Glossary

AI Gateway / Control Plane — the governed layer between employees and any AI model.

AI Governance — the in-product surface that shows the policy decision for each request, before the model responds.

Access-trimming — filtering retrieved documents to only what the requesting user is permitted to see, defaulting to deny.

Action — what happens to a request: allow, redact, route, block, or require approval.

Audit log / governance log — the immutable, append-only record of every decision; the system of record.

BYOK — "bring your own key/model": routing to your own provider, such as Azure OpenAI or AWS Bedrock.

Data class — the category of sensitivity assigned to a request or document (PII, PCI, financial, secrets, public…).

Decision Banner — the banner shown before an answer that displays the governance verdict.

DLP — data-leak protection: detecting and handling sensitive content.

Enforce mode — governance actively blocks and redacts (versus monitor mode).

Grounding — answering using your own documents, governed.

Monitor mode — governance observes and logs without blocking, used to baseline behavior before enforcing.

Policy matrix — the customer-owned table mapping each data class to a minimum trust tier, a fallback action, and an internet policy.

RBAC — role-based access control.

Trust tier — how trusted a destination is: public frontier, enterprise-managed, customer-managed, or private/local.