Agentic security glossary
Precise definitions of the terms that matter when you're securing AI agents that call external APIs. No marketing language.
Secure Agent Runtime
The infrastructure layer between an AI agent and the APIs it calls.
A secure agent runtime is the infrastructure layer that sits between an AI agent and the downstream APIs it needs to call. Instead of giving the agent a credential, the runtime receives the agent's intent, validates it against policy, injects the credential at execution time, performs the API call, and returns only the response. The agent never holds the key. KeyRunner is purpose-built as a secure agent runtime for enterprise API execution.
Non-Human Identity (NHI)
Cryptographic or token-based identity for AI agents and automated systems.
Non-human identity (NHI) refers to the cryptographic or token-based identities assigned to AI agents, bots, CI/CD pipelines, and other automated systems, so those systems can authenticate to other services without relying on a human credential. NHI establishes who is calling. It does not govern what that caller is allowed to do with downstream API credentials after authentication. A complete agentic security stack requires both NHI and an execution governance layer.
Credential Injection at Runtime
Fetching and using a secret at execution time without distributing it to the caller.
Credential injection at runtime means retrieving a secret from a vault or key management system at the moment of API execution, not before, not stored in config, not passed to the calling agent. The credential is used to make the API call and then discarded. The agent or developer that initiated the call never receives the credential value. This eliminates standing credentials in agent context, memory, prompts, and logs.
MCP Security
Security controls over tools defined and called via the Model Context Protocol.
MCP (Model Context Protocol) is an open standard that defines how AI models discover and invoke tools. MCP security refers to the policies, access controls, and audit mechanisms that govern those tool calls, what tools can be called, by which agents, under what conditions, and with what credentials. An MCP-compatible secure agent runtime intercepts tool calls, enforces policy, handles credential injection, and logs execution before the underlying API request is made.
Governed Agent Execution
Agent API calls that are policy-checked, credential-safe, and fully audited.
Governed agent execution describes an architecture where every API action taken by an AI agent is validated against a defined policy before execution, performed without the agent holding a live credential, and recorded in an immutable audit trail. It is the operational outcome of deploying a secure agent runtime. Governed execution means agents can be given broad capability without the security risk of broad credential access.
Excessive Agency (OWASP LLM08)
The risk of an AI agent taking unintended high-impact actions due to over-permissioning.
Excessive agency is OWASP's LLM08 risk, the condition where an AI agent has been granted more capability, permissions, or access than it needs to perform its intended function. When an agent has direct access to API credentials, excessive agency becomes exploitable: a compromised, misdirected, or prompt-injected agent can take actions far beyond its intended scope. Removing credentials from agent context and enforcing per-action policy eliminates the primary attack surface of excessive agency.
Agentic API Security
Security controls specifically designed for AI agents calling external APIs.
Agentic API security is the discipline of securing the API calls made by AI agents, as distinct from securing APIs against human callers. Human API security is solved by gateways, rate limiting, and OAuth flows. Agentic API security requires additional controls: preventing credential exposure in agent context, enforcing policy on what actions agents can take (not just whether they can authenticate), and maintaining audit trails for autonomous agent actions that may span many calls across many systems.
Runtime Policy Enforcement
Blocking unauthorized agent actions at execution time, before the API call is made.
Runtime policy enforcement means evaluating whether an action is permitted at the moment it is attempted, not configuring permissions ahead of time and trusting the caller to respect them. In agentic architectures, this means intercepting each API call intent, checking it against a policy that defines which agents may call which APIs under what conditions, and either executing or blocking the call before any credential is retrieved or any network request is made. Policies enforced at runtime cannot be bypassed by a compromised agent.
Zero-Trust Agent Execution
Never trusting an agent implicitly, every API call verified by policy at runtime.
Zero-trust agent execution applies zero-trust principles to AI agent behavior: no agent is trusted by default, every API call is verified against explicit policy, credentials are never distributed to agents, and access is granted only for the specific action requested. This is distinct from zero-trust network architecture (ZTNA), which governs network-layer access. Zero-trust agent execution governs application-layer actions taken by autonomous AI systems.
API Tool Governance
Controlling which agents can call which API tools, and under what policy.
API tool governance is the management layer that defines, enforces, and audits the conditions under which AI agents may use registered API tools. It includes tool registration (what actions exist), access policy (who may call each tool), runtime controls (credential injection, rate limits, conditional access), and observability (audit trails, anomaly detection). API tool governance is what separates a governed agent from an agent with unchecked API access.