AI & Emerging TechGlossary

Software designed to perform tasks that previously required human intelligence — recognizing patterns, understanding language, making predictions, generating content. "AI" is the umbrella term; specific techniques (machine learning, large language models) are subsets.

Why it matters: When vendors say their product "has AI in it," the useful question is which kind, doing what specifically. Generic AI claims have become marketing noise; specific capabilities ("summarizes meeting transcripts using an LLM") are the useful ones.

Related: Machine Learning, LLM

A category of AI where software learns patterns from example data, rather than being explicitly programmed with rules. Examples: spam filters that learn from labeled emails, fraud-detection systems that learn from past transactions, recommendation engines that learn from user behavior.

Why it matters: Most "AI" products in business today are actually machine learning — pattern-matching against historical data. The implication: ML systems are only as good as the data they trained on, and they fail in new ways the training data didn't cover.

Related: AI, LLM, Training Data

A type of AI model trained on massive amounts of text to predict the next word in a sequence — and through that, to generate human-like writing, answer questions, summarize documents, and write code. GPT (OpenAI), Claude (Anthropic), Gemini (Google) are LLMs.

Why it matters: LLMs are what most people mean when they say "AI" today. The capability is real and dramatic, but LLMs also confidently produce wrong answers (hallucinations), have knowledge cutoffs, and don't actually "understand" the way humans do.

Related: AI, ML, Prompt, Hallucination, Context Window, Token, Training Data, ChatGPT, Claude, AI Agent, RAG, Document AI, Voice AI, Prompt Injection, Data Leakage to LLMs

The text instruction (or question) you give a large language model — the input. "Prompt engineering" is the discipline of crafting prompts that reliably produce useful outputs, since small wording changes can dramatically change the response.

Why it matters: The same LLM can produce excellent or useless output depending on the prompt. "Summarize this email" gives generic results; "Summarize this email as three bullet points focused on action items the recipient must take" gives useful ones. Prompt skill is a learnable competency.

Related: LLM, Context Window, Prompt Injection

The basic unit of text an LLM processes — usually a word fragment (3-4 characters for English). "Hello world" is about 3 tokens. LLM pricing, context window limits, and processing speed are all measured in tokens.

Why it matters: When pricing AI usage, tokens are the meter. A 1,000-word document might be 1,300 tokens going in; the response might be 500 tokens coming out. At a tenth of a cent per thousand tokens, small experiments are cheap; large-scale usage adds up.

Related: LLM, Context Window

The maximum amount of text (measured in tokens) an LLM can take into account for a single response — your prompt plus any documents you've attached plus the conversation history so far. Modern LLMs range from ~8,000 tokens to over 1 million.

Why it matters: Bigger context windows let you ask questions about whole documents, codebases, or long conversations without summarizing first. The trade-off is cost (more tokens = more money) and sometimes accuracy (LLMs can miss details in very long contexts).

Related: LLM, Prompt, Token

When an LLM generates output that sounds plausible and is delivered with confidence but is actually false — invented citations, fabricated quotes, made-up technical details. Not the LLM "lying"; it's a side effect of how LLMs work (predicting plausible-sounding next words, not retrieving verified facts).

Why it matters: Hallucinations are why LLM output should be verified before being used for anything with real consequences — legal documents, financial figures, technical references. "It came from AI" isn't a citation; it's a starting point for fact-checking.

Related: LLM, Training Data

The dataset used to teach an AI or ML model what patterns to recognize and what outputs to generate. For an LLM, training data is typically billions of pages of text — websites, books, code, articles. The training data shapes (and limits) what the model can do.

Why it matters: Two things flow directly from training data: (1) what the model knows (anything not in the training data, the model doesn't know about, including events after the training cutoff), and (2) the model's biases — if the training data over-represented one perspective, the model's output will too.

Related: ML, LLM, Hallucination, Model Poisoning

OpenAI's consumer-facing chat product, built on the GPT family of large language models. Free and paid tiers; the paid tier (ChatGPT Plus, Team, Enterprise) provides access to more capable models, longer context, and (in Team/Enterprise tiers) some data-protection guarantees.

Why it matters: ChatGPT made LLMs mainstream and is often the first AI tool businesses adopt. For business use, the free tier has data-privacy concerns; the paid Team/Enterprise tiers add the contractual protections most regulated businesses need.

Related: LLM, Claude, Copilot for M365

The family of large language models built by Anthropic. Known for long context windows (up to 1 million tokens on enterprise tiers), strong reasoning, and a focus on safety research. Available via the Claude.ai chat interface, the Anthropic API, and integrations (Claude Code, partner platforms).

Why it matters: Claude and ChatGPT are the two LLMs most commonly adopted in business. Capabilities are broadly comparable; preferences come down to specific use cases (long documents favor Claude; ecosystem integrations may favor ChatGPT) and pricing models.

Related: LLM, ChatGPT, Copilot for M365

An AI system that can take actions on its own — call APIs, browse the web, send emails, query databases, write code — in pursuit of a goal you've given it. Distinct from a chatbot that only generates text in response to your messages. Powered by LLMs plus the ability to use tools.

Why it matters: Agentic AI is where the most meaningful business productivity gains are happening — agents can complete multi-step workflows that previously required a human at each step. The trade-off is needing strong guardrails: an agent that can take actions can also take wrong actions at scale.

Related: LLM, Agentic Workflow, Workflow Automation

A workflow where an AI agent performs multiple steps autonomously — for example, monitoring an inbox, classifying messages, drafting responses, and creating tickets for ones needing human attention. The agent makes decisions at each step rather than following a hard-coded flowchart.

Why it matters: Agentic workflows automate the parts of a business process that previously needed human judgment, not just human keystrokes. The transformation potential is large; so is the responsibility to monitor what the agent actually does in production.

Related: AI Agent, RAG, Workflow Automation

An AI architecture where the LLM is given relevant information from your own data sources (documents, knowledge base, database) at query time — "retrieve" the right context, then "generate" the answer using it. Solves the problem of LLMs not knowing about your private business data.

Why it matters: RAG is how AI products give accurate, business-specific answers without retraining the model on your data. Copilot for M365, customer-service AI, internal knowledge-base search — most useful business AI uses RAG under the hood.

Related: LLM, Agentic Workflow, Document AI

Software that strings together multiple steps in a business process — when X happens, do Y, then Z. Modern workflow automation increasingly incorporates AI for steps requiring judgment (classifying an email, summarizing a document, deciding whether a request fits a policy).

Why it matters: Most businesses underuse workflow automation. The wins are real and unglamorous: invoice approval routing, new-hire provisioning, customer-request triage. AI extends what's automatable into tasks that previously needed a human.

Related: AI Agent, Power Automate, Agentic Workflow

AI specialized in reading and understanding documents — invoices, contracts, receipts, forms. Extracts structured data (vendor, amount, date) from unstructured documents, classifies them, summarizes them, or routes them based on contents.

Why it matters: Document AI replaces a huge category of manual data entry — accounts-payable processing, lease abstraction, claims handling. Modern document AI handles handwriting, low-quality scans, and unusual layouts that traditional OCR couldn't.

Related: LLM, RAG

AI for processing speech — transcribing meetings, generating natural-sounding speech, conducting voice-based customer interactions. Modern voice AI is fast enough for real-time conversations and accurate enough that most users can't distinguish it from human speech.

Why it matters: Voice AI is reshaping customer service (24/7 voice agents) and meeting productivity (automatic transcription and summarization). It also enables AI-generated vishing attacks — the same tech that helps your call center can be weaponized against your staff.

Related: LLM, Vishing

An attack where malicious instructions are smuggled into an LLM via the input — a document the LLM is asked to summarize, a website it's asked to read, an email it's asked to process. The LLM then follows the attacker's instructions instead of (or in addition to) yours.

Why it matters: Prompt injection is the LLM-era equivalent of social engineering. As AI agents gain the ability to take actions, prompt injection becomes a way for attackers to make them take harmful actions — sending emails, transferring data, executing transactions.

Related: Prompt, LLM, Social Engineering

When employees paste sensitive business data (customer records, financial information, source code, contracts) into consumer AI tools (ChatGPT free tier, public chatbots), the data may be retained by the provider and potentially used to train future models. Business AI tiers typically address this contractually.

Why it matters: Most data leakage isn't malicious — it's an employee who wanted to summarize a customer email or analyze a spreadsheet. AI policies and approved tooling are the answer; banning AI doesn't work because it pushes use into shadow channels.

Related: LLM, Shadow AI, DLP, AI Policy

An attack on the AI model itself, where malicious data is introduced into the training set to make the model behave incorrectly in specific situations — recognize certain inputs as safe when they aren't, produce attacker-favorable outputs for certain queries. A supply-chain attack on AI.

Why it matters: Most businesses don't train their own models, so this risk is indirect: do you trust the providers of the AI tools you use? Established providers (OpenAI, Anthropic, Microsoft) have controls; lesser-known open-source models with unclear training provenance are higher-risk.

Related: Training Data, Supply Chain Attack

Unsanctioned AI tool use by employees — ChatGPT free accounts, browser extensions with AI features, AI-powered productivity apps not approved by IT. The AI version of "shadow IT." Driven by employees wanting productivity gains faster than IT can evaluate and approve tools.

Why it matters: Shadow AI is the #1 source of unintentional data leakage to LLMs. The defense isn't prohibition — it's offering approved AI tools that meet employee needs, plus monitoring for unsanctioned use through DLP and network controls.

Related: Data Leakage to LLMs, AI Policy

An organization's documented rules for AI use — what tools are approved, what data can and can't be shared with AI, what disclosure is required when AI is used in customer-facing work, who's responsible for AI decisions. Adjacent to but distinct from acceptable-use policies for general IT.

Why it matters: Without an AI policy, employees make individual decisions about AI use, often with little awareness of data-privacy implications. With one, the organization has guardrails and a defensible position when something goes wrong.

Related: AI Acceptable Use, Shadow AI, AUP, Data Leakage to LLMs, Disclosure Requirements

The employee-facing portion of an AI policy — written so that staff can read, understand, and sign off on what they can and can't do with AI tools. Should cover specific scenarios ("can I paste a customer email into ChatGPT to draft a reply?") rather than abstract principles.

Why it matters: Vague AI policies fail in practice. Employees doing real work need to know the answer to specific questions in the moment, not derive it from principles. The acceptable-use document is what gets read; the broader policy is what gets cited.

Related: AI Policy, AUP

The obligation (legal, ethical, or contractual) to inform customers, clients, or other parties when AI is being used in interactions or work product. Becoming codified in law in some jurisdictions (EU AI Act, U.S. state regulations) and in professional-conduct rules (bar associations, medical boards).

Why it matters: Disclosure is where AI governance meets professional ethics. A lawyer using AI to draft a contract, a doctor using AI in diagnosis, a financial advisor using AI for analysis — these may all have disclosure obligations that vary by jurisdiction. Worth checking, not assuming.

Related: AI Policy, Client Confidentiality

Running computation close to where the data is generated — on the device, in the local office, or in a regional facility — rather than sending it to a central cloud data center. Reduces latency for time-sensitive applications and bandwidth costs for data-heavy ones.

Why it matters: Edge computing matters for businesses with real-time needs (manufacturing sensors, retail point-of-sale, video security) or with intermittent connectivity (remote sites, mobile operations). For pure office workloads, cloud is usually still simpler.

Related: IoT, Latency

Network-connected devices that aren't traditional computers — security cameras, thermostats, manufacturing sensors, point-of-sale terminals, smart locks, voice assistants. Each one is a small computer with limited computing capacity but full network access.

Why it matters: IoT devices are notoriously hard to secure (rarely patched, often have default passwords, limited update mechanisms). Putting them on a separate VLAN — isolated from your main business network — is the standard defensive practice.

Related: Edge Computing, Network Segmentation

A computing paradigm using quantum-mechanical phenomena (superposition, entanglement) to perform certain types of calculations vastly faster than classical computers. Not faster at everything — specialized for problems like optimization, simulation, and cryptography.

Why it matters: Practical quantum computers are still emerging, but the cryptographic implications are immediate: a sufficiently powerful quantum computer could break much of today's encryption. The remediation is happening now (post-quantum cryptography), not waiting for the threat to be live.

Related: Post-Quantum Cryptography, SSL/TLS

Encryption algorithms designed to remain secure even against attack by sufficiently powerful quantum computers. NIST standardized the first PQC algorithms in 2024; major vendors (Microsoft, Apple, Google, Cloudflare) have begun rolling out support in their products.

Why it matters: Today's encrypted traffic could be "harvest now, decrypt later" — captured today, broken in a decade once quantum computing matures. Sensitive long-lived data (legal records, healthcare data, intellectual property) is where PQC adoption matters first. Most businesses inherit it from their vendors.

Related: Quantum Computing, SSL/TLS