Skip to content

Glossary

Definitions for the terms that matter when building accountable AI work automation systems.

An action proposal is a structured, reviewable suggestion to change a connected business system — created by automation but not yet executed. It names the target system, the operation, and the exact parameters, so a person or policy can approve, edit, or reject it before anything happens.

Synonyms: proposed action, action suggestion, draft action, pending action

Why propose an action instead of executing it directly?
Proposing first separates intent from effect. It lets approval policy and reviewers inspect the precise operation and parameters, preventing an automated mistake from reaching a system of record.
What does an action proposal contain?
The target integration, the operation to perform, the resolved parameters, the supporting evidence, and the policy decision about whether approval is required before execution.

Agent delegation is the controlled granting of a scoped, time-bound authority to an AI agent to act on behalf of a user or another agent. The delegation specifies exactly which capabilities, tenants, and actions are permitted, so an agent operates under explicit, revocable, and auditable limits.

Synonyms: delegated authority, scoped delegation, agent authorization, agent grant

What does a delegation scope define?
The capabilities an agent may use, the tenant it may act within, the actions it may propose or execute, and an expiry, so authority is narrow, time-bound, and revocable.
How does delegation stay accountable?
Every delegated action is attributed to both the agent and the delegating principal and recorded in the audit trail, with sensitive actions still routed through approval policy.

The Agent2Agent protocol is an open standard for autonomous agents to discover one another, exchange tasks, and coordinate work across organizational boundaries. It defines how an agent advertises its capabilities and how another agent delegates a task and tracks it to completion.

Synonyms: A2A, agent2agent, agent-to-agent protocol, agent interoperability

How does A2A differ from MCP?
MCP connects a model to tools and data. A2A connects agents to each other, defining how one agent hands a task to another and follows its status, rather than how a model calls a single tool.
How are A2A tasks tracked?
An A2A task maps onto a tracked work record so its lifecycle, evidence, and outcome are auditable, just like work that originated from a person or a form.

Agentic operations is the practice of running business operations with AI agents that plan and act — not just answer — under explicit governance. Agents triage intake, retrieve grounded evidence, propose actions, and execute approved ones in real systems, while approvals, policy checks, and an audit trail keep their activity safe. It pairs agent autonomy with operational controls so automation can run in production.

Synonyms: agentic workflow automation, AI operations automation, agent operations, AI ops

How is agentic operations different from a chatbot?
A chatbot answers messages. Agentic operations runs work: agents classify intake, ground answers in cited evidence, and execute governed actions in business systems, with approvals and an audit trail — the unit of value is completed, accountable work.
What keeps agentic operations safe in production?
Scoped credentials bound what agents can touch, policy overlays decide what needs human approval, evaluation gates test behavior before rollout, and every step is recorded — so autonomy never outruns accountability.

AI work automation is the use of AI models to turn unstructured requests — emails, chats, documents, forms — into completed work: grounded answers or actions executed in business systems. Unlike chat assistants, it operates on structured work items with evidence, approvals, and an audit trail, so every outcome is traceable and governed.

Synonyms: AI workflow automation, agentic workflow automation, AI work orchestration, intelligent work automation

How is AI work automation different from an AI chatbot?
A chatbot produces a reply and forgets the exchange. AI work automation converts each request into a structured work item, grounds answers in cited evidence, routes proposed actions through approvals, and records the outcome — the unit of value is completed work, not a message.
How does it relate to agentic workflow automation?
They describe the same category from different angles. Agentic framing emphasizes the model planning and acting; work-automation framing emphasizes the governance around it — structured intake, evidence, approval gates, and an audit trail that makes agent activity safe to run in production.

Answer engine optimization is the practice of structuring content so AI answer engines and chat assistants can find, cite, and accurately summarize it. Where SEO targets ranked links, AEO targets the synthesized answer itself, optimizing for clear definitions, structured data, and machine-readable source files.

Synonyms: AEO, generative engine optimization, GEO, AI search optimization

How is AEO different from SEO?
SEO optimizes to rank as a clickable link on a results page. AEO optimizes to be selected, quoted, and cited inside an AI-generated answer, which rewards precise definitions, structured data, and clean machine-readable feeds.
What signals help an answer engine cite a page?
Definition-first writing, valid schema.org structured data, an llms.txt index, FAQ markup, and stable canonical URLs all make content easier for an answer engine to retrieve and attribute.

An approval workflow is a governed sequence of checkpoints that a proposed action must pass before it executes. Each step routes the decision to the right reviewer based on risk, role, or policy, recording who approved what so the outcome is fully accountable.

Synonyms: approval flow, review workflow, authorization workflow, sign-off process

What can trigger an approval requirement?
Requirements can be applied by workflow, channel, risk class, monetary threshold, or action type, so only the steps that genuinely need oversight pause for a reviewer.
How does an approval workflow stay auditable?
Every request, approval, edit, and rejection is recorded with the actor and timestamp, producing an end-to-end trail that proves who authorized each governed action.

An audit trail is the tamper-evident record of everything that happened to a piece of work: what arrived, what the AI extracted and proposed, which evidence grounded each answer, who approved what, and which actions executed. It lets teams reconstruct and prove any outcome end to end — essential for compliance, debugging, and trust in automation.

Synonyms: audit log, activity log, execution history, decision log

What does an audit trail capture in AI work automation?
Each event in a work item's life: intake and its source channel, extracted fields, retrieved evidence and citations, the AI's proposals, every approval or rejection with actor and timestamp, and the executed actions with their results.
Why does an audit trail matter for AI specifically?
AI decisions are probabilistic, so accountability has to come from the record rather than the rule. A complete trail shows what the model saw, what it proposed, and who authorized the outcome — turning otherwise opaque automation into something reviewable and defensible.

Automated resolution is when an AI work platform completes a request end to end — understanding the intake, grounding an answer in cited evidence, or executing a governed action — without a person doing the work, while still leaving a full record. It is measured honestly: only requests closed correctly and within policy count, and anything uncertain is escalated rather than force-closed.

Synonyms: auto-resolution, automated containment, self-service resolution, deflection

How is automated resolution measured honestly?
Only requests resolved correctly, within policy, and without human intervention count toward the rate. Uncertain or low-confidence cases are escalated, not force-closed, so the metric reflects real outcomes instead of inflated deflection.
What happens when a request can't be resolved automatically?
It becomes a WorkItem routed to the right owner with full context — the intake, evidence, and reasoning attached — so a person picks up a complete case rather than starting from scratch.

The CAIQ (Consensus Assessments Initiative Questionnaire) is a cloud-security self-assessment from the Cloud Security Alliance (CSA), aligned to the Cloud Controls Matrix (CCM). A provider answers each control question — typically yes/no with notes — to document its security posture, and CAIQ submissions can be published in the CSA STAR registry.

Synonyms: Consensus Assessments Initiative Questionnaire, CSA CAIQ, CAIQ questionnaire

How does CAIQ relate to the Cloud Controls Matrix (CCM)?
The CAIQ is the question form of the CCM: each CAIQ question maps to a CCM control, so answering the CAIQ documents how a provider meets the CCM's cloud-security control domains. They are maintained together by the Cloud Security Alliance.
What is the CSA STAR registry?
STAR (Security, Trust, Assurance and Risk) is the CSA's public registry where cloud providers can publish completed CAIQ self-assessments (and higher assurance levels). A published CAIQ lets customers review a provider's posture without sending a bespoke questionnaire.

Chunking is the process of splitting source documents into smaller retrieval units before embedding them. The chunk size and boundary strategy determine how precisely a retriever can locate a relevant fact, balancing recall, precision, and embedding cost across a knowledge base.

Synonyms: text chunking, document segmentation, passage splitting, chunk strategy

What makes a good chunk?
A good chunk is semantically self-contained, sized so a single fact is not split across boundaries, and carries stable metadata so it can be filtered, refreshed, and cited reliably.
How does chunking affect answer quality?
Over-large chunks dilute relevance and waste tokens, while over-small chunks fracture context and lose meaning. Boundary choices directly shape recall and the groundedness of generated answers.

An embedding is a numeric vector that represents the meaning of text, images, or other data in a high-dimensional space. Items with similar meaning produce vectors that sit close together, which lets systems compare, cluster, and retrieve content by semantic similarity rather than exact matches.

Synonyms: vector embedding, text embedding, semantic vector, dense representation

Why does the embedding model version matter?
Vectors from different models are not comparable. Storing the model version with each embedding lets you detect drift and reindex safely when you upgrade the embedding model.
Are embeddings reversible back to the original text?
Not exactly, but embeddings can leak sensitive information, so they should inherit the same tenant isolation and access controls as the source content they represent.

An evaluation gate is an automated quality checkpoint that scores an AI workflow against curated test cases before a change ships. Prompts, retrieval settings, or pack updates must pass thresholds for accuracy, grounding, and safety; failing changes are blocked from release. Gates turn AI quality from a hope into an enforced, repeatable engineering practice.

Synonyms: eval gate, quality gate, release gate, evaluation harness

What does an evaluation gate measure?
Typically answer accuracy against expected outputs, grounding quality (are claims backed by retrieved evidence), intent-classification correctness, and safety checks — each scored over a curated dataset that reflects real production traffic.
When do evaluation gates run?
Before a configuration change is released: editing a prompt, swapping a model, tuning retrieval, or updating a pack triggers the evaluation suite, and the change only promotes if scores clear the configured thresholds.

Evidence citation is the practice of attaching verifiable source references to every claim an AI system makes. Each cited passage links back to the document, record, or knowledge asset it came from, so a person can confirm the answer is grounded before they trust or act on it.

Synonyms: citation, source attribution, evidence linking, answer provenance

What should a citation include?
At minimum the source identifier and the exact passage used, ideally with a stable link and a timestamp so reviewers can confirm the evidence was current when the answer was produced.
Why are citations essential for governed automation?
Citations make an answer auditable. Without them an automated response is unaccountable, but with them a reviewer can verify grounding and an audit trail can prove what evidence drove a decision.

A governed action is a system operation proposed by AI but executed only under explicit controls — scoped credentials, policy checks, and approval gates. Instead of letting a model act directly, the platform records the proposal, routes it for review when policy requires, and executes it with full attribution, so automation never outruns accountability.

Synonyms: governed execution, approval-gated action, policy-gated action, controlled action

What controls apply to a governed action?
Scoped connector credentials limit what the action can touch, policy rules decide whether it needs human approval, and execution is attributed and logged — so each action carries who proposed it, who approved it, and exactly what changed.
Do all governed actions require human approval?
No. Policies can auto-approve low-risk, well-grounded actions and reserve human review for sensitive ones — by action type, monetary threshold, or risk class — so oversight concentrates where it matters.

Grounding is the practice of constraining an AI model's output to verifiable source evidence rather than its parametric memory. A grounded answer is supported by retrieved passages that can be cited and checked, which is the primary defense against fabricated or confidently wrong responses.

Synonyms: grounded AI, evidence grounding, source grounding, factual grounding

How is grounding enforced in practice?
Retrieval supplies the model only with relevant source passages, the prompt instructs it to answer from that evidence, and a verification step rejects claims that lack a supporting citation.
What happens when there is no grounding evidence?
A well-designed grounded system declines to answer or escalates to a person rather than inventing a response, surfacing an explicit gap instead of a confident guess.

A hallucination is a confident but unsupported or fabricated output from a language model — a claim that sounds plausible yet has no basis in the provided evidence or reality. Hallucinations are the central risk in automating knowledge work, and grounding with cited evidence is the primary mitigation.

Synonyms: AI hallucination, fabrication, confabulation, ungrounded output

Why do language models hallucinate?
Models predict likely text, not verified facts. Without retrieved evidence to constrain them, they fill gaps with statistically plausible but unverified statements.
How do you reduce hallucination?
Ground answers in retrieved sources, require citations, verify claims against evidence, and route low-confidence or unsupported cases to a person instead of returning a guess.

Human-in-the-loop is a design pattern where people review, approve, or correct an AI system's proposals before they take effect. It keeps human judgement on the critical path for high-risk or low-confidence decisions while automation handles the routine volume.

Synonyms: HITL, human in the loop, human oversight, human review

When should a step be human-in-the-loop?
Whenever a decision is high-risk, irreversible, low-confidence, or governed by policy. Routine, well-grounded, low-risk steps can run automatically with the human reviewing exceptions.
How is this different from full automation?
Full automation acts without review. Human-in-the-loop inserts an explicit checkpoint where a person can approve, edit, or reject the proposal, preserving accountability for sensitive outcomes.

Hybrid retrieval combines semantic vector search with lexical keyword search to retrieve relevant passages. Vector search captures meaning and paraphrase, keyword search captures exact terms and identifiers, and a fusion step merges both result sets so neither precise tokens nor conceptual matches are missed.

Synonyms: hybrid search, dense-sparse retrieval, vector plus keyword search, fusion retrieval

Why combine vector and keyword search?
Vector search can miss rare exact terms like SKUs or error codes, while keyword search misses paraphrases. Fusing both recovers the strengths of each and raises recall on real-world queries.
How are the two result sets combined?
A fusion method such as reciprocal rank fusion or a weighted score blend reranks the merged candidates, often followed by a cross-encoder reranker for final precision.

Intake automation is the process of turning unstructured inbound requests into structured, machine-readable records without manual data entry. It classifies the request, extracts the fields that matter, and routes the result into a workflow so work can be answered or actioned consistently.

Synonyms: request intake, automated triage, intake processing, request normalization

What kinds of intake can be automated?
Email, chat messages, web forms, uploaded documents, and synced records from connected systems can all be normalized into the same structured shape for downstream handling.
Does intake automation replace people?
No. It removes the manual data-entry and triage burden so people focus on judgement-heavy exceptions, approvals, and high-risk decisions that policy routes to them.

Intent classification is the step that determines what an inbound request is actually asking for, mapping unstructured text to a defined category of work. Accurate classification routes each WorkItem to the right workflow, evidence sources, and policy, making it the foundation of reliable automation.

Synonyms: intent detection, request classification, intent recognition, routing classification

Why is intent classification important?
It decides the entire downstream path. A misclassified request retrieves the wrong evidence and applies the wrong policy, so classification accuracy gates the quality of everything that follows.
How is classification accuracy measured?
Through evaluation gates over a labeled set, tracking precision and recall per intent and watching for confusion between similar categories before a workflow goes live.

The Model Context Protocol is an open standard that lets AI assistants connect to external tools and data sources through a uniform interface. An MCP server exposes typed tools and resources that a model client can discover and call, so capabilities can be added without bespoke per-integration code.

Synonyms: MCP, model context protocol, MCP server, tool protocol

What does an MCP server expose?
Typed tools the model can invoke and resources it can read, each described with a schema and annotations so a client can discover capabilities and call them safely.
Why does MCP matter for governed automation?
It gives external assistants a standard, schema-described way to act on a platform, so tool calls can be validated, scoped to a tenant, and routed through the same approval policy as any other action.

A policy overlay is the layer of governance rules a platform applies on top of AI work — deciding what an agent may answer or do, when human approval is required, and which guardrails bind each action. Policies are versioned and evaluated at runtime against each WorkItem, so the same request is handled consistently and every decision traces back to the policy version that produced it.

Synonyms: policy layer, governance overlay, policy controls, guardrail policy

What does a policy overlay control?
It controls what an AI agent is allowed to answer or execute: which actions are auto-approved, which require human approval, what grounding or evidence is required, and which connectors and data a WorkItem may touch — all evaluated per request rather than hardcoded.
Why version policies instead of hardcoding rules?
Versioned policies make governance auditable and reversible. Each decision records the policy version that produced it, so you can see why an action was allowed or held, roll a change back, and prove consistent handling during a review.

Questionnaire automation is the use of AI to draft answers to recurring questionnaires — security questionnaires, SIG and CAIQ workbooks, RFP sections, and due-diligence forms — from an organization's own approved sources. Done accountably, each questionnaire becomes a tracked work item whose answers are grounded in cited evidence, routed for approval, and exported with an audit trail.

Synonyms: security questionnaire automation, RFP response automation, AI questionnaire response

How is questionnaire automation different from a chatbot writing answers?
A chatbot generates plausible text and forgets it. Accountable questionnaire automation turns each questionnaire into a structured work item, draws answers from your approved sources with citations, routes sensitive answers for approval, and records who answered what and on what basis — so the output is defensible, not just fluent.
How does questionnaire automation stay accurate?
Answers are grounded in retrieval over sources you approve and cite the evidence behind each one. When the evidence does not support an answer, a well-designed system flags it for a human instead of guessing, and sensitive answers wait for a named owner before they are sent.

Retrieval-augmented generation is a technique that grounds a language model's output in retrieved source documents instead of relying solely on its parametric memory. The system fetches relevant passages from a knowledge base, supplies them as context, and asks the model to answer using only that evidence.

Synonyms: RAG, retrieval augmented generation, grounded generation, context augmentation

Why use RAG instead of fine-tuning?
RAG keeps knowledge in an external store you can update instantly, so answers stay current and every claim can be traced to a source. Fine-tuning bakes knowledge into weights, which is slower to refresh and harder to attribute.
What does a RAG pipeline include?
Typically ingestion and chunking, embedding, an index for vector or hybrid search, a retriever, and a generation step that conditions the model on the retrieved passages and returns cited evidence.

A security questionnaire is a structured set of questions one organization sends another — usually a customer to a vendor — to assess how it protects data and systems. Common formats include the SIG, CAIQ, RFP security sections, and custom spreadsheets, and answers must be consistent, evidence-backed, and reviewed before they are returned.

Synonyms: vendor security questionnaire, third-party security questionnaire, security assessment questionnaire, due diligence questionnaire

What formats do security questionnaires come in?
Common formats include standardized frameworks like the SIG (Standardized Information Gathering) and CAIQ (Consensus Assessments Initiative Questionnaire), the security section of an RFP, and custom spreadsheets a customer sends. The underlying questions overlap heavily, which is why past answers are the main source for new ones.
How do teams answer security questionnaires efficiently?
The fastest, safest approach reuses approved prior answers and source documents — previous questionnaires, security policies, SOC 2 reports, DPAs — retrieved and cited per answer, with sensitive answers routed to a named owner for approval before the completed workbook is returned.

The SIG (Standardized Information Gathering) questionnaire is a standardized third-party risk assessment maintained by Shared Assessments. It provides a common library of questions across security, privacy, and resilience domains, and ships in scoped variants (such as SIG Core and SIG Lite) so assessors can right-size the depth of a vendor review.

Synonyms: SIG questionnaire, Standardized Information Gathering questionnaire, Shared Assessments SIG

What is the difference between SIG Core and SIG Lite?
SIG Lite is a shorter, higher-level set for lower-risk vendors or a first pass; SIG Core is the deeper, more comprehensive set for higher-risk or in-depth reviews. Both draw from the same Shared Assessments question library, so answers map across variants.
Who maintains the SIG?
The SIG is maintained by Shared Assessments, an industry member organization, and is updated periodically to track regulations and control frameworks. It is widely used so vendors can reuse consistent answers across many customers.

An authentication method that lets users access multiple applications with one set of login credentials via identity federation protocols like SAML or OpenID Connect.

Synonyms: saml, oidc, federated login, enterprise sso

Why does SSO matter for shell-and-pack platforms?
It centralizes identity, enforces enterprise security policies (MFA, conditional access), and accelerates user provisioning across shells, packs, and governed workspaces.
SAML vs OIDC?
SAML is XML-based and common in older enterprise stacks; OIDC (built on OAuth2) is lighter and modern. Supporting both maximizes compatibility with customer IdPs.

An SLA breach occurs when work misses a commitment defined in a service-level agreement, such as a response or resolution deadline. Detecting and escalating breaches automatically keeps accountability visible and ensures at-risk work reaches the right people before commitments are missed.

Synonyms: service level breach, SLA violation, missed SLA, deadline breach

How are SLA breaches detected automatically?
Each WorkItem carries its commitment timers, and the system watches elapsed time against thresholds, raising escalations as a deadline approaches and recording the breach if it is missed.
What happens when a breach is imminent?
Policy can escalate the WorkItem, notify owners, or reprioritize the queue so attention shifts to at-risk work before the commitment is actually missed.

Tenant isolation is the guarantee that each customer's data and configuration in a multi-tenant system remain logically separated and inaccessible to other tenants. It is enforced at every layer — storage, retrieval, and access control — so one organization can never see or influence another's work.

Synonyms: multi-tenant isolation, tenant scoping, data partitioning, tenancy boundary

How is tenant isolation enforced during retrieval?
Every query is scoped to the requesting tenant, and stored content carries a tenant identifier so vector and keyword search can only return that tenant's own evidence.
Is isolation only about data?
No. It covers configuration, policy, embeddings, and audit logs as well, so no aspect of one tenant's work leaks into another's, even on shared infrastructure.

A vendor security review is the process by which an organization evaluates the security and compliance posture of a third-party supplier before onboarding and periodically afterward. It typically combines a security questionnaire, evidence collection (SOC 2, ISO, pen-test summaries), and a documented risk decision with an owner and an audit trail.

Synonyms: vendor security assessment, third-party security review, third-party risk assessment, vendor risk review

What is the difference between a vendor security review and a security questionnaire?
The questionnaire is one input; the review is the whole process. A vendor security review gathers questionnaire responses plus supporting evidence, assesses residual risk, records a decision and its owner, and schedules re-review — so the questionnaire is the data, the review is the governed workflow around it.
How often should vendor security reviews happen?
Most programs review a vendor at onboarding and then on a risk-based cadence — annually for higher-risk vendors, or when scope, data access, or the vendor's controls change. Keeping each review as an auditable record makes the next cycle a re-check rather than a restart.

A vertical pack is an optional packaged configuration that tailors Threada primitives to a specific domain of work — its intents, extraction fields, evidence sources, policies, and actions. Packs help a team start faster without replacing the underlying primitive workspace.

Synonyms: pack, vertical pack, solution pack, domain pack

What does a vertical pack configure?
The intents it recognizes, the fields it extracts, the evidence it grounds answers in, the approval policies it enforces, and the governed actions it can propose for that domain of work.
Can packs be customized?
Yes. A pack is an optional starting configuration that teams adapt in Studio — adjusting intents, prompts, evidence sources, and policies — while the underlying primitives remain directly configurable.

A work packet is the bundle of context assembled around a WorkItem so it can be reasoned about and acted on: the original request, extracted fields, retrieved evidence, applicable policy, and any proposed actions. It is the complete, self-contained briefing for a single piece of work.

Synonyms: work bundle, context packet, task packet, work context

How is a work packet different from a WorkItem?
A WorkItem is the tracked record of the request itself. A work packet is the assembled context — evidence, policy, and proposals — gathered around that record to drive an answer or action.
Why bundle context into a packet?
A self-contained packet lets a model or a reviewer make a decision without hunting across systems, and it preserves exactly what evidence was available at decision time for the audit trail.

A WorkItem is the unit of work in Threada: a single inbound request — from email, chat, a document, or a form — normalized into a structured, trackable record. Each WorkItem carries its intent, extracted fields, evidence, and a complete history of every decision and action taken on it.

Synonyms: work item, task record, tracked request, unit of work

How is a WorkItem different from a support ticket?
A ticket usually tracks a conversation. A WorkItem tracks the work itself: classified intent, extracted fields, the evidence that grounds any answer, and the governed actions taken — all auditable end to end.
What lifecycle does a WorkItem move through?
Intake normalizes the request, intent classification routes it, evidence retrieval grounds a proposed response, and any action runs through approval policy before the WorkItem is resolved and recorded.