encryption

The standard cloud pattern of wrapping a DEK with a KEK so the DEK can travel with the ciphertext.

BYOK / HYOK

Bring/Hold Your Own Key — customer supplies (or holds) the master key, not the cloud provider.

Secrets Manager / Vault

A managed store for credentials, API keys, and connection strings (AWS Secrets Manager, Azure Key Vault, HashiCorp Vault, GCP Secret Manager).

DLP — Data Loss Prevention

Tooling that detects and blocks sensitive data (PII, PHI, secrets) from leaving its boundary.

Microsoft Purview

Microsoft's data-governance and compliance platform — data classification, retention, DLP, insider-risk, and audit. Replaces the older Compliance Center and integrates with Microsoft 365 and Azure data services.

Tokenization

Replacing sensitive values with non-reversible references; the real value lives in a token vault.

Encryption at Rest / In Transit / In Use

Three states data can be in. Cloud KMS handles 1 & 2; confidential computing handles 3.

TLS — Transport Layer Security

Encrypts data in transit. TLS 1.2 minimum; 1.3 preferred.

mTLS — Mutual TLS

Both client and server authenticate via certificates. Common inside service meshes.

PKI — Public Key Infrastructure

The system of CAs, certificates, and trust chains that issues and validates the keys behind TLS, code signing, and S/MIME.

PQC — Post-Quantum Cryptography

Cryptographic algorithms designed to resist attacks from sufficiently large quantum computers. NIST's first standardized PQC suite (ML-KEM, ML-DSA, SLH-DSA) is what cloud providers and TLS implementations are migrating toward.

HNDL — Harvest Now, Decrypt Later

Threat model where an adversary captures encrypted traffic or data today, banking on future quantum computers to break it. The reason PQC migrations are urgent for long-lived secrets even though large quantum computers don't exist yet.

Crypto Agility

The property of a system that can swap cryptographic algorithms (and key sizes) without redesign. Critical for the PQC transition — and for surviving the next algorithm break after that.

📡 Logging, Detection & Response

SIEM — Security Information and Event Management

Central log aggregation + correlation + alerting. Splunk, Microsoft Sentinel, Chronicle, Elastic, Sumo.

Microsoft Sentinel

Microsoft's cloud-native SIEM and SOAR platform, built on Azure Monitor / Log Analytics. Native ingestion for Microsoft 365, Entra, Defender, and many third-party sources; KQL-based detection rules.

AWS Security Hub

AWS's central findings aggregator. Pulls signals from GuardDuty, IAM Access Analyzer, Inspector, Macie, and partner products into one normalized view, plus automated CSPM checks against frameworks like CIS, AWS FSBP, and PCI.

SOAR — Security Orchestration, Automation, and Response

Runs automated playbooks against alerts — enrich, contain, ticket, page.

SOC — Security Operations Center

The team (and room) that monitors and triages security alerts.

EDR / XDR / NDR / MDR

Endpoint / eXtended / Network Detection & Response. MDR adds a managed service. XDR claims to unify telemetry across surfaces.

CloudTrail / Activity Log / Audit Log

The control-plane audit trail for AWS / Azure / GCP. Your most important log source in cloud.

VPC Flow Logs

Network metadata (5-tuple, action, bytes) for traffic in a VPC. Cheap, useful for DFIR.

GuardDuty / Defender for Cloud / Security Command Center (SCC)

Native threat detection services in AWS / Azure / GCP.

Falco

Open-source runtime threat detection for Linux and Kubernetes, originally based on syscalls and now eBPF.

Sigma

Vendor-agnostic detection rule format that compiles to SIEM-specific queries.

YARA

Pattern-matching rules for files, malware, and memory artifacts.

OpenTelemetry (OTel)

Open standard for emitting traces, metrics, and logs across languages and platforms.

IOC — Indicator of Compromise

An artifact (hash, IP, domain) tied to known-bad activity.

IOA — Indicator of Attack

A pattern of behavior suggesting attack regardless of specific artifacts.

Dwell Time

How long an attacker is in your environment before detection. The metric defenders try to shrink.

MTTD / MTTR

Mean Time To Detect / Respond. Common SOC KPIs.

DFIR — Digital Forensics & Incident Response

The discipline (and team) that handles incidents end-to-end.

Detection Engineering

The practice of building, testing, and maintaining detection content as code — Sigma rules, KQL queries, YARA signatures — with measurable coverage against MITRE ATT&CK techniques. Distinct from "writing alerts," in that it treats detections as a versioned, peer-reviewed, regression-tested artifact.

Threat Hunting

Hypothesis-driven search through telemetry for adversary activity that hasn't tripped an alert. Hunting tests detection coverage, surfaces dwell-time issues, and produces new detection-engineering content.

🧭 Posture, Policy & the *PM Family

CSPM — Cloud Security Posture Management

Continuous misconfiguration scanning of cloud accounts (public S3, open SGs, missing MFA, etc.).

KSPM — Kubernetes Security Posture Management

Same idea, scoped to Kubernetes (RBAC sprawl, privileged pods, missing PSS).

CIEM — Cloud Infrastructure Entitlements Management

Permission analysis — finds unused permissions, identifies privilege paths, drives least privilege.

CWPP — Cloud Workload Protection Platform

Runtime protection for VMs, containers, and serverless — agent-based or eBPF.

CNAPP — Cloud-Native Application Protection Platform

The vendor super-bundle: CSPM + CWPP + CIEM + IaC scanning + sometimes DSPM/ASPM.

DSPM — Data Security Posture Management

Discovers and classifies sensitive data across cloud and SaaS, then flags risky exposure.

ASPM — Application Security Posture Management

Aggregates SAST/DAST/SCA findings and ties them to ownership, priority, and reachability.

CADR — Cloud Application Detection and Response

Newer category: runtime detection focused on application-layer attacks in cloud.

AI-APP — AI Application Protection Platform

Emerging category (coined by Wiz) for platforms that secure deployed AI/LLM applications end-to-end — model inventory, prompt-injection defenses, data-flow monitoring between models and tools, and runtime detection of agent misuse. Pairs with CNAPP for the AI workload layer.

OPA — Open Policy Agent

General-purpose policy engine. Decisions in, decisions out.

Rego

The query language used by OPA.

Policy-as-Code

Expressing security and compliance rules as code — versioned, reviewable, testable.

Drift

Live infrastructure no longer matching its declared state (Terraform, Bicep, CFN). A common post-incident artifact.

Hardening / Baseline

Reducing attack surface to a defined "known good" configuration (CIS Benchmark, vendor security best practices).

PSS — Pod Security Standards

Kubernetes' built-in pod-hardening tiers — Privileged / Baseline / Restricted — replacing the deprecated PodSecurityPolicy.

CTEM — Continuous Threat Exposure Management

Gartner-coined program model that unifies vulnerability management, attack-surface management, identity-risk analysis, and red-team validation into one continuous loop. Increasingly the framing replacing traditional "patch the CVE" vulnerability programs.

🐛 Vulnerability & Supply-Chain Security

Supply-Chain Attack

Compromising the path that produces or delivers software so the malicious change rides through trusted channels — a poisoned dependency, a backdoored build step, a stolen signing key, a malicious GitHub Action. SolarWinds, the PyPI/npm typosquats, Codecov, and the XZ backdoor are all examples. The SLSA framework, SBOMs, and Sigstore exist to harden it.

CVE — Common Vulnerabilities and Exposures

A unique ID for a publicly disclosed vulnerability, assigned by MITRE/CNAs.

CVSS — Common Vulnerability Scoring System

0–10 severity score for a CVE. Famously poorly correlated with actual exploitation.

EPSS — Exploit Prediction Scoring System

FIRST-maintained probability that a CVE will be exploited in the next 30 days. Pairs better with CVSS than CVSS does alone.

KEV — Known Exploited Vulnerabilities

CISA's catalog of CVEs known to be actively exploited. The "fix this now" list.

SAST / DAST / IAST

Static / Dynamic / Interactive Application Security Testing. Source-time / run-time / both.

SCA — Software Composition Analysis

Identifies open-source dependencies and their known vulnerabilities.

SBOM — Software Bill of Materials

The ingredient list for a piece of software — components, versions, licenses, hashes. Formats: SPDX, CycloneDX.

SLSA — Supply-chain Levels for Software Artifacts

OpenSSF framework defining levels of build-pipeline integrity (signed provenance, isolated builders, etc.).

Sigstore / cosign

Free, keyless artifact signing using short-lived OIDC-based certs and a public transparency log.

Provenance

Verifiable record of how a build artifact was produced — source commit, builder, dependencies.

Dependency Confusion

Supply-chain attack where a public package matches the name of a private internal one and gets pulled by mistake.

Typosquatting

Malicious package using a misspelling of a legitimate one.

PyPI — Python Package Index

The official public repository for Python packages. A frequent supply-chain target — typosquatting, dependency confusion, and account takeovers of maintainers all show up here regularly.

npm

The default package registry for JavaScript / Node.js. Same threat profile as PyPI: typosquatting, dependency confusion, post-install scripts that steal secrets, and high-blast-radius compromises of popular packages.

VEX — Vulnerability Exploitability eXchange

Statement attached to an SBOM saying whether a known CVE is actually exploitable in this product / build.

CWE — Common Weakness Enumeration

MITRE's catalog of weakness types (e.g., CWE-79 = XSS, CWE-89 = SQL injection). CVEs are concrete instances; CWEs are the categories.

📜 Compliance Frameworks

NIS2 Directive

EU directive (2022/2555) expanding cybersecurity obligations across "essential" and "important" entities — energy, transport, banking, health, cloud providers, MSPs, and more. Member states transposed it into national law in 2024–2025. Mandates risk management, supply-chain due diligence, 24-hour incident notification, and personal liability for management.

SOC 2

AICPA audit covering Security (required) plus optional Availability, Confidentiality, Processing Integrity, and Privacy.

ISO/IEC 27001

International standard for an Information Security Management System (ISMS). Certifiable.

PCI DSS

Payment Card Industry Data Security Standard. If you process card data, this applies.

HIPAA

US healthcare regulation governing protected health information (PHI).

GDPR / CCPA / CPRA

EU and California data-protection laws. Govern lawful basis, rights, and breach disclosure.

FedRAMP

US federal program authorizing cloud services for government use. Low / Moderate / High baselines.

NIST CSF — Cybersecurity Framework

Govern / Identify / Protect / Detect / Respond / Recover. Common North-Star for security programs.

NIST SP 800-53

The US-government control catalog underlying FedRAMP and many compliance regimes.

NIST SP 800-171

Controls for protecting Controlled Unclassified Information (CUI) in non-federal systems.

CIS Benchmarks

Hardening guides for specific platforms (AWS, Azure, GCP, K8s, OSes). Maintained by the Center for Internet Security.

CSA CCM — Cloud Controls Matrix

Cloud Security Alliance's cloud-specific control framework.

DORA

EU Digital Operational Resilience Act — financial-sector ICT risk and third-party oversight.

⚔️ Threats, Attacker Techniques & Frameworks

MITRE ATT&CK

Knowledge base of adversary tactics, techniques, and procedures. Has Cloud, Containers, Mobile, ICS matrices.

D3FEND

MITRE's defensive counterpart to ATT&CK — countermeasure techniques mapped to attacker techniques.

TTP — Tactics, Techniques, and Procedures

The "how" of an adversary's behavior, increasingly specific from tactic → technique → procedure.

Kill Chain

Lockheed Martin's seven-stage model of an intrusion: Recon → Weaponization → Delivery → Exploitation → Installation → C2 → Actions on Objectives.

Initial Access

How the attacker first lands — phish, exposed service, valid credentials, supply chain.

Lateral Movement

Pivoting from one foothold to other systems, often using stolen tokens.

Privilege Escalation

Gaining higher rights than originally granted (vertical) or rights of a peer (horizontal).

Persistence

Mechanisms attackers leave to survive reboots, password rotations, and credential rotations.

Exfiltration

Stealing data out of the environment — often via DNS, S3, GitHub, or messaging services.

C2 — Command & Control

The channel an attacker uses to control implants. Often blended with legitimate cloud services.

Credential Stuffing

Replaying breached username/password pairs against other services.

Infostealer

Commodity malware (RedLine, Raccoon, LummaC2, Vidar…) that scrapes browser-saved credentials, session cookies, crypto wallets, and authenticated SaaS tokens off an infected workstation. Logs are then sold on criminal markets — the same data that fueled the Snowflake/UNC5537 wave. The reason "the laptop got infected" is now a cloud problem.

Data Exfiltration

Stealing data out of the environment. The "Actions on Objectives" stage of most cloud breaches. Common channels: S3 uploads, DNS tunneling, GitHub gists, Discord/Slack webhooks, Telegram bots, and outbound HTTPS to attacker infrastructure. Egress controls and DLP are the defensive layer.

Red Team / Blue Team / Purple Team

Red-team operators emulate an adversary against a real target with realistic objectives and stealth. Blue-team operators defend, detect, and respond. Purple-team engagements run them together — red executes, blue watches, both tune detections in real time. Distinct from a one-off pen test, a red-team engagement assumes weeks-to-months and full TTP latitude.

Phishing / Spear Phishing / Whaling

Email-borne credential theft, targeted variant, and exec-targeted variant.

Consent Phishing / OAuth Phishing

Tricking a user into granting an attacker-owned OAuth app permission to their account. No password ever stolen.

MFA Fatigue / Push Bombing

Spamming push prompts until the user accepts one. Defeated by number matching and FIDO2.

SSRF — Server-Side Request Forgery

Trick a server into fetching an attacker-chosen URL. In cloud, the historical path to IMDS credentials.

XSS — Cross-Site Scripting

Injecting attacker-controlled JS into another user's session. Stored, reflected, DOM-based.

CSRF — Cross-Site Request Forgery

Tricking a victim's browser into making an authenticated request to a target site.

RCE — Remote Code Execution

Running attacker code on a server. The most consequential class of bug.

Golden SAML

Forging arbitrary SAML assertions after stealing the IdP's signing key. Made famous by SolarWinds.

Golden Ticket / Silver Ticket

Active Directory Kerberos ticket forgeries (krbtgt or service-account hashes).

Pass-the-Hash / Pass-the-Token / Pass-the-Cookie

Reusing stolen credential material without ever knowing the underlying password.

BOLA / IDOR

Broken Object Level Authorization / Insecure Direct Object Reference — accessing another user's record by changing an ID.

Living Off the Land (LOTL)

Attackers using legitimate, signed tools already in the environment (PowerShell, certutil, AWS CLI) to evade detection.

Shadow IT / Shadow AI

Unsanctioned services / AI tools adopted by employees, outside the visibility of security and IT.

🤖 AI, LLM & Agentic-System Security

AI — Artificial Intelligence

In a cloud-security context, "AI" almost always means systems built around large language models — chat assistants, RAG pipelines, autonomous agents, and the cloud services that host them. The security concerns are configuration of model endpoints, data flow into and out of models, prompt injection, and the blast radius of agents with tool access.

LLM — Large Language Model

Transformer-based models trained on huge text corpora; the engine behind chat assistants and agents.

Fine-Tuning

Continuing the training of a base LLM on a narrower dataset to specialize it. Security implications: the fine-tuning corpus often contains sensitive internal data, the resulting weights become a sensitive asset, and training-data extraction attacks can recover memorized examples.

Embedding

A vector representation of text (or images, code) produced by a model so semantic similarity can be computed by distance. The retrieval half of RAG runs over a vector database of embeddings. Embeddings can also leak information about the source text, so embedding stores need access controls.

Prompt Injection

Untrusted input that overrides the system prompt or coerces the model into actions it shouldn't take. The defining LLM vulnerability.

Indirect Prompt Injection

Injection delivered via content the model retrieves (web pages, emails, docs) rather than the user's message.

Jailbreak

Inputs that bypass an LLM's safety training to elicit prohibited content.

RAG — Retrieval-Augmented Generation

Retrieving relevant documents at query time and stuffing them into the model's context.

MCP — Model Context Protocol

Open standard for giving LLMs structured access to tools and data sources.

Agent / Agentic System

An LLM that can take actions via tools, often in multi-step loops. Expands the blast radius of prompt injection.

Tool Use / Function Calling

An LLM emitting a structured request to call an external function (API, shell, browser).

Confused-Deputy (in agents)

An agent acting on behalf of the wrong principal — typically because tool input from one user is interpreted as instructions from another.

Guardrails

Input/output filters around an LLM to block prompt injection, PII leaks, or off-topic responses. Helpful, not sufficient.

Model Exfiltration

Stealing weights or fine-tuning data from a hosted model.

Training-Data Extraction

Eliciting verbatim training data from a model, especially memorized PII or secrets.

AI Red-Teaming

Adversarial probing of a model or agent for harmful, biased, or insecure behaviors. Distinct from infrastructure red-teaming: the targets are prompt injection, jailbreaks, training-data leakage, and tool-use abuse rather than networks and credentials.

OWASP LLM Top 10

The community-maintained top risks list for LLM applications.

NIST AI RMF

NIST's AI Risk Management Framework — Govern / Map / Measure / Manage.

Promptware

Malicious payloads delivered via prompts to LLMs and agents — a cloud-relevant attack class as agents gain real-world tool access (see Breach Kill Chains).

⚙️ DevOps, IaC & Operating Concepts

IaC — Infrastructure as Code

Declaring infrastructure in versioned code. Terraform / OpenTofu, CloudFormation, Bicep, Pulumi, Crossplane.

GitOps

Use Git as the source of truth for desired state; an agent reconciles the live system to match.

CI/CD — Continuous Integration / Continuous Delivery

Pipelines that build, test, and deploy code automatically.

Immutable Infrastructure

Servers/containers are never modified after deploy — they're replaced. Reduces drift and forensics surprises.

Blue/Green & Canary Deploys

Deployment patterns that ship to a subset of traffic to limit blast radius.

Blast Radius

The scope of damage if a credential, identity, or system is compromised. Minimizing it is a design principle.

Ephemeral Credentials

Short-lived (minutes to hours) credentials issued by STS / OIDC federation. The replacement for long-lived access keys.

Secrets Sprawl

Long-lived API keys checked into repos, dumped in shell histories, or shared in chat. Cloud's most reliable attack source.

Shift Left / Shift Right

Doing security in dev/CI (left) vs. runtime/production (right). Both are needed.

Toil

Repetitive manual operational work. SRE term — the thing automation aims to eliminate.

SLO / SLI / SLA

Service Level Objective / Indicator / Agreement — what you target, how you measure, what you're contractually liable for.

Runbook / Playbook

Documented procedures for handling specific operational or security events.

🏛️ Standards Bodies & Authorities

NIST

US National Institute of Standards and Technology. Owns CSF, the SP 800-series, NVD, and the AI RMF.

CISA

US Cybersecurity & Infrastructure Security Agency. Publishes KEV, advisories, and Secure-by-Design guidance.

MITRE

Operates the CVE program, ATT&CK, D3FEND, and CWE.

CSA — Cloud Security Alliance

Industry body behind CCSK, CCAK, the CCM, and the Egregious Eleven / Top Threats reports.

OWASP

Open Worldwide Application Security Project. Top 10 series, ASVS, ZAP.

ENISA

EU Agency for Cybersecurity. Publishes risk reports and threat-landscape research.

FIRST

Forum of Incident Response and Security Teams. Owns CVSS and EPSS, hosts the global CSIRT community.

CNCF

Cloud Native Computing Foundation. Stewards Kubernetes, Falco, OPA, OpenTelemetry, and more.

OpenSSF

Open Source Security Foundation. Stewards SLSA, Sigstore, Scorecard.

NVD — National Vulnerability Database

NIST's enriched feed of CVEs with CVSS scoring and CPE tagging.

CISA KEV

The Known Exploited Vulnerabilities catalog maintained by CISA. The authoritative "patch this now" list for vulnerabilities seen in real attacks.

OWASP ZAP

Open-source web-application security scanner from OWASP. Common in CI pipelines for DAST.

OpenSSF Scorecard

Automated checks that score the security posture of an open-source project — signed releases, branch protection, dependency pinning, fuzzing — producing a 0–10 score.