跳到内容

术语表

构建可问责的 AI 工作自动化系统时重要术语的定义。

Agent2Agent 协议是一项开放标准,使自主代理能够彼此发现、交换任务,并跨组织边界协调工作。它定义了代理如何公布其能力,以及另一个代理如何委派任务并跟踪其直至完成。

同义词:A2A, agent2agent, agent-to-agent protocol, agent interoperability

A2A 与 MCP 有何不同?
MCP 将模型连接到工具和数据。A2A 将代理彼此连接,定义一个代理如何将任务交给另一个代理并跟踪其状态,而不是模型如何调用单个工具。
A2A 任务如何被跟踪?
一个 A2A 任务会映射到一条被跟踪的工作记录上,使其生命周期、证据和结果可审计,就像源自人员或表单的工作一样。

Agentic operations is the practice of running business operations with AI agents that plan and act — not just answer — under explicit governance. Agents triage intake, retrieve grounded evidence, propose actions, and execute approved ones in real systems, while approvals, policy checks, and an audit trail keep their activity safe. It pairs agent autonomy with operational controls so automation can run in production.

同义词:agentic workflow automation, AI operations automation, agent operations, AI ops

How is agentic operations different from a chatbot?
A chatbot answers messages. Agentic operations runs work: agents classify intake, ground answers in cited evidence, and execute governed actions in business systems, with approvals and an audit trail — the unit of value is completed, accountable work.
What keeps agentic operations safe in production?
Scoped credentials bound what agents can touch, policy overlays decide what needs human approval, evaluation gates test behavior before rollout, and every step is recorded — so autonomy never outruns accountability.

AI work automation is the use of AI models to turn unstructured requests — emails, chats, documents, forms — into completed work: grounded answers or actions executed in business systems. Unlike chat assistants, it operates on structured work items with evidence, approvals, and an audit trail, so every outcome is traceable and governed.

同义词:AI workflow automation, agentic workflow automation, AI work orchestration, intelligent work automation

How is AI work automation different from an AI chatbot?
A chatbot produces a reply and forgets the exchange. AI work automation converts each request into a structured work item, grounds answers in cited evidence, routes proposed actions through approvals, and records the outcome — the unit of value is completed work, not a message.
How does it relate to agentic workflow automation?
They describe the same category from different angles. Agentic framing emphasizes the model planning and acting; work-automation framing emphasizes the governance around it — structured intake, evidence, approval gates, and an audit trail that makes agent activity safe to run in production.

An audit trail is the tamper-evident record of everything that happened to a piece of work: what arrived, what the AI extracted and proposed, which evidence grounded each answer, who approved what, and which actions executed. It lets teams reconstruct and prove any outcome end to end — essential for compliance, debugging, and trust in automation.

同义词:audit log, activity log, execution history, decision log

What does an audit trail capture in AI work automation?
Each event in a work item's life: intake and its source channel, extracted fields, retrieved evidence and citations, the AI's proposals, every approval or rejection with actor and timestamp, and the executed actions with their results.
Why does an audit trail matter for AI specifically?
AI decisions are probabilistic, so accountability has to come from the record rather than the rule. A complete trail shows what the model saw, what it proposed, and who authorized the outcome — turning otherwise opaque automation into something reviewable and defensible.

Automated resolution is when an AI work platform completes a request end to end — understanding the intake, grounding an answer in cited evidence, or executing a governed action — without a person doing the work, while still leaving a full record. It is measured honestly: only requests closed correctly and within policy count, and anything uncertain is escalated rather than force-closed.

同义词:auto-resolution, automated containment, self-service resolution, deflection

How is automated resolution measured honestly?
Only requests resolved correctly, within policy, and without human intervention count toward the rate. Uncertain or low-confidence cases are escalated, not force-closed, so the metric reflects real outcomes instead of inflated deflection.
What happens when a request can't be resolved automatically?
It becomes a WorkItem routed to the right owner with full context — the intake, evidence, and reasoning attached — so a person picks up a complete case rather than starting from scratch.

The CAIQ (Consensus Assessments Initiative Questionnaire) is a cloud-security self-assessment from the Cloud Security Alliance (CSA), aligned to the Cloud Controls Matrix (CCM). A provider answers each control question — typically yes/no with notes — to document its security posture, and CAIQ submissions can be published in the CSA STAR registry.

同义词:Consensus Assessments Initiative Questionnaire, CSA CAIQ, CAIQ questionnaire

How does CAIQ relate to the Cloud Controls Matrix (CCM)?
The CAIQ is the question form of the CCM: each CAIQ question maps to a CCM control, so answering the CAIQ documents how a provider meets the CCM's cloud-security control domains. They are maintained together by the Cloud Security Alliance.
What is the CSA STAR registry?
STAR (Security, Trust, Assurance and Risk) is the CSA's public registry where cloud providers can publish completed CAIQ self-assessments (and higher assurance levels). A published CAIQ lets customers review a provider's posture without sending a bespoke questionnaire.

An evaluation gate is an automated quality checkpoint that scores an AI workflow against curated test cases before a change ships. Prompts, retrieval settings, or pack updates must pass thresholds for accuracy, grounding, and safety; failing changes are blocked from release. Gates turn AI quality from a hope into an enforced, repeatable engineering practice.

同义词:eval gate, quality gate, release gate, evaluation harness

What does an evaluation gate measure?
Typically answer accuracy against expected outputs, grounding quality (are claims backed by retrieved evidence), intent-classification correctness, and safety checks — each scored over a curated dataset that reflects real production traffic.
When do evaluation gates run?
Before a configuration change is released: editing a prompt, swapping a model, tuning retrieval, or updating a pack triggers the evaluation suite, and the change only promotes if scores clear the configured thresholds.

A governed action is a system operation proposed by AI but executed only under explicit controls — scoped credentials, policy checks, and approval gates. Instead of letting a model act directly, the platform records the proposal, routes it for review when policy requires, and executes it with full attribution, so automation never outruns accountability.

同义词:governed execution, approval-gated action, policy-gated action, controlled action

What controls apply to a governed action?
Scoped connector credentials limit what the action can touch, policy rules decide whether it needs human approval, and execution is attributed and logged — so each action carries who proposed it, who approved it, and exactly what changed.
Do all governed actions require human approval?
No. Policies can auto-approve low-risk, well-grounded actions and reserve human review for sensitive ones — by action type, monetary threshold, or risk class — so oversight concentrates where it matters.

A policy overlay is the layer of governance rules a platform applies on top of AI work — deciding what an agent may answer or do, when human approval is required, and which guardrails bind each action. Policies are versioned and evaluated at runtime against each WorkItem, so the same request is handled consistently and every decision traces back to the policy version that produced it.

同义词:policy layer, governance overlay, policy controls, guardrail policy

What does a policy overlay control?
It controls what an AI agent is allowed to answer or execute: which actions are auto-approved, which require human approval, what grounding or evidence is required, and which connectors and data a WorkItem may touch — all evaluated per request rather than hardcoded.
Why version policies instead of hardcoding rules?
Versioned policies make governance auditable and reversible. Each decision records the policy version that produced it, so you can see why an action was allowed or held, roll a change back, and prove consistent handling during a review.

Questionnaire automation is the use of AI to draft answers to recurring questionnaires — security questionnaires, SIG and CAIQ workbooks, RFP sections, and due-diligence forms — from an organization's own approved sources. Done accountably, each questionnaire becomes a tracked work item whose answers are grounded in cited evidence, routed for approval, and exported with an audit trail.

同义词:security questionnaire automation, RFP response automation, AI questionnaire response

How is questionnaire automation different from a chatbot writing answers?
A chatbot generates plausible text and forgets it. Accountable questionnaire automation turns each questionnaire into a structured work item, draws answers from your approved sources with citations, routes sensitive answers for approval, and records who answered what and on what basis — so the output is defensible, not just fluent.
How does questionnaire automation stay accurate?
Answers are grounded in retrieval over sources you approve and cite the evidence behind each one. When the evidence does not support an answer, a well-designed system flags it for a human instead of guessing, and sensitive answers wait for a named owner before they are sent.

A security questionnaire is a structured set of questions one organization sends another — usually a customer to a vendor — to assess how it protects data and systems. Common formats include the SIG, CAIQ, RFP security sections, and custom spreadsheets, and answers must be consistent, evidence-backed, and reviewed before they are returned.

同义词:vendor security questionnaire, third-party security questionnaire, security assessment questionnaire, due diligence questionnaire

What formats do security questionnaires come in?
Common formats include standardized frameworks like the SIG (Standardized Information Gathering) and CAIQ (Consensus Assessments Initiative Questionnaire), the security section of an RFP, and custom spreadsheets a customer sends. The underlying questions overlap heavily, which is why past answers are the main source for new ones.
How do teams answer security questionnaires efficiently?
The fastest, safest approach reuses approved prior answers and source documents — previous questionnaires, security policies, SOC 2 reports, DPAs — retrieved and cited per answer, with sensitive answers routed to a named owner for approval before the completed workbook is returned.

The SIG (Standardized Information Gathering) questionnaire is a standardized third-party risk assessment maintained by Shared Assessments. It provides a common library of questions across security, privacy, and resilience domains, and ships in scoped variants (such as SIG Core and SIG Lite) so assessors can right-size the depth of a vendor review.

同义词:SIG questionnaire, Standardized Information Gathering questionnaire, Shared Assessments SIG

What is the difference between SIG Core and SIG Lite?
SIG Lite is a shorter, higher-level set for lower-risk vendors or a first pass; SIG Core is the deeper, more comprehensive set for higher-risk or in-depth reviews. Both draw from the same Shared Assessments question library, so answers map across variants.
Who maintains the SIG?
The SIG is maintained by Shared Assessments, an industry member organization, and is updated periodically to track regulations and control frameworks. It is widely used so vendors can reuse consistent answers across many customers.

当工作未能达到服务等级协议中所定义的承诺(例如响应或解决期限)时,便发生 SLA 违约。自动检测并升级违约可保持问责的可见性,并确保有风险的工作能在承诺被错失之前到达合适的人员。

同义词:service level breach, SLA violation, missed SLA, deadline breach

如何自动检测 SLA 违约?
每个 WorkItem 都带有其承诺计时器,系统会对照阈值监视已用时间,在期限临近时发起升级,并在错失时记录违约。
当违约即将发生时会怎样?
策略可以升级该 WorkItem、通知负责人或重新排定队列优先级,使注意力在承诺真正被错失之前转移到有风险的工作上。

A vendor security review is the process by which an organization evaluates the security and compliance posture of a third-party supplier before onboarding and periodically afterward. It typically combines a security questionnaire, evidence collection (SOC 2, ISO, pen-test summaries), and a documented risk decision with an owner and an audit trail.

同义词:vendor security assessment, third-party security review, third-party risk assessment, vendor risk review

What is the difference between a vendor security review and a security questionnaire?
The questionnaire is one input; the review is the whole process. A vendor security review gathers questionnaire responses plus supporting evidence, assesses residual risk, records a decision and its owner, and schedules re-review — so the questionnaire is the data, the review is the governed workflow around it.
How often should vendor security reviews happen?
Most programs review a vendor at onboarding and then on a risk-based cadence — annually for higher-risk vendors, or when scope, data access, or the vendor's controls change. Keeping each review as an auditable record makes the next cycle a re-check rather than a restart.

WorkItem 是 Threada 中的工作单元:一条单一的传入请求——来自电子邮件、聊天、文档或表单——被规范化为一条结构化、可跟踪的记录。每个 WorkItem 都承载其意图、提取的字段、证据,以及对其所做每项决定和操作的完整历史。

同义词:work item, task record, tracked request, unit of work

WorkItem 与支持工单有何不同?
工单通常跟踪一段对话。WorkItem 跟踪工作本身:已分类的意图、提取的字段、为任何答案提供接地的证据,以及所采取的受治理操作——全程端到端可审计。
WorkItem 会经历怎样的生命周期?
接收会规范化请求,意图分类会将其路由,证据检索会为拟议的回复提供接地,而任何操作在 WorkItem 被解决并记录之前都会经过审批策略。

人在回路中是一种设计模式,由人员在 AI 系统的提案生效之前对其进行审查、批准或纠正。它使人的判断在高风险或低置信度的决定上处于关键路径,而由自动化处理常规量。

同义词:HITL, human in the loop, human oversight, human review

何时某个步骤应当采用人在回路中?
每当某个决定属于高风险、不可逆、低置信度或受策略约束时。常规的、有据可依的、低风险的步骤可以自动运行,由人审查异常情况。
这与完全自动化有何不同?
完全自动化在没有审查的情况下行动。人在回路中插入一个明确的检查点,让人员能够批准、编辑或拒绝提案,从而为敏感结果保留问责。

代理委派是受控地向 AI 代理授予一项有范围限制、有时限的权限,使其能够代表用户或另一个代理执行操作。委派会精确指定允许哪些能力、租户和操作,从而使代理在明确、可撤销且可审计的限制下运作。

同义词:delegated authority, scoped delegation, agent authorization, agent grant

委派范围定义了什么?
代理可使用的能力、可在其中执行操作的租户、可提议或执行的操作,以及一个到期时间,从而使权限范围狭窄、有时限且可撤销。
委派如何保持可问责?
每一项被委派的操作都会同时归属于代理和发起委派的主体,并记录在审计跟踪中,敏感操作仍会经由审批策略进行路由。

分块是在嵌入之前将源文档拆分为更小检索单元的过程。分块大小和边界策略决定了检索器能够多精确地定位相关事实,在知识库范围内权衡召回率、精确率和嵌入成本。

同义词:text chunking, document segmentation, passage splitting, chunk strategy

什么样的分块才算好?
好的分块在语义上自成一体,其大小使单个事实不会被跨边界拆分,并带有稳定的元数据,以便能够可靠地被筛选、刷新和引用。
分块如何影响答案质量?
过大的分块会稀释相关性并浪费 token,而过小的分块则会割裂上下文并丢失含义。边界的选择直接塑造召回率和所生成答案的接地性。

一种身份验证方法,通过诸如 SAML 或 OpenID Connect 之类的身份联合协议,让用户以一套登录凭据访问多个应用程序。

同义词:saml, oidc, federated login, enterprise sso

SSO 对于 shell-and-pack 平台为何重要?
它集中管理身份,强制执行企业安全策略(MFA、条件访问),并加速跨 shell、pack 和受治理工作区的用户预配。
SAML 与 OIDC?
SAML 基于 XML,在较旧的企业技术栈中常见;OIDC(构建于 OAuth2 之上)更轻量、更现代。同时支持二者可最大化与客户 IdP 的兼容性。

垂直 Pack 是一种打包的配置,将平台量身定制到某个特定的工作领域——其意图、提取字段、证据来源、策略和操作。Pack 让团队无需重建底层引擎即可启动一个聚焦的工作流,例如 IT 访问或供应商安全。

同义词:pack, vertical pack, solution pack, domain pack

垂直 Pack 配置了什么?
它所识别的意图、它所提取的字段、它将答案接地于其中的证据、它所强制执行的审批策略,以及它能为该工作领域提议的受治理操作。
Pack 可以定制吗?
可以。Pack 是一份起始配置,团队在 Studio 中对其进行调整——调整意图、提示、证据来源和策略——使其契合他们的真实流程。

审批工作流是一个受治理的检查点序列,提议的操作必须先通过它才能执行。每一步都根据风险、角色或策略将决定路由给合适的审查者,并记录谁批准了什么,从而使结果完全可问责。

同义词:approval flow, review workflow, authorization workflow, sign-off process

什么可以触发审批要求?
要求可以按工作流、渠道、风险类别、金额阈值或操作类型来应用,从而只有真正需要监督的步骤才会为审查者暂停。
审批工作流如何保持可审计?
每一次请求、批准、编辑和拒绝都会与操作者和时间戳一起记录,产生一条端到端的跟踪,证明谁授权了每一项受治理的操作。

嵌入是一个数值向量,在高维空间中表示文本、图像或其他数据的含义。含义相近的项目会产生彼此靠近的向量,这让系统能够按语义相似度而非精确匹配来比较、聚类和检索内容。

同义词:vector embedding, text embedding, semantic vector, dense representation

为什么嵌入模型的版本很重要?
来自不同模型的向量不可比较。将模型版本与每个嵌入一起存储,可让你检测漂移,并在升级嵌入模型时安全地重新索引。
嵌入能可逆地还原为原始文本吗?
并不能完全还原,但嵌入可能泄露敏感信息,因此它们应当继承与其所表示的源内容相同的租户隔离和访问控制。

工作包是围绕一个 WorkItem 汇集的上下文集束,以便对其进行推理并据其行动:原始请求、提取的字段、检索到的证据、适用的策略,以及任何拟议的操作。它是针对单一一件工作的完整、自包含简报。

同义词:work bundle, context packet, task packet, work context

工作包与 WorkItem 有何不同?
WorkItem 是请求本身被跟踪的记录。工作包则是围绕该记录汇集的上下文——证据、策略和提案——以驱动一个答案或操作。
为什么要将上下文捆绑进一个包中?
一个自包含的包让模型或审查者无需跨系统搜寻即可作出决定,并为审计跟踪准确保留在决策时可用的是哪些证据。

幻觉是语言模型输出的一种自信但无依据或捏造的内容——一项听起来貌似可信、却在所提供证据或现实中毫无依据的主张。幻觉是自动化知识工作中的核心风险,而以引用证据进行接地是首要的缓解措施。

同义词:AI hallucination, fabrication, confabulation, ungrounded output

语言模型为什么会产生幻觉?
模型预测的是可能的文本,而非经过验证的事实。在没有检索证据约束的情况下,它们会用统计上貌似可信但未经验证的陈述来填补空白。
如何减少幻觉?
将答案接地于检索到的来源,要求引用,依据证据核查主张,并将低置信度或无依据的情形路由给人员,而不是返回一个猜测。

意图分类是确定传入请求实际所求为何的步骤,将非结构化文本映射到一个已定义的工作类别。准确的分类会将每个 WorkItem 路由到正确的工作流、证据来源和策略,使其成为可靠自动化的基础。

同义词:intent detection, request classification, intent recognition, routing classification

为什么意图分类很重要?
它决定了整个下游路径。被错误分类的请求会检索到错误的证据并应用错误的策略,因此分类的准确性制约着此后一切的质量。
如何衡量分类准确性?
通过在带标注集合上的评估关卡,逐意图跟踪精确率和召回率,并在工作流上线之前留意相似类别之间的混淆。

接地是一种做法,即将 AI 模型的输出约束到可验证的来源证据,而非其参数化记忆。有据可依的答案由可被引用和核查的检索段落所支撑,这是针对捏造或自信地出错的回复的首要防线。

同义词:grounded AI, evidence grounding, source grounding, factual grounding

在实践中如何强制执行接地?
检索只向模型提供相关的来源段落,提示指示它依据该证据作答,而一个验证步骤会拒绝缺乏支撑性引用的主张。
当没有接地证据时会发生什么?
设计良好的接地系统会拒绝作答或上报给人员,而不是编造回复,从而呈现一个明确的缺口,而非自信的猜测。

接收自动化是在无需手动录入数据的情况下,将非结构化的传入请求转化为结构化、机器可读记录的过程。它对请求进行分类,提取重要字段,并将结果路由进工作流,使工作能够被一致地答复或执行。

同义词:request intake, automated triage, intake processing, request normalization

哪些类型的接收可以被自动化?
电子邮件、聊天消息、网页表单、上传的文档以及来自已连接系统的同步记录,都可以被规范化为相同的结构化形态,以供下游处理。
接收自动化会取代人员吗?
不会。它消除了手动录入数据和分流的负担,使人员能够专注于需要判断的异常、批准以及由策略路由给他们的高风险决定。

操作提案是一种结构化、可审查的建议,用于更改已连接的业务系统——由自动化创建,但尚未执行。它指明目标系统、操作以及确切的参数,以便人员或策略在任何事情发生之前对其进行批准、编辑或拒绝。

同义词:proposed action, action suggestion, draft action, pending action

为什么要提出操作而不是直接执行?
先提出会将意图与影响分离。它让审批策略和审查者能够检查精确的操作和参数,防止自动化错误进入记录系统。
操作提案包含什么?
目标集成、要执行的操作、已解析的参数、支持性证据,以及关于在执行前是否需要批准的策略决定。

检索增强生成是一种技术,它将语言模型的输出接地于检索到的源文档,而不是仅依赖其参数化记忆。系统从知识库中获取相关段落,将其作为上下文提供,并要求模型仅使用该证据作答。

同义词:RAG, retrieval augmented generation, grounded generation, context augmentation

为什么使用 RAG 而非微调?
RAG 将知识保存在一个可即时更新的外部存储中,使答案保持最新,且每项主张都能追溯到来源。微调将知识烘焙进权重,刷新更慢,归属也更难。
一条 RAG 流水线包含什么?
通常包含摄取与分块、嵌入、用于向量或混合检索的索引、一个检索器,以及一个生成步骤,该步骤将模型以检索到的段落为条件,并返回带引用的证据。

模型上下文协议是一项开放标准,使 AI 助手能够通过统一接口连接到外部工具和数据源。MCP 服务器公开类型化的工具和资源,供模型客户端发现和调用,从而无需为每个集成编写定制代码即可添加能力。

同义词:MCP, model context protocol, MCP server, tool protocol

MCP 服务器公开了什么?
模型可以调用的类型化工具,以及它可以读取的资源,每一个都以模式和注释加以描述,使客户端能够发现能力并安全地调用它们。
为什么 MCP 对受治理的自动化很重要?
它为外部助手提供了一种标准的、以模式描述的方式来在平台上行动,使工具调用能够被验证、被限定到某个租户,并经由与任何其他操作相同的审批策略进行路由。

混合检索将语义向量检索与词法关键词检索相结合,以检索相关段落。向量检索捕捉含义和释义,关键词检索捕捉精确的词项和标识符,而一个融合步骤会合并两组结果,使精确的 token 和概念匹配都不会被遗漏。

同义词:hybrid search, dense-sparse retrieval, vector plus keyword search, fusion retrieval

为什么要将向量检索与关键词检索相结合?
向量检索可能遗漏诸如 SKU 或错误代码之类的罕见精确词项,而关键词检索则会错过释义。将二者融合可重新获得各自的优势,并在真实世界查询上提升召回率。
两组结果如何被合并?
一种融合方法(如倒数排名融合或加权分数混合)会对合并后的候选项重新排序,通常随后再用一个交叉编码器重排序器来获得最终精确率。

租户隔离是这样一种保证:在多租户系统中,每个客户的数据和配置在逻辑上保持分离,且其他租户无法访问。它在每一层都被强制执行——存储、检索和访问控制——使一个组织永远无法看到或影响另一个组织的工作。

同义词:multi-tenant isolation, tenant scoping, data partitioning, tenancy boundary

检索期间如何强制执行租户隔离?
每个查询都被限定到发起请求的租户,且存储的内容都带有租户标识符,使向量和关键词检索只能返回该租户自身的证据。
隔离只关乎数据吗?
不是。它还涵盖配置、策略、嵌入和审计日志,使一个租户工作的任何方面都不会泄露到另一个租户中,即使在共享基础设施上也是如此。

答案引擎优化是一种构建内容结构的做法,使 AI 答案引擎和聊天助手能够找到、引用并准确总结它。SEO 针对的是排名链接,而 AEO 针对的是综合答案本身,通过优化清晰的定义、结构化数据和机器可读的源文件来实现。

同义词:AEO, generative engine optimization, GEO, AI search optimization

AEO 与 SEO 有何不同?
SEO 优化的是在结果页上作为可点击链接进行排名。AEO 优化的是在 AI 生成的答案中被选中、被引述和被引用,这会奖励精确的定义、结构化数据和干净的机器可读源流。
哪些信号有助于答案引擎引用某个页面?
定义优先的写作、有效的 schema.org 结构化数据、一个 llms.txt 索引、FAQ 标记和稳定的规范 URL,都会让答案引擎更容易检索和归属内容。

证据引用是一种做法,即为 AI 系统所做的每项主张附上可验证的来源参考。每个被引用的段落都链接回它所出自的文档、记录或知识资产,以便人员能够在信任答案或据其行事之前确认答案是有据可依的。

同义词:citation, source attribution, evidence linking, answer provenance

一条引用应当包含什么?
至少应包含来源标识符和所使用的确切段落,最好带有稳定的链接和时间戳,以便审查者能够确认在产生答案时该证据是最新的。
为什么引用对受治理的自动化至关重要?
引用使答案可审计。没有引用,自动化的回复就无法问责;而有了引用,审查者就能验证接地性,审计跟踪也能证明是哪项证据驱动了某个决定。