Reference · Decision-maker glossary

Enterprise AI Glossary

25 governance, architecture and risk terms used in real production AI deployments — defined for decision-makers, not for ML researchers.

Architecture

Core technical patterns

RAG (Retrieval-Augmented Generation)

An architectural pattern where an LLM is given relevant documents at query time (retrieved from a vector or hybrid search index) instead of relying only on its training data. RAG is the default starting architecture for enterprise AI assistants because it grounds answers in your own corpus and supports source citation for compliance.

Fine-tuning

Adjusting an LLM's weights on a domain-specific dataset of hundreds-to-thousands of high-quality examples. Used to produce consistent task-specific behavior at scale. In enterprise practice, fine-tuning is added after RAG, not before, and only when RAG accuracy plateaus on a narrow task.

Embedding

A high-dimensional vector representation of a piece of text (or image, audio, code) that captures semantic meaning. Two pieces of content with similar meaning have similar embeddings. The retrieval layer of every RAG system depends on the embedding model — embedding choice has more impact on RAG accuracy than which LLM does the generation.

Chunking

The process of splitting source documents into smaller passages before embedding. Chunk size, overlap, and semantic boundary handling are the unsung heroes of RAG accuracy. A bad chunking strategy will make even the best LLM produce wrong answers.

Vector database

Specialized storage for embedding vectors with approximate nearest-neighbor search. PostgreSQL + pgvector is the enterprise default below 50M vectors; Qdrant, Weaviate or Milvus when scale or hybrid (sparse + dense) requirements demand them. Pinecone for managed cloud convenience when data residency permits.

Context window

The maximum amount of text (prompt + retrieved context + history + completion) an LLM can process at once, measured in tokens. Larger windows reduce the need for retrieval but increase cost per call and degrade attention to mid-window content (the "lost in the middle" phenomenon). Architectural choice, not capacity.

AI agent

An AI system with tool access — it can call APIs, execute code, query databases. Agents move from "answers questions" to "takes actions", which changes the risk profile fundamentally: every tool call needs authorization, logging, rollback, and human-in-the-loop for high-stakes operations.

Tool use / function calling

An LLM's ability to invoke external functions (search, calculator, database query, API call) as part of its response. The bridge between conversational AI and agentic AI. Each tool exposed expands the attack surface — design tool catalogs around least privilege.

Governance

Frameworks, accountability, audit

NIST AI RMF

AI Risk Management Framework published by the US National Institute of Standards and Technology in 2023. A voluntary risk-management methodology — best used to build an internal AI governance program. Structured around four functions: Govern, Map, Measure, Manage.

ISO/IEC 42001

International AI management-system standard published December 2023. Certifiable (auditable), structurally aligned with ISO 27001. Pursued when an external audit signal is required by customers or regulators. Not held as a self-certification by Slavin AI — pursued only when commercially required.

EU AI Act

EU regulation (binding from 2025-2026) classifying AI systems into four risk tiers: prohibited, high-risk, limited-risk and minimal-risk. High-risk obligations include risk management, data governance, technical documentation, logging, human oversight and post-market monitoring. Applies extraterritorially: if your users or deployments touch the EU, you are in scope.

AI governance maturity

Measured across five dimensions: inventory (do you know every AI in production), risk classification (is each system tiered), controls (documented and enforced), monitoring (drift, hallucination and incident tracked), and accountability (named owner per system). A "no" on any of those is a gap, not a deferral.

Human in the loop (HITL)

An architecture where high-stakes AI decisions are routed to a human reviewer before execution. Required by the EU AI Act for high-risk systems. Practically: any action that cannot be cheaply rolled back, any decision that affects a person's rights or finances, and any output sent to a regulator should pass through HITL.

Audit trail

An append-only, cryptographically-signed log of inputs, outputs, model version, retrieval sources and human overrides for every AI decision. Required by GDPR Article 22 for automated decisions affecting individuals, by the EU AI Act for high-risk systems, and by processors for fraud-detection systems. Without it you cannot defend a decision after the fact.

Data lineage

A documented record of where each piece of data the AI system uses came from, when it was ingested, how it was transformed, and who can access it. Required for any production AI system; without it you cannot answer audit questions about why the model said what it said.

Zero data retention (ZDR)

A vendor commitment (offered by OpenAI Enterprise, Anthropic and others) that prompts and completions are not stored or used for training. Required for sensitive data processing through commercial LLM APIs. Verify the contractual basis — "ZDR" as a marketing phrase without contractual backing is not a control.

Risk

Failure modes and controls

Hallucination

An LLM output that is fluent and confident but factually wrong or fabricated. Hallucinations cannot be eliminated; they are constrained via RAG grounding, source-citation requirements, low-confidence rejection, scope narrowing, and verification steps for high-stakes outputs.

Prompt injection

A class of attack where untrusted content (a document, an email, a web page) contains instructions that the LLM interprets as commands. Defenses include treating retrieved content as data not code, sandboxing tool access, structured outputs validated by a second pass, and never letting LLM-generated content trigger privileged operations without human review.

Model drift

Silent change in model behavior over time. Two flavors: vendor drift — the foundation model is silently updated by the provider and behaves differently on the same inputs; data drift — your input distribution has shifted but the model is unchanged. Detected by monitoring output distributions and a frozen evaluation set.

Low-confidence rejection

An architectural pattern where the AI declines to answer (or escalates to a human) when its confidence is below a threshold. The defining property of an AI assistant that survives audit: it knows what it does not know, and says so.

Guardrails

Pre- and post-processing layers around an LLM that block undesired inputs (prompt injection, PII leakage) and outputs (offensive content, policy violations, hallucinated entities). Guardrails are necessary but not sufficient — they catch the easy cases; architecture catches the hard ones.

Rollback / kill switch

A tested mechanism to instantly revert the AI system to a previous stable version, or to disable it entirely. Required as part of the six-control minimum baseline. "Tested" is the operative word: a rollback that has never been exercised is not a rollback, it is a wish.

AI observability

Instrumenting the AI system so you can answer "what happened in this conversation, why, and how often does this pattern occur?" Includes prompt logging, output logging, retrieval logging, latency metrics, cost metrics, error rates and feedback signals. Most production failures are obvious in observability data before they show up in user complaints.

Evaluation (LLM eval)

Measuring whether the AI does what it should. Production-grade eval has three layers: offline regression on a frozen test set (every release), online quality sampling (human-rated in production), and incident-rate tracking (escalations and rejections). Without all three you cannot tell whether a model update improved or regressed the system.

Slavin AI brand rule on certifications

Slavin AI / SLAtech LTD does not hold ISO 27001, SOC 2, ISO 42001 or any other formal AI / security certification. Engagements are advisory and architectural, not audit-house equivalents. Educational discussion of these frameworks on this site is content about the field, not a self-cert claim.

Want a deeper conversation on any of these?

Book a 30-min architecture review — pick a slot directly.

📅 Book a 30-min slot on Calendly