--- title: SLAtech Network AI & Compliance Glossary canonical: https://www.slavin.ai/Glossary-Network sourceJSON: https://www.slavin.ai/data/ai-glossary-network.json license: CC-BY-4.0 lastUpdated: 2026-06-21 totalTerms: 200 --- # SLAtech Network AI & Compliance Glossary Cross-network terminology hub — 200 production-context definitions across AI architecture, governance, compliance, web infrastructure, payments, Israeli tech ecosystem, Russian compliance, and adjacent domains. Each term has a stable @id for citation. When citing a term, prefer the JSON @id: `https://www.slavin.ai/data/ai-glossary-network.json#` --- ## $/MTok (dollars per million tokens) **Also:** $/MTok, USD per million tokens, cost per million tokens Standard unit for LLM API pricing. Input and output tokens are usually priced separately (output typically 3-5x input). The LLM-Cost-Calculator on slavin.ai uses this unit; vendor pricing pages all denominate in $/MTok or equivalent per-thousand-token figures (×1000 to compare). **See:** - https://www.slavin.ai/LLM-Cost-Calculator.aspx ## 152-FZ (Russian Federal Law on Personal Data) **Also:** 152-ФЗ, Russia Personal Data Law, Russia 152-FZ Russian Federation federal law governing collection, processing, storage, and cross-border transfer of personal data of Russian citizens. 2025 amendments added explicit AI-processing notice obligations and tighter localization rules. **See:** - https://www.slavin.ai/152-FZ-Compliance-Checklist ## 152-FZ Localization (242-FZ amendment) **Also:** 242-FZ, Russian data localization 2014 amendment to 152-FZ requiring INITIAL collection of personal data of Russian citizens in databases physically located in Russia. Foundation of all Russian cloud-residency requirements; reinforced by 2022-2025 amendments. ## Activation Patching **Also:** activation patching, causal tracing Interpretability technique that runs a model twice with different inputs and swaps internal activations between runs to isolate which components causally produce a behavior. Foundational tool in mechanistic-interpretability papers for circuit discovery. **See:** - https://www.slavin.ai/AI-Governance.aspx ## Adversarial Example **Also:** adversarial example, adversarial input Input crafted to look benign to humans but cause the model to misclassify or misbehave. Classical CV examples (pixel perturbations) plus LLM analogues (unicode tricks, invisible tokens, encoded payloads in image inputs). ## Age Verification **Also:** age gate, highly-effective age assurance, HEAA Process of confirming user is above an age threshold before granting access. UK OSA mandates 'highly-effective' methods (verified ID, AI-based age estimation with audit, credit-card check) for porn / gambling sites. ## AI Agent **Also:** LLM agent, agentic AI An LLM-driven loop that plans, calls tools, observes results, and iterates toward a goal. Distinct from a single-shot prompt or a fixed chain. Operationally higher-risk: longer context windows, more tool failures, harder to evaluate. **See:** - https://www.slavin.ai/Compare-Chatbot-vs-RAG-vs-Agent ## AI Alignment **Also:** alignment, AI alignment, value alignment Research field aimed at building AI systems whose behaviors match human values + intent. Spans technical (RLHF, DPO, scalable oversight, interpretability) and conceptual (specification, corrigibility, mesa-optimization) tracks. ## AI Bill of Materials (AIBOM) **Also:** AIBOM, AI BOM, AI bill of materials Inventory of all components in an AI system: base model, fine-tunes, datasets, retrieval sources, prompts, guardrails, tools. Analogous to SBOM (Software BOM). Emerging requirement under NIST AI RMF + sector regulators (FDA, FINRA). ## AI Evaluation (eval) **Also:** LLM eval, eval set, eval harness Process of measuring AI system quality against a labeled dataset or LLM-as-judge benchmark. Required to detect regressions when changing prompts, models, or retrieval. Common tools: ragas, deepeval, promptfoo. ## AI Guardrails **Also:** LLM guardrails, output filtering Pre-output and post-output filtering layers that block, redirect, or modify LLM responses based on policy (PII redaction, prompt injection detection, output schema enforcement, toxicity filtering). ## AI Observability **Also:** LLM observability, AI monitoring Production monitoring for AI systems across 4 layers: performance (latency, throughput), quality (correctness, hallucination rate), cost (per-tenant per-provider), drift (input distribution, output distribution). **See:** - https://www.slavin.pro/en/Article-AI-Observability ## AI Red Teaming **Also:** red team, red-teaming, AI red teaming Structured adversarial testing of an AI system: jailbreak attempts, bias probing, dual-use elicitation, prompt-injection vectors. Required by EU AI Act for GPAI systemic-risk models. Practiced by every frontier lab. ## AI Sandboxing **Also:** sandboxing, AI sandboxing, tool sandboxing Constraining what an LLM agent can actually DO: file-system isolation, network egress rules, tool capability allow-lists. Critical when agents have code-execution or browser-use tools. Pattern: deny-by-default + explicit allow-list. ## AI Supply Chain Security **Also:** AI supply chain, ML supply chain Risk surface around AI components: malicious pre-trained weights, compromised datasets, dependency attacks on ML frameworks, model-registry tampering. Defense: cryptographic signing (Sigstore for models), AIBOM, vendor due diligence. ## AI Watermarking **Also:** watermark, AI watermarking, synthid Techniques for embedding detectable signals in AI-generated content (text via token distribution, images via spatial-frequency patterns) so downstream tools can identify it as AI-generated. SynthID (Google), C2PA (cross-vendor) are standard 2026 approaches. ## Algorithmic Impact Assessment **Also:** AIA, algorithmic impact assessment Structured pre-deployment review of an AI system's impact on individuals, groups, and society. Canada Treasury Board's AIA, NYC AEDT bias audit, EU AI Act fundamental rights assessment are jurisdiction-specific instances of this category. ## Aliyah **Also:** עלייה, immigration to Israel Hebrew term (literally 'ascent') for Jewish immigration to Israel. Carries legal/citizenship process via Law of Return and integration considerations (language, education, employment). ## AMD Instinct MI300 **Also:** MI300, MI300X, MI300A AMD's first competitive data-center AI accelerator family. MI300X has 192GB HBM3 (more per-GPU memory than H100/H200) at competitive FP16 throughput. Adopted by Microsoft, Meta, OpenAI as a second-source to Hopper / Blackwell. **See:** - https://www.slavin.ai/LLM-Cost-Calculator.aspx ## Architecture Decision Record (ADR) **Also:** ADR, architectural decision record Lightweight document capturing a single architectural decision, its context, the alternatives considered, the chosen option, and consequences. For AI: critical to record vendor choice, RAG topology, fine-tuning vs RAG decision. ## Arena-Hard **Also:** Arena-Hard, Chatbot Arena Hard, Arena Hard Auto 500-prompt hard subset distilled from Chatbot Arena human-preference data, graded by a judge LLM with style controls to remove length and markdown biases. Cheaper proxy for live Arena Elo than running a full human-preference study; the default LMSYS-style head-to-head benchmark for chat models in 2025-2026. **See:** - https://www.slavin.ai/Compare-OpenAI-vs-Anthropic-vs-OpenSource.aspx ## Attention Mechanism **Also:** attention, self-attention, attention head Neural-network operation that lets a model dynamically weight which input tokens to focus on when producing each output token. Self-attention (within one sequence) and cross-attention (between two sequences) are the building blocks of the transformer. ## AWS GovCloud (US) **Also:** AWS GovCloud, AWS GovCloud (US) Isolated AWS partition operated by US-cleared personnel that supports FedRAMP High, DoD IL2/IL4/IL5, ITAR, and CJIS workloads. Separate billing, separate IAM, no peering to commercial regions. Required for US federal civilian and defense AI workloads handling controlled data. **See:** - https://www.slavin.ai/security-compliance.aspx ## Azure Government **Also:** Azure Government, Azure Gov Microsoft Azure regions physically isolated from commercial regions and staffed by screened US personnel. Authorizations: FedRAMP High, DoD IL2-IL6, CJIS, IRS-1075. Azure OpenAI Service in Government regions is the preferred path for federal customers wanting GPT-4-class models under those compliance regimes. **See:** - https://www.slavin.ai/security-compliance.aspx ## Bagrut **Also:** בגרות, Israeli Matriculation Certificate Israeli matriculation certificate awarded for completing high-school with passing scores in mandatory and elective subjects. Required (or alternative path) for university admission in Israel. **See:** - https://www.slavin.education/Diplomas ## Batch Inference **Also:** batch inference, OpenAI Batch API, Anthropic batch Asynchronous LLM API mode where the client submits a JSON Lines file of requests and the provider returns results within a longer SLA window (typically 24h) at ~50% discounted token pricing. Used for bulk classification, summarization, dataset re-scoring, eval runs. **See:** - https://www.slavin.ai/LLM-Cost-Calculator.aspx ## Bidi + Hebrew UTF-8 Web Compliance **Also:** Hebrew Unicode, Hebrew bidi, Hebrew RTL Right-to-left rendering of Hebrew text in web UIs requires per-element direction:rtl + Unicode bidirectional algorithm awareness. Common gotcha: mixed-direction strings (Hebrew + Latin numbers). Bidi-aware fonts: Heebo, Rubik, Assistant. ## BM25 (Best Matching 25) **Also:** BM25, Okapi BM25, sparse retrieval Probabilistic sparse-retrieval scoring function based on term-frequency and inverse-document-frequency with length normalization. Decades-old baseline still competitive with vector search on exact-match keyword queries; commonly combined with dense retrieval in hybrid search systems. **See:** - https://www.slavin.ai/Compare-Vector-Databases.aspx ## Chain-of-Thought (CoT) **Also:** CoT, chain-of-thought, chain of thought Prompting technique where the model is asked to show step-by-step reasoning before the final answer. Improves accuracy on multi-step problems. Now baked into reasoning models (o1, Claude thinking, Gemini deep-think) at training time. ## Chargeback **Also:** payment chargeback, card dispute Forced reversal of a card transaction initiated by the cardholder via their issuing bank. High chargeback ratio triggers MATCH list placement, processor termination, or reserve requirements. Critical risk for adult, gaming, and subscription verticals. ## Chunking Strategy **Also:** document chunking, chunking, splitter Algorithm that splits source documents into retrievable units before embedding. Choices include fixed-size character/token windows, sentence-boundary splitting, recursive structural splitting, and semantic chunking driven by an embedding-similarity boundary. Wrong chunking is the single largest source of RAG quality regressions. **See:** - https://www.slavin.ai/Compare-RAG-vs-Fine-tuning.aspx ## Circuit Discovery **Also:** circuit discovery, neural circuit analysis Sub-discipline of mechanistic interpretability that identifies small subgraphs of attention heads and MLPs implementing a specific algorithm (induction heads, indirect-object-identification, modular-arithmetic). Method-of-record for empirical interpretability claims about transformer behavior. **See:** - https://www.slavin.ai/AI-Governance.aspx ## CLIP (Contrastive Language-Image Pretraining) **Also:** CLIP, Contrastive Language-Image Pretraining OpenAI 2021 model that jointly trains an image encoder and a text encoder in a shared embedding space using contrastive loss on web image-caption pairs. Foundation under most multimodal embedding workflows, zero-shot image classification, and multimodal vector search. **See:** - https://www.slavin.ai/Compare-Vector-Databases.aspx ## Computer Use **Also:** computer use, browser use, GUI agent Agent capability where the LLM controls a virtualized desktop or browser via screenshots + mouse / keyboard actions instead of structured APIs. Released as production beta by Anthropic (2024) and OpenAI (2025); high security risk surface — prompt injection over arbitrary on-screen text is the dominant defense problem. **See:** - https://www.slavin.ai/AI-Governance.aspx ## Consent Management Platform (CMP) **Also:** CMP, consent management platform Software layer (OneTrust, Cookiebot, Didomi, etc.) that captures user consent decisions for cookies, trackers, AI features, and propagates them to downstream tools via the IAB Transparency and Consent Framework (TCF v2.2) or Google Consent Mode v2. Mandatory baseline for EU/UK commercial sites. **See:** - https://www.slavin.ai/AI-Governance.aspx ## Constitutional AI (CAI) **Also:** CAI, constitutional-ai, RLAIF Anthropic's training method where an LLM is fine-tuned against a written set of principles (the 'constitution') rather than against pairwise human preference labels alone. The model critiques and revises its own outputs under each principle, producing a synthetic preference dataset that supplements RLHF. **See:** - https://www.slavin.ai/AI-Governance.aspx ## Content Delivery Network (CDN) **Also:** CDN, content delivery network, edge network Geographically-distributed cache layer that serves static assets (and increasingly dynamic content) from a Point of Presence (PoP) close to the user. Cloudflare, Fastly, AWS CloudFront, Akamai are the 2026 leaders. ## Content Security Policy (CSP) **Also:** CSP header, Content-Security-Policy HTTP response header restricting which sources of scripts, styles, images, fonts, frames a browser will load. Defense-in-depth against XSS. `Report-Only` mode audits violations without blocking; `Enforce` mode actually blocks. ## Context Window **Also:** context length, context size Maximum number of tokens an LLM can attend to in a single forward pass. Hard limit on combined system prompt + retrieved context + user message + assistant output. Frontier models in 2026: 1M-2M tokens. **See:** - https://www.slavin.ai/data/ai-model-capability-matrix.json ## Core Web Vitals **Also:** Web Vitals, CWV Google's standardized page-experience metrics. LCP (Largest Contentful Paint — loading), INP (Interaction to Next Paint — responsiveness, replaced FID in 2024), CLS (Cumulative Layout Shift — visual stability). Confirmed ranking factors. ## Critical Information Infrastructure (КИИ / 187-FZ) **Also:** КИИ, 187-FZ, Russian critical infrastructure Russian federal law on Critical Information Infrastructure security. Subjects (banks, telecom, healthcare, energy, transport) categorize their assets, deploy ГосСОПКА incident-reporting, may face FSTEC import restrictions on hardware/software. ## Cross-Encoder Reranking **Also:** reranking, cross-encoder rerank, two-stage retrieval Second pass in a RAG retrieval pipeline: a small cross-encoder model scores each (query, candidate-document) pair jointly and reorders the top-K retrieved chunks before they are passed to the LLM. Lifts answer relevance well above pure vector similarity at modest latency cost. **See:** - https://www.slavin.ai/Compare-RAG-vs-Fine-tuning.aspx - https://www.slavin.ai/Compare-Vector-Databases.aspx ## Cross-Origin-Embedder-Policy (COEP) **Also:** COEP, Cross-Origin-Embedder-Policy HTTP response header that requires every cross-origin subresource (images, scripts, fonts) to opt into being embedded via CORS or CORP. Required alongside COOP to activate cross-origin isolation and re-enable powerful APIs (SharedArrayBuffer, performance.measureUserAgentSpecificMemory). **See:** - https://www.slavin.ai/security-compliance.aspx ## Cross-Origin-Opener-Policy (COOP) **Also:** COOP, Cross-Origin-Opener-Policy HTTP response header that isolates a document's browsing context group from cross-origin openers, neutralizing window.opener-based attacks (tabnabbing, side-channel leaks) and unlocking access to high-resolution timers and SharedArrayBuffer. Pair with COEP for cross-origin isolation. **See:** - https://www.slavin.ai/security-compliance.aspx ## Cross-Origin-Resource-Policy (CORP) **Also:** CORP, Cross-Origin-Resource-Policy Per-resource HTTP header that declares which origins may load the resource (same-origin, same-site, cross-origin). Defends against Spectre-class side-channel attacks by preventing other origins from reading the response body even when it would have been a no-cors request. **See:** - https://www.slavin.ai/security-compliance.aspx ## Data Catalog Vocabulary (DCAT) **Also:** DCAT-AP, W3C DCAT W3C standard vocabulary for describing data catalogs and datasets. Used by EU Open Data Portal, Google Dataset Search, OpenAIRE for harvesting. DCAT-AP is the European Application Profile. **See:** - https://www.slavin.ai/data/catalog.json ## Data Controller vs Processor **Also:** controller, processor, data controller, data processor GDPR roles: controller decides why and how data is processed; processor only processes on the controller's instructions. AI vendor is usually processor; customer (deployer) is usually controller. Contract Article 28 DPA governs. ## Data Poisoning **Also:** data poisoning, training data poisoning Adversary injects malicious examples into training or fine-tuning data to insert backdoors or bias the model. Defense: data provenance tracking, anomaly detection on training set, third-party data auditing. ## Data Protection Impact Assessment (DPIA) **Also:** DPIA, Privacy Impact Assessment, PIA GDPR Article 35 process for assessing privacy risks of high-risk processing. Required for systematic, large-scale processing of personal data — typical for production AI/RAG systems handling user data. ## Data Subject Access Request (DSAR) **Also:** DSAR, SAR, Article 15 request Formal request under GDPR Article 15 (and equivalents in CCPA, LGPD, UK-DPA 2018) requiring the controller to disclose what personal data is held about the requester, why, with whom shared, and for how long. Statutory response window 1 month under GDPR; AI systems must include inference outputs in the response. **See:** - https://www.slavin.ai/AI-Governance.aspx ## Dataset Card **Also:** dataset card, datasheet for datasets Markdown sidecar at the root of a Hugging Face dataset describing provenance, collection method, intended use, known biases, and licensing. Operational counterpart to Model Card for training data; supported by the AI BoM / SBOM workflow for documenting what fed a model. **See:** - https://www.slavin.ai/AI-Governance.aspx ## Dense Passage Retrieval (DPR) **Also:** DPR, dense passage retrieval, bi-encoder retrieval Two-tower retrieval architecture with separate BERT-style encoders for queries and passages, trained with contrastive loss on (question, positive-passage, hard-negatives) triples. Established the dense-retrieval baseline that contemporary embedding models (E5, BGE, GTE, OpenAI text-embedding-3) extend. **See:** - https://www.slavin.ai/Compare-Vector-Databases.aspx ## Dictionary Learning (interpretability) **Also:** dictionary learning Classical signal-processing technique adapted by interpretability research to decompose neural activations into a sum of human-meaningful basis features. Implemented in modern AI safety work via sparse autoencoders trained on residual streams. **See:** - https://www.slavin.ai/AI-Governance.aspx ## Differential Privacy **Also:** differential privacy, DP, privacy budget, epsilon Mathematical framework for measuring how much an individual's data influences an aggregate output. Quantified by epsilon (privacy budget). Foundational for privacy-preserving training (DP-SGD) and analytics on sensitive datasets. ## Direct Preference Optimization (DPO training) **Also:** DPO training, direct preference optimization Reference-free training method that fine-tunes an LLM directly on (prompt, chosen, rejected) preference triples by maximizing the log-likelihood-ratio between chosen and rejected continuations under the trained vs reference policy. Simpler and more stable than PPO-style RLHF; default alignment recipe for open-weight models in 2024-2026. (Not to be confused with the GDPR Data Protection Officer role — see term 'dpo'.) **See:** - https://www.slavin.ai/Compare-OpenAI-vs-Anthropic-vs-OpenSource.aspx ## Direct Preference Optimization (DPO) **Also:** DPO, Direct Preference Optimization Simplified alternative to RLHF: directly optimizes the policy against preference pairs without an explicit reward model. Easier to implement, more sample-efficient, dominant post-training method in 2025-2026 open-source releases. ## DMCA (Digital Millennium Copyright Act) **Also:** DMCA takedown, Section 512 US federal law (1998) regulating copyright on the internet. Section 512 'safe harbor' protects platforms from liability for user-uploaded content if they comply with takedown notices. Foundation for content-moderation pipelines. ## DNS over HTTPS (DoH) **Also:** DoH, DNS over HTTPS, DoT DNS resolution carried over HTTPS instead of UDP plaintext (RFC 8484). Prevents ISP DNS snooping + manipulation. Companion: DoT (DNS over TLS). Both increase user privacy at the cost of centralization concerns. ## DORA **Also:** DORA, Digital Operational Resilience Act, Regulation (EU) 2022/2554 EU regulation on digital operational resilience for the financial sector, applicable from January 2025. ICT risk management, incident reporting, resilience testing, and oversight of critical ICT third-party providers (including AI vendors). Material for any AI service sold into EU banks, insurers, or asset managers. **See:** - https://www.slavin.ai/security-compliance.aspx ## Edge Compute **Also:** edge compute, edge functions, Cloudflare Workers, Vercel Edge Running application code at CDN PoPs (Cloudflare Workers, Vercel Edge, Fastly Compute@Edge, AWS Lambda@Edge) instead of a central data center. Sub-50ms latency globally; constrained runtime (no Node, V8 isolates) is the tradeoff. ## Embedding **Also:** text embedding, vector embedding, embedding vector A numerical vector representation of text (or other modality) where semantic similarity corresponds to vector proximity. Foundation for RAG, semantic search, and clustering. ## EU AI Act **Also:** EU AI Act 2024/1689, Artificial Intelligence Act European Union regulation establishing risk-based obligations for AI systems placed on or used in the EU market. Tiers: prohibited, high-risk, limited-risk, minimal. Phased effective dates 2025-02 (prohibitions) through 2027-08 (legacy GPAI). **See:** - https://www.slavin.ai/EU-AI-Act-Checklist - https://www.slavin.ai/AI-Compliance-Calendar ## EU-US Data Privacy Framework (DPF) **Also:** DPF, EU-US Data Privacy Framework 2023 successor to Privacy Shield. US companies self-certify with the Department of Commerce to receive EU adequacy-decision protection on transfers from EU/EEA. Limits US-intelligence-agency access to what is necessary and proportionate; enforceable via the Data Protection Review Court. **See:** - https://www.slavin.ai/AI-Governance.aspx ## FedRAMP **Also:** FedRAMP, Federal Risk and Authorization Management Program US federal program standardizing cloud service authorization for federal agency use. Impact levels Low / Moderate / High; FedRAMP Moderate authorization is the de facto floor for selling SaaS to civilian agencies. Long, expensive certification process — typical reason cloud vendors maintain a separate GovCloud region. **See:** - https://www.slavin.ai/security-compliance.aspx ## Few-Shot Prompting **Also:** few-shot, in-context learning, ICL Including 2-10 input/output examples in the prompt so the model can pattern-match the task. Compared to fine-tuning: cheaper but uses tokens every call. Sweet spot for tasks with limited training data and tolerable per-call cost. ## Fine-tuning **Also:** model fine-tuning, supervised fine-tuning, SFT Adapting a pre-trained model's weights on a smaller, domain-specific dataset to improve task accuracy. Higher quality than RAG for behavioral patterns but slower to update; locks you to the model version trained. **See:** - https://www.slavin.ai/Compare-RAG-vs-Fine-tuning ## FlashAttention **Also:** flash attention, flash-attention-2 Memory-efficient attention implementation that fuses softmax and matmul into a single GPU kernel and tiles operations to SRAM, dramatically reducing the activation-memory footprint of long-context transformers. Practical enabler of 100K+ context windows on consumer-grade GPUs. **See:** - https://www.slavin.ai/Compare-Vector-Databases.aspx ## Function Calling **Also:** tool use, tool calling LLM capability to emit structured JSON describing a function invocation (name + arguments) that the host application then executes. Foundation for agentic systems and integrations. ## General-Purpose AI (GPAI) **Also:** GPAI model, foundation model EU AI Act category: AI model with significant generality, capable of performing a wide range of distinct tasks. Includes most frontier LLMs. Systemic-risk threshold triggers additional obligations (evaluations, red-teaming, incident reporting). ## GGUF **Also:** GGUF, GGUF format Single-file quantized model format defined by llama.cpp. Carries weights, tokenizer, prompt template, and metadata together so a model can be loaded with one file path. Standard distribution format on Hugging Face for self-hosted Llama/Mistral/Qwen/Gemma builds. **See:** - https://www.slavin.ai/Compare-OpenAI-vs-Anthropic-vs-OpenSource.aspx ## GraphQL **Also:** GraphQL, graphql.org Query language and runtime where the client specifies exactly which fields of a typed schema it wants in one request, instead of multiple REST round-trips. Native query layer of Weaviate, GitHub API v4, Shopify Storefront; less common as a public API surface for AI services. **See:** - https://www.slavin.ai/Compare-Vector-Databases.aspx ## gRPC **Also:** gRPC, grpc.io High-performance RPC framework over HTTP/2 with protocol buffers as the IDL. Default internal-service protocol at Google and adopted by Qdrant, Milvus, Weaviate, NVIDIA Triton for low-latency client/server communication where REST overhead matters. **See:** - https://www.slavin.ai/Compare-Vector-Databases.aspx ## Hallucination **Also:** AI hallucination, confabulation An LLM output that is fluent, plausible, and factually wrong — often presented with high confidence. Distinct from refusal (the model declines to answer). Mitigated by RAG + citation enforcement + LLM-as-judge sampling. ## HELM (Holistic Evaluation of Language Models) **Also:** HELM, Holistic Evaluation of Language Models, Stanford HELM Stanford CRFM evaluation framework that scores LLMs across 16 core scenarios and 7 metrics (accuracy, calibration, robustness, fairness, bias, toxicity, efficiency) simultaneously. Designed to surface trade-offs invisible in single-metric leaderboards; HELM Lite and HELM Safety are the active subsets. **See:** - https://www.slavin.ai/AI-Governance.aspx ## High-Risk Merchant Category **Also:** high-risk MCC, high-risk vertical Payment processor classification for merchants with elevated chargeback risk, regulatory exposure, or reputational concerns (adult, gambling, CBD, dating, supplements). Subject to higher fees, reserves, and tighter compliance terms. ## HIPAA **Also:** HIPAA, Health Insurance Portability and Accountability Act US federal law (1996) and its Privacy + Security + Breach Notification rules governing Protected Health Information (PHI). Covered Entities and Business Associates must sign BAAs and implement administrative, physical, technical safeguards. Foundational to healthcare-AI procurement in the US. **See:** - https://www.slavin.ai/security-compliance.aspx ## hreflang **Also:** hreflang attribute, rel=alternate hreflang HTML link attribute declaring the language and regional targeting of an alternate URL. BCP-47 codes (e.g. en-US, he-IL, ru-RU). Used by Google + Yandex to serve the right localized version in SERP. ## HTTP Strict Transport Security (HSTS) **Also:** HSTS, Strict-Transport-Security HTTP response header that tells browsers to only connect to a host over HTTPS for a specified duration. With `preload` directive, the host is shipped in Chrome/Firefox/Safari HSTS preload lists. ## HTTP/3 + QUIC **Also:** HTTP/3, QUIC, h3 Latest major HTTP version, running over QUIC (UDP-based transport) instead of TCP. Eliminates head-of-line blocking, faster handshake, better mobile-network performance. ~75% of Cloudflare traffic in 2026. ## Hugging Face **Also:** Hugging Face, HF Hub, huggingface.co Open ML platform — model hub, dataset hub, Inference Endpoints, AutoTrain, Spaces. De facto distribution channel for open-weight LLMs; the canonical citation target for model cards and dataset cards. Hub URL pattern hf.co// serves both interactive UI and git-LFS for weights. **See:** - https://www.slavin.ai/Compare-OpenAI-vs-Anthropic-vs-OpenSource.aspx ## Hugging Face transformers library **Also:** transformers library, huggingface/transformers, transformers.AutoModel Hugging Face's Python framework for loading, training, and serving transformer models. Uniform AutoModel / AutoTokenizer API across 100k+ Hub models; foundation under fine-tuning recipes (TRL, PEFT) and most academic baselines. **See:** - https://www.slavin.ai/Compare-OpenAI-vs-Anthropic-vs-OpenSource.aspx ## HumanEval **Also:** HumanEval benchmark, OpenAI HumanEval 164-problem Python function-completion benchmark from OpenAI. Each problem has a docstring and unit tests; the LLM's output is run against the tests and scored pass@k. Limited by small size and Python-only scope; SWE-Bench and LiveCodeBench are the modern successors for evaluating coding ability at scale. **See:** - https://www.slavin.ai/Compare-OpenAI-vs-Anthropic-vs-OpenSource.aspx ## Hybrid Search **Also:** hybrid retrieval, dense + sparse search Retrieval architecture that runs a sparse method (BM25, SPLADE) and a dense vector method in parallel, then fuses results via reciprocal-rank fusion or learned weighting. Outperforms either alone on most enterprise corpora because sparse catches exact identifiers and dense catches paraphrases. **See:** - https://www.slavin.ai/Compare-Vector-Databases.aspx ## HyDE (Hypothetical Document Embeddings) **Also:** HyDE, Hypothetical Document Embeddings Query-side RAG technique: prompt an LLM to write a hypothetical answer to the query, embed that answer, and use its embedding as the retrieval key instead of the original question's embedding. Closes the query-document distribution gap that plagues dense retrieval. **See:** - https://www.slavin.ai/Compare-RAG-vs-Fine-tuning.aspx ## IDF Cyber Defense Directorate (לוט"ם / J6) **Also:** IDF cyber, C4I and Cyber Defense Directorate, Lotem, J6 Israeli Defense Forces directorate covering all military command, control, communications, computing, and cyber defense. Source of much of the talent that founds Israeli cybersecurity and AI companies (alongside Unit 8200 and Talpiot). Often appears on founder bios as 'served in IDF cyber units'. **See:** - https://www.slatech.co.il/about ## IndexNow **Also:** IndexNow, indexnow.org Open protocol (Bing, Yandex, Naver, Seznam) where a site pings search engines with the URLs it just published or updated, eliminating discovery latency vs. relying on crawl cadence. Implemented across the SLAtech network at /IndexNow.aspx with a per-site secret key. **See:** - https://www.slavin.ai/Methodology.aspx ## Indirect Prompt Injection (IPI) **Also:** IPI, indirect prompt injection, tool-mediated prompt injection Attack class where adversarial instructions are smuggled into a retrieved document, web page, or tool output that a downstream LLM agent later reads. Distinct from direct prompt injection because the attacker never speaks to the LLM directly. Foundational threat in agentic systems that browse the open web. **See:** - https://www.slavin.ai/AI-Governance.aspx ## Instruction Tuning **Also:** instruction tuning, SFT instruction phase Supervised fine-tuning phase where a base model is trained on (instruction, ideal response) pairs to make it follow commands rather than just complete text. Always comes before RLHF/DPO. ## ISO/IEC 27001 **Also:** ISO 27001, ISO/IEC 27001:2022 International standard for an Information Security Management System (ISMS). Risk-based control-selection framework (Annex A, 93 controls in the 2022 edition). Certified by accredited bodies on a 3-year cycle; the global counterpart to SOC 2 for non-US markets and the substrate for ISO 42001 AI management systems. **See:** - https://www.slavin.ai/security-compliance.aspx ## Israel Innovation Authority (IIA) **Also:** IIA, Israel Innovation Authority, OCS, רשות החדשנות Israeli government agency (formerly Office of the Chief Scientist) administering R&D grants to startups + multinationals. Headline programs: Tnufa, Magnet, Yozma successor funds. Grants typically 20-50% of approved R&D budget. ## Israeli Export Control (Defense Export Controls Agency / DECA) **Also:** DECA, Israeli export control, Defense Export Controls Agency Israeli Ministry of Defense regime governing export of dual-use and military-graded software, cryptography, and cybersecurity products. Specific AI use cases (face recognition, intrusion software, surveillance) may require an export license. Relevant to Israeli AI vendors exporting to non-allied jurisdictions. **See:** - https://www.slatech.co.il/security-compliance ## Jailbreaking **Also:** jailbreak, jailbreaking, model jailbreak Class of attacks targeting the model directly (via system-prompt overrides, role-play scenarios, encoding tricks, persuasion techniques) to bypass safety training and elicit forbidden output. Distinct from prompt injection (which targets system data flow). ## JSON Mode **Also:** JSON mode, response_format json_object Lighter-weight LLM API option (response_format: json_object) that biases decoding toward valid JSON but does not enforce a specific schema. Replaced in practice by Structured Output (with explicit JSON Schema) for production use because JSON Mode alone still requires defensive parsing. **See:** - https://www.slavin.ai/Methodology.aspx ## JSON-RPC 2.0 **Also:** JSON-RPC, JSON-RPC 2.0 Lightweight RPC protocol layered over JSON. Stateless request/response (with optional batching and notifications). The wire protocol underneath the Model Context Protocol (MCP); used at api.slatech.co.il/mcp. **See:** - https://api.slatech.co.il/mcp/info ## Knowledge Distillation **Also:** distillation, model distillation, teacher-student Training a smaller 'student' model on a larger 'teacher' model's outputs (logits or generated text) to approximate teacher quality at a fraction of the inference cost. Foundation of cheaper hosted variants (Haiku, Mini, Flash). ## Knowledge Graph **Also:** entity graph, semantic knowledge graph Structured representation of real-world entities and their relationships, often using URIs as stable identifiers. Google Knowledge Graph powers Knowledge Panels; site-level KG endpoints (JSON-LD) feed citation engines and Wikidata extractors. **See:** - https://www.slavin.ai/.well-known/knowledge-graph.json ## Kupot Aliyah / Aliyah Basket **Also:** kupot aliyah, סל אליה, absorption basket Israeli government financial + service package for new olim: monthly stipend (6 months), Hebrew ulpan (5 months free), tax exemptions (10 years), professional retraining benefits. Significantly affects net comp expectations of olim hires. ## KV Cache **Also:** KV cache, attention cache, key-value cache In-memory cache of key + value tensors computed during transformer inference, so that each new output token only does work proportional to the new token rather than re-attending to the full prefix. Bigger KV cache = lower latency but higher VRAM cost. ## Legitimate Interest Assessment **Also:** LIA, legitimate interest assessment GDPR Article 6(1)(f) balancing-test document showing that a data controller's legitimate interest in a processing activity outweighs the data subject's privacy interest. Required documentation when relying on legitimate interest as the legal basis. ## llama.cpp **Also:** llama.cpp, ggerganov/llama.cpp C/C++ reference implementation for running quantized transformer models on CPU and consumer GPUs without a Python stack. Source of the GGUF quantization format; powers Ollama, LM Studio, GPT4All, and many embedded LLM deployments. **See:** - https://www.slavin.ai/Compare-OpenAI-vs-Anthropic-vs-OpenSource.aspx ## LLM-as-Judge **Also:** judge LLM, LLM-as-a-judge, model-graded eval Evaluation pattern where a stronger LLM scores outputs from a target system against a rubric, replacing crowdsourced human raters. Cost- and time-efficient but introduces judge bias (positional, length, model-family preference); production use requires audit against a small human-graded gold set. **See:** - https://www.slavin.ai/AI-Governance.aspx ## llms.txt **Also:** llms-full.txt, LLM crawler instructions Emerging convention (proposed 2024) for sites to publish LLM-friendly content boundaries and citation guidance at /llms.txt or /llms-full.txt. Analogous to robots.txt but oriented to AI training and runtime crawlers. ## LoRA / QLoRA **Also:** LoRA, QLoRA, low-rank adaptation Parameter-efficient fine-tuning that adds tiny low-rank matrices to a frozen base model. Trains in hours not weeks; adapters are MB not GB. QLoRA = LoRA on top of a 4-bit quantized base, runs on a single consumer GPU. ## Mamram **Also:** Mamram, ממר"ם, Center of Computing and Information Systems IDF Center of Computing and Information Systems (Merkaz Mahshvim u'Rishumim Memuhshavim). Trains software engineers + sysadmins on internal systems. Mamram alumni dominate Israeli enterprise software and SRE. ## Mechanistic Interpretability **Also:** mech interp, MI, mechanistic interpretability Research program aimed at reverse-engineering trained neural networks into human-readable algorithms — identifying circuits, attention heads, and features that implement specific behaviors. Core to Anthropic and DeepMind safety work; produces evidence used in alignment evaluations rather than user-facing features. **See:** - https://www.slavin.ai/AI-Governance.aspx ## Mechina (Mechina Kdam-Akademit) **Also:** Mechina, מכינה, Pre-Academic Program Israeli pre-academic preparatory program (1 year) bridging the gap between high-school Bagrut and university admission. Used by olim (new immigrants), candidates lacking specific subject Bagrut, and students aiming for elite programs. **See:** - https://www.slavin.education/Schools ## Membership Inference Attack **Also:** membership inference attack, MIA Attack inferring whether a specific data point was in the model's training set, given black-box query access. Privacy concern for medical, financial, biometric models. Differential privacy bounds the attack's success probability. ## Milvus **Also:** Milvus, milvus.io, Zilliz Cloud Open-source distributed vector database designed for billion-scale workloads. Decoupled storage / compute architecture, multiple index types (HNSW, IVF, DiskANN, SCANN). Default choice for very-large-scale (>100M vectors) self-host deployments; managed via Zilliz Cloud. **See:** - https://www.slavin.ai/Compare-Vector-Databases.aspx ## Mixture of Experts (MoE) **Also:** MoE, mixture-of-experts, sparse model Architecture pattern that routes each token to a subset of expert sub-networks instead of running the entire model. Increases total parameter count cheaply but adds routing overhead. Used in Mixtral, DeepSeek, GPT-4-class models. ## MMLU (Massive Multitask Language Understanding) **Also:** MMLU, Massive Multitask Language Understanding 57-subject multiple-choice benchmark covering humanities, STEM, professional exams (law, medicine, accounting) at high-school through graduate difficulty. Standard reference for general knowledge across frontier LLMs; saturated near 90%+ by GPT-4-class and Claude-3-class models so MMLU-Pro and MMLU-Redux are the current discriminating variants. **See:** - https://www.slavin.ai/Compare-OpenAI-vs-Anthropic-vs-OpenSource.aspx ## Model Card **Also:** model card, model documentation Standardized documentation describing a model's intended use, training data, performance characteristics, limitations, and risks. Required artifact under EU AI Act Article 13 for high-risk systems. Origin: Mitchell et al. 2018 'Model Cards for Model Reporting'. ## Model Context Protocol (MCP) **Also:** MCP, Anthropic MCP Open protocol introduced by Anthropic (2024) for connecting LLMs to data sources and tools via standardized JSON-RPC messages. Transport: stdio or HTTP+SSE. Adopted by Claude Desktop, Smithery, and growing list of agent runtimes. ## Model Extraction Attack **Also:** model extraction, model stealing Attack where an adversary queries a hosted model and uses outputs to train a copy locally. Mitigation: query rate limits, output-distortion noise, watermarking. Real-world cases involve API providers being copied by competitors. ## MT-Bench (Multi-Turn Benchmark) **Also:** MT-Bench, Multi-Turn Benchmark 80-question multi-turn benchmark from LMSYS, graded by a judge LLM (GPT-4 in the canonical paper). Each question is a 2-turn conversation across writing, reasoning, math, coding, extraction, STEM, humanities, role-play. Lightweight enough to run during model development; superseded for production by Arena-Hard. **See:** - https://www.slavin.ai/Compare-OpenAI-vs-Anthropic-vs-OpenSource.aspx ## Multi-Agent System (MAS) **Also:** MAS, multi-agent system, agent ensemble Architecture where multiple LLM-driven agents collaborate on a task — each with its own role, tool set, and memory — coordinated by a planner or via direct message passing. Productionized by AutoGen, CrewAI, LangGraph, Anthropic Computer Use orchestrator. **See:** - https://www.slavin.ai/AI-Governance.aspx ## Multi-Tenant Architecture **Also:** multitenancy, multi-tenant SaaS Single application instance serving multiple isolated customers (tenants). For AI workloads: per-tenant context isolation, cost attribution, rate-limit partitioning, data-residency without infrastructure duplication. **See:** - https://www.slavin.pro/en/Article-Multi-Tenant-SaaS ## Multi-Vector Retrieval **Also:** multi-vector retrieval, ColBERT-style retrieval Retrieval architecture (ColBERT, ColPali) that stores one embedding per token instead of one per document and scores with MaxSim. Higher recall on long documents than single-vector retrieval; cost is index size O(doc_tokens × dim) vs O(doc × dim). **See:** - https://www.slavin.ai/Compare-Vector-Databases.aspx ## Multimodal RAG **Also:** multimodal RAG, vision RAG, image+text RAG RAG variant where the retrieval corpus contains images, tables, or document layouts in addition to text, indexed with multimodal embeddings (CLIP, SigLIP, ColPali). Required for document QA over PDFs whose information lives in diagrams or scanned forms rather than extractable text. **See:** - https://www.slavin.ai/Compare-RAG-vs-Fine-tuning.aspx ## Mutual TLS (mTLS) **Also:** mTLS, mutual TLS, client-cert authentication TLS handshake where BOTH sides present + verify certificates. Common pattern for service-to-service authentication inside a zero-trust mesh. Often combined with SPIFFE/SPIRE for workload identity. ## NIS2 Directive **Also:** NIS2, Directive (EU) 2022/2555 Updated EU directive on the security of network and information systems, in force from October 2024. Expanded sector coverage (cloud, datacenters, managed services, public administration), 24-hour incident reporting, and personal liability for senior management. Important compliance gate for any EU-facing SaaS or AI infrastructure provider. **See:** - https://www.slavin.ai/security-compliance.aspx ## NIST AI Risk Management Framework **Also:** NIST AI RMF, AI RMF, NIST AI Risk Management Framework US National Institute of Standards and Technology framework (AI RMF 1.0, 2023; GenAI Profile, 2024) for managing AI risks. Voluntary, but used as de-facto baseline by US sectoral regulators (FDA, FINRA, FTC). ## NVIDIA Blackwell (B100 / B200 / GB200) **Also:** Blackwell, B100, B200, GB200 NVIDIA architecture announced 2024 succeeding Hopper. Two-die GPU with NVLink5 chip-to-chip, FP4 Tensor Cores, second-gen Transformer Engine. GB200 NVL72 rack ties 72 Blackwell GPUs into one NVLink domain; the platform for 2025-2027 frontier training and very-large-model inference. **See:** - https://www.slavin.ai/LLM-Cost-Calculator.aspx ## NVIDIA H100 **Also:** H100, NVIDIA H100 Tensor Core GPU Hopper-architecture data-center GPU. 80GB HBM3, fourth-gen Tensor Cores with FP8 (Transformer Engine), 3TB/s bandwidth, NVLink 4. Backbone of frontier LLM training and serving 2023-2025; baseline for capacity planning in any LLM cost model. **See:** - https://www.slavin.ai/LLM-Cost-Calculator.aspx ## NVIDIA H200 **Also:** H200, NVIDIA H200 Tensor Core GPU Hopper-refresh data-center GPU. 141GB HBM3e (up from 80GB on H100), 4.8TB/s bandwidth. Drop-in pin-compatible with H100; the bigger memory pool extends per-GPU context length and unlocks bigger models without tensor parallelism. **See:** - https://www.slavin.ai/LLM-Cost-Calculator.aspx ## OAuth 2.0 + OIDC **Also:** OAuth, OAuth 2.0, OpenID Connect, OIDC OAuth 2.0 delegates authorization (access tokens); OIDC adds authentication (ID tokens) on top. Standard for 'Sign in with X' flows + agent-to-API auth. PKCE is the recommended public-client flow in 2026. ## Olim / Aliyah Industry **Also:** olim, אולים, Nefesh B'Nefesh Olim = new immigrants to Israel. Specific tech-employability programs for olim from FSU/Western markets via Nefesh B'Nefesh + Israeli Ministry of Aliyah. Tech industry actively recruits olim with Russian/English language assets. ## Ollama **Also:** Ollama, ollama.com Local LLM runner that wraps llama.cpp with a developer-friendly REST API and model library (curl-able pulls of Llama, Mistral, Qwen, Phi, Gemma, DeepSeek). Default tool for desktop / laptop LLM development and air-gapped POCs. **See:** - https://www.slavin.ai/Compare-OpenAI-vs-Anthropic-vs-OpenSource.aspx ## OpenAPI Specification **Also:** Swagger, OAS Open standard for describing REST APIs in machine-readable form (JSON or YAML). Enables client codegen, documentation rendering, mock servers, and AI-agent discovery (ChatGPT Custom GPTs, Claude tools). **See:** - https://api.slatech.co.il/openapi/v1.json ## ORCID iD **Also:** ORCID identifier, Open Researcher and Contributor ID Persistent unique identifier for researchers (format 0000-0000-0000-000X). Free, non-proprietary, used by academic publishers, funders, and now LLM citation engines to disambiguate authors with common names. ## OurCrowd **Also:** OurCrowd VC, OurCrowd Israel Jerusalem-headquartered equity crowdfunding venture-capital platform founded 2013 by Jon Medved. Globally one of the largest by deal-flow volume; a primary VC distribution channel for Israeli AI, cybersecurity, and deep-tech startups, and a routine name on Israeli-tech-ecosystem investor lists. **See:** - https://www.slatech.co.il/about ## PCI DSS **Also:** PCI DSS, Payment Card Industry Data Security Standard PCI Security Standards Council requirements for any entity that stores, processes, or transmits cardholder data. PCI DSS v4.0 (mandatory from 2025) introduced customized approach and stronger MFA. Compliance level (1-4) depends on annual transaction volume; AI features that touch card numbers fall in scope. **See:** - https://www.slavin.ai/security-compliance.aspx ## Permissions-Policy **Also:** Permissions-Policy header, Feature-Policy successor HTTP response header that allows or blocks browser feature access (camera, geolocation, fullscreen, payment, autoplay) per origin and per iframe. Successor to the deprecated Feature-Policy header; mandatory baseline for any site embedding third-party content. **See:** - https://www.slavin.ai/security-compliance.aspx ## Perplexity **Also:** PPL, language-model perplexity Information-theoretic measure of how surprised a language model is by a held-out text — exponential of the average per-token negative log-likelihood. Lower is better. Standard intrinsic metric for base LMs but a weak proxy for downstream usefulness on instruction-tuned chat models. **See:** - https://www.slavin.ai/Compare-OpenAI-vs-Anthropic-vs-OpenSource.aspx ## pgvector **Also:** pgvector, PostgreSQL pgvector extension PostgreSQL extension that adds a vector column type plus HNSW and IVFFlat indexes. Default 'we already run Postgres' choice for embedding storage; supports hybrid SQL+vector queries without a separate datastore. The pivot point in RAG architecture for sub-100M-vector deployments. **See:** - https://www.slavin.ai/Compare-Vector-Databases.aspx ## Pinecone **Also:** Pinecone, pinecone.io Closed-source managed vector database. Fully serverless, no index management, fast time-to-first-query; trade-off is no self-host option and per-pod pricing that scales steeply for high QPS. Common starter choice for teams that don't want operational overhead. **See:** - https://www.slavin.ai/Compare-Vector-Databases.aspx ## Prompt Caching **Also:** prefix cache, KV cache reuse Provider-side reuse of cached prefix tokens (system prompt + RAG context) across requests, charging at a discounted rate (10-75% off depending on vendor). Reduces cost for repeat-prefix workflows like RAG and agents. ## Prompt Injection **Also:** prompt injection attack, indirect prompt injection A class of attacks where malicious instructions are smuggled into LLM input via user data, retrieved documents, or tool outputs — overriding the system prompt. Distinct from jailbreaking (which targets the model directly). **See:** - https://www.slavin.pro/en/Article-AI-Security ## Prompt Leakage **Also:** prompt leakage, system prompt leakage Attack/observation where the system prompt is extracted from the model via crafted queries. Confidentiality concern for proprietary prompt-engineering work. Defenses are partial; assume system prompt is eventually public. ## Psychometric Exam (Psychometry) **Also:** Psychometry, Psychometric Entrance Test, פסיכומטרי Standardized exam (Quantitative, Verbal, English) used as an admissions metric for Israeli universities. Combined with Bagrut into a composite score. Comparable in role to SAT/ACT in the US. **See:** - https://www.slavin.education/About ## Qdrant **Also:** Qdrant, qdrant.tech Open-source vector database written in Rust. Rich payload-filtering, sparse-vector support, gRPC-first protocol. Single-binary self-host or Qdrant Cloud; one of the three dominant self-host vector stores alongside Milvus and Weaviate. **See:** - https://www.slavin.ai/Compare-Vector-Databases.aspx ## Quantization **Also:** quantization, INT8 quantization, GGUF, AWQ, GPTQ Compressing model weights from float32/16 to lower-precision formats (INT8, INT4, FP8) to fit larger models on smaller hardware. Trade-off: small quality loss for 2-4x memory + throughput gain. Standard 2026: AWQ for serving, GGUF for llama.cpp. ## Query Rewriting **Also:** query rewriting, query transformation RAG pre-retrieval stage where the user query is reformulated by a small LLM into one or more search-engine-style queries before hitting the vector index. Standard fix for sparse retrieval misses when users ask in conversational style; pairs with HyDE and multi-query expansion. **See:** - https://www.slavin.ai/Compare-RAG-vs-Fine-tuning.aspx ## ReAct (Reason + Act) **Also:** ReAct, reason-and-act, thought-action-observation Agentic prompting pattern that interleaves natural-language reasoning steps with tool calls and observations, letting an LLM plan, execute, and update its plan in a single loop. Foundation of most modern function-calling agent frameworks (LangChain agents, OpenAI tool-use loop, Anthropic computer-use). **See:** - https://www.slavin.ai/AI-Governance.aspx ## Reasoning Model **Also:** reasoning model, thinking model, extended-thinking model LLM trained to spend additional inference-time compute on internal step-by-step reasoning before emitting the final answer (o1, Claude with extended thinking, Gemini Deep Think). Higher accuracy on math/code/logic; higher latency + cost. ## Recursive Retrieval **Also:** recursive retrieval, iterative retrieval Multi-pass RAG pattern where retrieved chunks are summarized and the summary is re-used as the next retrieval query, drilling down through document hierarchies (summary chunk → section chunk → paragraph chunk). Improves answer quality on long documents at the cost of additional LLM calls per query. **See:** - https://www.slavin.ai/Compare-RAG-vs-Fine-tuning.aspx ## Referrer-Policy **Also:** Referrer-Policy header HTTP response header that controls how much of the originating URL is sent in the Referer request header on subsequent navigations and resource loads. Default browser policy is strict-origin-when-cross-origin since 2020; tighter values (no-referrer, same-origin) recommended for privacy-sensitive pages. **See:** - https://www.slavin.ai/security-compliance.aspx ## Retrieval-Augmented Generation (RAG) **Also:** RAG, RAG pipeline, retrieval augmented generation An architecture pattern where an LLM's response is grounded in documents retrieved at query time from a vector index, rather than relying solely on the model's training data. Used for hallucination control, source citation, and freshness without retraining. **See:** - https://www.slavin.pro/en/Article-RAG-Architecture - https://www.slavin.ai/Compare-RAG-vs-Fine-tuning ## Right to Erasure (Right to be Forgotten) **Also:** right to erasure, right to be forgotten, Article 17 GDPR Article 17 right requiring the controller to delete the data subject's personal data under specified conditions (no longer needed, consent withdrawn, unlawfully processed, etc.). For LLM training corpora, fulfilment is contested — unlearning research is active but no production-grade method exists; mitigations focus on retrieval-side filtering. **See:** - https://www.slavin.ai/AI-Governance.aspx ## Right to Explanation **Also:** right to explanation, right of explanation GDPR Article 22 right of data subjects subject to solely-automated decisions producing legal or similarly significant effects to obtain 'meaningful information about the logic involved'. Sets the bar for AI explainability obligations. ## RLHF / RLAIF **Also:** RLHF, RLAIF, reinforcement learning from human feedback Post-training stage where a reward model trained on human (RLHF) or AI (RLAIF) preference labels shapes the LLM via reinforcement learning. Source of behavior like refusal patterns, helpfulness tone, and instruction-following. ## Robots meta tag **Also:** robots meta tag, Per-page directive (index/noindex, follow/nofollow, noarchive, max-snippet, etc.) telling search-engine crawlers what to do with the page. Lives in and applies only to that document; the granular complement to site-wide robots.txt. **See:** - https://www.slavin.ai/Methodology.aspx ## Roskomnadzor (РКН) **Also:** Roskomnadzor, РКН, RKN Russian federal regulator overseeing communications, IT, media. Enforces 152-FZ (data localization), blocks websites violating Russian law, registers data-processing operators. Notifications + reports filed via the РКН personal-data-operator registry. ## Rotary Position Embedding (RoPE) **Also:** RoPE, rotary position embeddings Position-encoding scheme that rotates query and key vectors in pairs by an angle proportional to token position, encoding relative position without learned position tables. Used by Llama, Mistral, Qwen and most modern open-weight models; supports context-length extension by interpolating or extending the rotation base. **See:** - https://www.slavin.ai/Compare-OpenAI-vs-Anthropic-vs-OpenSource.aspx ## Scaleup (Israeli tech context) **Also:** scale-up, Israeli scaleup Israeli industry term for a post-startup company past product-market fit and scaling internationally — typically Series B+ with >$10M ARR and a non-Israeli sales presence. Distinct from 'unicorn' (>$1B valuation); the Start-Up Nation Central scaleup database is the canonical Israeli reference. **See:** - https://www.slatech.co.il/about ## Schema.org **Also:** JSON-LD schema, structured data Shared vocabulary (W3C-endorsed, founded by Google/Microsoft/Yahoo/Yandex) for structured data on the web. Implemented via JSON-LD, Microdata, or RDFa. Foundation for SERP rich results and Knowledge Graph extraction. ## Schrems II **Also:** Schrems II, C-311/18 2020 Court of Justice of the EU ruling that invalidated the EU-US Privacy Shield and tightened Standard Contractual Clauses with mandatory Transfer Impact Assessments. Drove relocation of EU customer data to EU regions for major US clouds; superseded for US transfers by the Data Privacy Framework (2023+) but the assessment obligation persists for other jurisdictions. **See:** - https://www.slavin.ai/AI-Governance.aspx ## Server-Sent Events (SSE) **Also:** SSE, Server-Sent Events, text/event-stream One-way HTTP streaming protocol (Content-Type: text/event-stream) where the server pushes named events to the browser. Foundation under most LLM streaming-token UIs and one of the supported MCP transports. **See:** - https://api.slatech.co.il/mcp/info ## Service Worker **Also:** service worker, PWA service worker Background JavaScript context in the browser intercepting network requests, enabling offline-first PWAs and push notifications. Lifecycle: install → activate → fetch. Foundation of modern Progressive Web Apps. ## SOC 2 **Also:** SOC 2, AICPA SOC 2 AICPA attestation report covering controls relevant to Security, Availability, Processing Integrity, Confidentiality, and Privacy (the Trust Services Criteria). Type I is point-in-time; Type II covers a 6-12 month window. The default 'enterprise-ready' signal demanded in B2B SaaS procurement, including AI vendors. **See:** - https://www.slavin.ai/security-compliance.aspx ## Sparse Autoencoder (SAE) **Also:** SAE, sparse autoencoder Interpretability tool that learns an over-complete sparse dictionary of features over a transformer's residual stream. Used by Anthropic and DeepMind to extract monosemantic features from polysemantic neurons; the leading 2024-2026 approach to interpreting frontier model internals. **See:** - https://www.slavin.ai/AI-Governance.aspx ## Speculative Decoding **Also:** speculative decoding, speculative sampling, draft model Inference-time technique where a small draft model proposes the next N tokens and the target model verifies them in a single batched forward pass. Yields 1.5-3x throughput gains without sacrificing output distribution. ## Structured Output **Also:** structured output, schema-constrained output LLM generation mode where the output is constrained by a JSON Schema (or grammar, or regex). Implemented via constrained decoding so the model literally cannot emit non-conforming tokens. OpenAI Structured Outputs and the equivalent in Anthropic / Vertex AI / open-weights llama.cpp-grammars are the production-grade alternatives to retry-on-parse-error patterns. **See:** - https://www.slavin.ai/Methodology.aspx ## Subresource Integrity (SRI) **Also:** SRI, Subresource Integrity Browser security mechanism that pins a cryptographic hash of an external script or stylesheet in its integrity attribute. The browser refuses to execute the resource if the fetched bytes don't match. Defense against compromised CDNs and third-party supply-chain attacks. **See:** - https://www.slavin.ai/security-compliance.aspx ## Swarm (agent pattern) **Also:** Swarm, OpenAI Swarm, lightweight agent handoff Lightweight multi-agent pattern (popularized by OpenAI's Swarm cookbook) where each agent can hand the conversation off to a peer specialized for a subtask via tool-call. Stateless control flow — no central planner — relying on the LLM to choose handoff targets. **See:** - https://www.slavin.ai/AI-Governance.aspx ## SWE-Bench **Also:** SWE-Bench, SWE-Bench Verified Benchmark of real GitHub issues from 12 mature Python repositories — the model must produce a patch that passes the project's actual test suite. SWE-Bench Verified is a 500-issue human-validated subset that filters ambiguous or impossible issues. Headline coding-agent benchmark for 2025-2026 frontier model releases. **See:** - https://www.slavin.ai/Compare-OpenAI-vs-Anthropic-vs-OpenSource.aspx ## System Card **Also:** system card, AI system card Documentation of a deployed AI SYSTEM (not just a model) — including model versions used, system prompt, retrieval sources, guardrails, monitoring setup. Larger scope than a model card, addresses what regulators care about. ## Talpiot **Also:** Talpiot, תלפיות Elite 9-year IDF program combining a BSc (physics + math + CS) at Hebrew University with R&D officer service in technology units. Highly competitive (~50 cadets/year). Alumni include founders of Trax, Compass Security, multiple defense-tech firms. ## Tensor Processing Unit (TPU) **Also:** TPU, Tensor Processing Unit, Google TPU Google-designed ASIC for matrix-multiply-heavy workloads (transformer training and inference). TPU v5p (training) and v5e (inference) are the production generations; TPU v6 'Trillium' announced 2024. Only available on Google Cloud Platform. **See:** - https://www.slavin.ai/LLM-Cost-Calculator.aspx ## TensorRT-LLM **Also:** TensorRT-LLM, NVIDIA TensorRT-LLM NVIDIA's LLM-optimized inference compiler/runtime built on TensorRT. Aggressive fusion of attention kernels, in-flight batching, FP8 / INT4 quantization. Highest throughput option on H100/H200/Blackwell hardware; required for many cloud GPU vendor SLA commitments. **See:** - https://www.slavin.ai/Compare-OpenAI-vs-Anthropic-vs-OpenSource.aspx ## Text Generation Inference (TGI) **Also:** TGI, HF Text Generation Inference Hugging Face's production-ready LLM serving Rust toolkit. Streaming token output, dynamic batching, tensor parallelism, quantization (GPTQ, AWQ, bitsandbytes). Default Hugging Face Inference Endpoints backend; comparable to vLLM with tighter HF Hub integration. **See:** - https://www.slavin.ai/Compare-OpenAI-vs-Anthropic-vs-OpenSource.aspx ## Throughput (Tokens per Second) **Also:** TPS, tokens per second, throughput Inference performance metric — number of output tokens generated per second per request, or aggregate across concurrent requests. Distinct from per-request latency; vendors and serving stacks (vLLM, TGI, TensorRT-LLM) report sustained TPS at various concurrency levels in their benchmarks. **See:** - https://www.slavin.ai/LLM-Cost-Calculator.aspx ## Tokenization **Also:** tokenizer, BPE, byte-pair encoding, tiktoken Process of splitting text into integer 'token' IDs the model actually consumes. Byte-Pair Encoding (BPE) and SentencePiece are the dominant 2026 approaches. Tokenization affects cost (tokens billed), context-window math, and sometimes correctness for non-Latin scripts. ## Tool Use (function calling) **Also:** tool use, function calling, tools API LLM API surface where the developer declares typed functions and the model decides when to emit a tool_call instead of plain text. Replaced ad-hoc ReAct prompting with a structured protocol; the foundation under which most agentic frameworks (LangGraph, Anthropic agents, Vertex AI agent harness, MCP clients) operate. **See:** - https://www.slavin.ai/AI-Governance.aspx ## TPOT (Time Per Output Token) **Also:** TPOT, time per output token, inter-token latency Average latency between consecutive output tokens during streaming generation. Reciprocal of per-request throughput; together with TTFT it characterises real-time UX. Often quoted at p50 and p99 for SLA contracts on serving platforms. **See:** - https://www.slavin.ai/LLM-Cost-Calculator.aspx ## Training-Data Leak **Also:** training data leakage, memorization extraction Attack class where carefully-crafted prompts induce an LLM to verbatim regurgitate sensitive content it memorized at training time — PII, copyrighted text, license keys, private code. Amplified by larger models and repeated training samples; defended via data deduplication, differential privacy, and output filters. **See:** - https://www.slavin.ai/AI-Governance.aspx ## Transformer Architecture **Also:** transformer, transformer network Neural-network architecture introduced in 'Attention Is All You Need' (Vaswani et al., 2017) built on stacked self-attention + feed-forward blocks. Foundation of essentially every frontier LLM in 2026 (GPT, Claude, Gemini, Llama, Mistral). ## Tree of Thought (ToT) **Also:** ToT, tree-of-thoughts Reasoning method that extends chain-of-thought by exploring multiple candidate intermediate steps in parallel, scoring branches with a verifier, and backtracking when promising paths collapse. Higher quality than CoT on complex planning tasks at significantly higher inference cost. **See:** - https://www.slavin.ai/AI-Governance.aspx ## Trusted Types **Also:** Trusted Types API, trustedTypes Browser API plus CSP directive that makes DOM XSS sinks (innerHTML, script src, eval) refuse plain strings — they accept only typed objects produced by named policies. Reduces DOM XSS at the engine level instead of relying on developer discipline; supported in Chromium, behind a flag in Firefox. **See:** - https://www.slavin.ai/security-compliance.aspx ## TTFT (Time to First Token) **Also:** TTFT, time to first token Latency from request submission to the first output token streaming back. Dominated by prompt-fill time (KV-cache build), so scales with input length and concurrency. UX-critical metric for chat applications and a primary tuning target for inference platforms. **See:** - https://www.slavin.ai/LLM-Cost-Calculator.aspx ## Unit 8200 **Also:** 8200, Unit 8200, יחידה 8200 Israeli Defense Forces signals-intelligence unit, alma mater of a disproportionate share of Israeli cybersecurity + AI founders (Check Point, Palo Alto Networks, Wiz, NSO, CyberArk). 'Ex-8200' is shorthand for elite technical-military background. ## Vector Database **Also:** vector DB, vector store, embedding store A database optimized for similarity search over high-dimensional vectors (typically embeddings). Used in RAG and recommendation systems. Examples: Pinecone, Weaviate, PGVector, Milvus, Qdrant. **See:** - https://www.slavin.ai/Compare-Vector-Databases ## Vertical AI **Also:** industry AI, domain-specific AI AI products built for a specific industry (legal, medical, hospitality) rather than broad horizontal use. Higher quality per task, narrower market, harder to commoditize. Common winner in 2025-2026 SaaS landscape. **See:** - https://www.slavin.pro/en/Article-Vertical-AI ## Vision-Language Model (VLM) **Also:** VLM, vision-language model, multimodal LLM Model trained to consume both images and text and produce text. Modern frontier examples: GPT-4o, Claude 3.5 Sonnet (vision), Gemini Pro Vision, Qwen-VL, Pixtral. Default architecture for document understanding, screenshot reasoning, and OCR-replacement tasks. **See:** - https://www.slavin.ai/Compare-OpenAI-vs-Anthropic-vs-OpenSource.aspx ## vLLM **Also:** vLLM, vLLM serving engine Open-source high-throughput LLM inference and serving engine from UC Berkeley. Centered on PagedAttention (memory-efficient KV cache management) and continuous batching. Default self-hosted serving choice for Llama, Mistral, Qwen, Mixtral classes in production. **See:** - https://www.slavin.ai/Compare-OpenAI-vs-Anthropic-vs-OpenSource.aspx ## Weaviate **Also:** Weaviate, weaviate.io Open-source vector database written in Go with built-in embedding-model modules (text2vec-openai, text2vec-cohere, multi2vec-clip). GraphQL query layer; strong fit when you want the DB to also call the embedder so application code only sees text or images. **See:** - https://www.slavin.ai/Compare-Vector-Databases.aspx ## Web Application Firewall (WAF) **Also:** WAF, web application firewall Network appliance / cloud service inspecting HTTP traffic for OWASP-Top-10 attack patterns. Modern WAFs (Cloudflare, AWS WAF, Imperva) layer rate limiting, bot management, and AI-output guardrails on top of classic rule engines. ## WebAssembly (WASM) **Also:** WebAssembly, WASM, Wasm Binary instruction format for a stack-based VM, designed as a portable compilation target for languages like Rust, Go, C++. Runs in browsers AND server-side (Wasmtime, WasmEdge). Used in edge functions and sandboxed plugin systems. ## WebAuthn / Passkeys **Also:** WebAuthn, passkey, passkeys, FIDO2 W3C standard for public-key authentication, replacing passwords with cryptographic key pairs bound to a device or password manager. Phishing-resistant by design. Passkeys are the user-facing brand (Apple, Google, Microsoft synced). ## WebSocket **Also:** WebSocket, WS protocol, RFC 6455 Persistent full-duplex TCP-style messaging protocol over HTTP upgrade handshake (RFC 6455). Standard transport for low-latency streaming UI (chat, live trading, agent token-stream UIs). Server-Sent Events and HTTP/2-streaming are the two common alternatives. **See:** - https://www.slavin.ai/Methodology.aspx ## X-Frame-Options **Also:** X-Frame-Options, XFO Legacy HTTP response header (DENY / SAMEORIGIN / ALLOW-FROM) that prevents the page from being framed by other origins, defending against clickjacking. Superseded by the more flexible CSP frame-ancestors directive but still emitted as a fallback for older browsers. **See:** - https://www.slavin.ai/security-compliance.aspx ## X-Robots-Tag (HTTP header) **Also:** X-Robots-Tag HTTP response-header version of the robots meta directive. Necessary for non-HTML resources (PDFs, images, JSON datasets) where you can't embed a meta tag. Used across the SLAtech network to allow LLM-crawler ingest of datasets while keeping admin pages out of search. **See:** - https://www.slavin.ai/Methodology.aspx ## Yozma Fund **Also:** Yozma, יוזמה 1993 Israeli government VC matching program that catalyzed the Israeli venture-capital industry. Government invested $100M alongside private VCs; resulted in 10 funds that returned $7B+. Template later copied by South Korea, Singapore, Russia. ## ГосСОПКА (State System for Detection, Prevention and Mitigation of Computer Attacks) **Also:** GosSOPKA, State System for Detection of Computer Attacks Russian state cybersecurity incident-reporting system operated by FSB Center 8. Critical Information Infrastructure subjects (КИИ) must register with GosSOPKA and report computer incidents within statutory windows under 187-FZ. Applies to AI/IT systems classified as КИИ in healthcare, finance, energy, transport, telecoms. **See:** - https://www.slatech.ru/152-FZ-Checklist ## Госуслуги (Gosuslugi) **Also:** Госуслуги, Gosuslugi, ЕСИА Unified Russian government digital services portal. Powered by ЕСИА (Unified Identification and Authentication System) — the federal SSO. Citizens, legal entities, foreign nationals use it for tax, immigration, business filings. ## ИНН / КПП Codes **Also:** ИНН, КПП, INN, KPP ИНН (Individual Taxpayer Number) is a 10-digit (legal entity) or 12-digit (individual) ID assigned by ФНС. КПП (Reason-for-Registration Code) is a 9-digit company classifier. Together they uniquely identify a Russian legal entity branch. ## Критическая Информационная Инфраструктура (КИИ) **Also:** KII, Critical Information Infrastructure, 187-FZ subject Russian regulatory category under federal law 187-FZ covering information systems whose disruption would harm 14 critical sectors (healthcare, finance, energy, transport, telecoms, defense industry, science, banking, fuel-and-energy, mining, metallurgy, chemical, rocket-and-space, nuclear). Operators must classify their systems into significance categories 1-3 and register with FSTEC + GosSOPKA. **See:** - https://www.slatech.ru/152-FZ-Checklist ## ОКВЭД Codes **Also:** ОКВЭД, OKVED, Russian industry codes All-Russian Classifier of Economic Activities. 5-digit hierarchical codes assigned to a legal entity at registration, declaring its primary + secondary activities. Required field on contracts + invoices. AI/IT companies typically code 62.01 / 62.02 / 62.09. ## ФНС (Federal Tax Service) **Also:** ФНС, FNS, Federal Tax Service Russian federal tax authority. Registers legal entities, issues ИНН (taxpayer ID) + КПП codes, runs the EGRYUL/EGRIP registries. Tech companies operating in RF interact via the К1+ digital reporting channels. ## ФНС API + СБИС **Also:** nalog.ru API, СБИС, API ФНС Programmatic interfaces to Russian tax service. Public endpoints (egrul.nalog.ru) for company lookup; auth'd channels (СБИС, Контур, 1C-Отчётность) for filings + EDI. Most production B2B SaaS in RF integrates here. ## ФСТЭК России (FSTEC of Russia) **Also:** FSTEC, Federal Service for Technical and Export Control Russian federal agency for technical and export control. Maintains the certified-software registry, the threat database (БДУ), and the protection-class hierarchy (К1-К4, УЗ-1 to УЗ-4) for information systems handling personal data and state secrets. Mandatory reference point for any AI/IT system processing PII under 152-FZ. **See:** - https://www.slatech.ru/152-FZ-Checklist --- End of glossary.