You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: taxonomy-explorer/taxonomy-data.js
+21-21Lines changed: 21 additions & 21 deletions
Original file line number
Diff line number
Diff line change
@@ -6,7 +6,7 @@ window.AAIF_TAXONOMY = [
6
6
"broaderTerm": "Agentic Misbehavior",
7
7
"definition": "An unintended deviation in an AI agent's behavior that causes it to pursue goals or take actions outside its intended scope, without malicious external cause.",
8
8
"scopeNote": "Raised during discussion of non-malicious agent misbehavior (2026-03-03). Distinct from adversarial attacks.",
"definition": "A mode or design pattern in which an agent can operate and take actions to some extent without explicit permission from the agent user. The agent interprets a prompt or request and performs one or more actions to carry it out — for example, finding, negotiating, and completing a purchase on a user's behalf.",
44
44
"scopeNote": "Defined during taxonomy review (2026-03-17).",
45
-
"workgroups": ["Workflows & Process Integration WG","Security & Privacy WG"]
45
+
"workgroups": ["Workflows & Process Integration","Security & Privacy"]
46
46
},
47
47
{
48
48
"term": "Blast radius",
@@ -51,7 +51,7 @@ window.AAIF_TAXONOMY = [
51
51
"broaderTerm": null,
52
52
"definition": "The scope and extent of damage or data exposure that can result from a compromised, misconfigured, or rogue agent.",
53
53
"scopeNote": "Samantha Coyle raised this in the context of protecting data from rogue agents (2026-03-03).",
"definition": "A mechanism by which a human or system grants an AI agent a scoped set of permissions to act on its behalf, typically with constraints on what actions the agent may perform.",
62
62
"scopeNote": "Discussed alongside capability-based auth and tool invocation restrictions (2026-02-17).",
"definition": "Policies that constrain an autonomous agent's actions in a way that cannot be overridden or misinterpreted by the AI agent. These policies are enforced outside the AI inference process, preventing the agent from taking certain actions — for example, an agent SDK policy that blocks access to a tool.",
71
71
"scopeNote": "Defined during taxonomy review (2026-03-17).",
"definition": "Standardized interception points in an agentic AI platform's execution pipeline where security controls, logging, or policy enforcement can be applied.",
80
80
"scopeNote": "Bar Kaduri proposed hooks and checkpointing standards (2026-02-17).",
"definition": "A design pattern in which a human must review, approve, or intervene in an AI agent's actions at defined checkpoints before the agent may proceed.",
89
89
"scopeNote": "Identified as a key consideration during the initial brainstorm (2026-02-17).",
90
-
"workgroups": ["Workflows & Process Integration WG","Security & Privacy WG"]
90
+
"workgroups": ["Workflows & Process Integration","Security & Privacy"]
91
91
},
92
92
{
93
93
"term": "Multi-agent persuasion",
@@ -96,7 +96,7 @@ window.AAIF_TAXONOMY = [
96
96
"broaderTerm": null,
97
97
"definition": "The risk that one AI agent manipulates or unduly influences another agent's decision-making through adversarial or misleading communication.",
98
98
"scopeNote": "Brainstormed as a mitigation area (2026-02-17).",
99
-
"workgroups": ["Security & Privacy WG"]
99
+
"workgroups": ["Security & Privacy"]
100
100
},
101
101
{
102
102
"term": "PII obfuscation",
@@ -105,7 +105,7 @@ window.AAIF_TAXONOMY = [
105
105
"broaderTerm": "Protected data",
106
106
"definition": "Techniques for masking, redacting, or transforming personally identifiable information so that it cannot be recovered or linked to an individual during agent processing.",
107
107
"scopeNote": "Listed as a brainstorm topic (2026-02-17) and folded into Theme D (2026-03-03).",
"definition": "Patterns in which an AI agent can operate on encrypted or protected data without exposing the underlying content, using techniques such as zero-knowledge proofs or trusted execution environments.",
116
116
"scopeNote": "Ty described ZK-proof patterns; Tony Douglas cited TEEs and encrypted vector databases (2026-03-03).",
"definition": "An attack in which an adversary crafts input that causes an AI agent to override its instructions, bypass safeguards, or execute unintended actions.",
125
125
"scopeNote": "Identified as a mitigation area during ideation (2026-02-17).",
126
-
"workgroups": ["Security & Privacy WG"]
126
+
"workgroups": ["Security & Privacy"]
127
127
},
128
128
{
129
129
"term": "Protected data",
@@ -132,7 +132,7 @@ window.AAIF_TAXONOMY = [
132
132
"broaderTerm": "Sensitive data",
133
133
"definition": "Information subject to regulatory or contractual protections (e.g., HIPAA, GDPR), which may include health records, financial data, or other categories that AI agents must handle with specific safeguards.",
134
134
"scopeNote": "Tom Sheffler raised whether AI agents introduce new categories of protected data (2026-03-03).",
"definition": "Structured adversarial testing of AI systems in which testers simulate attacks to identify vulnerabilities, failure modes, and security gaps.",
143
143
"scopeNote": "Listed as a brainstorm topic under pen testing and red teaming best practices (2026-02-17).",
"definition": "An AI agent that operates outside its authorized boundaries, whether due to compromise, misconfiguration, or emergent behavior.",
152
152
"scopeNote": "Used in discussion of blast radius and data protection (2026-03-03).",
153
-
"workgroups": ["Security & Privacy WG"]
153
+
"workgroups": ["Security & Privacy"]
154
154
},
155
155
{
156
156
"term": "Secrets",
@@ -159,7 +159,7 @@ window.AAIF_TAXONOMY = [
159
159
"broaderTerm": "Sensitive data",
160
160
"definition": "Traditional credentials and cryptographic material — such as API keys, tokens, passwords, and environment variables — that grant access to systems or services.",
161
161
"scopeNote": "Distinguished from the broader \"sensitive data\" during terminology discussion. Ofek Dadush raised secrets management; David Deng proposed the narrower scope (2026-03-03).",
"definition": "An umbrella term encompassing secrets, PII, proprietary information, and any data whose exposure would cause harm. Preferred over the narrower term \"secrets\" when the intent is to cover all confidential data categories.",
170
170
"scopeNote": "The group debated \"secrets\" vs. \"sensitive data\" and converged on \"sensitive data\" as the broader, less ambiguous term (2026-03-03).",
"definition": "A secure, hardware-isolated area of a processor that ensures code and data loaded inside are protected from the rest of the system, including the operating system.",
179
179
"scopeNote": "Tony Douglas cited TEE work in the context of privacy-preserving agent workflows (2026-03-03).",
"definition": "A supply chain attack in which an adversary publishes a malicious server package with a name resembling a legitimate one, hoping users will install it by mistake.",
188
188
"scopeNote": "Raised as a supply chain risk to agentic systems (2026-03-17).",
"definition": "A cryptographic method by which one party can prove to another that a statement is true without revealing any information beyond the validity of the statement itself.",
197
197
"scopeNote": "Ty described ZKP patterns where agents return only boolean results to prevent data leakage (2026-03-03).",
0 commit comments