Dataminr Glossary

Agentic AI represents a groundbreaking advancement in artificial intelligence, emphasizing autonomy and proactive decision-making. Unlike reactive systems, Agentic AI is designed to actively interpret data, anticipate needs, and execute actions without continuous human oversight.

Agentic Threat Intelligence (ATI) represents a new frontier in cybersecurity, harnessing the power of advanced analytics, automation, and real-time insights to empower proactive defense strategies. It’s an AI-driven approach to cyber threat intelligence where autonomous, goal-directed AI agents continuously discover, investigate, and prioritize threats in real time. Instead of waiting for analysts to query data, agentic systems actively surface relevant risks, correlate signals, and deliver decision-ready intelligence.

Alert triage systematically evaluates, prioritizes, and responds to security alerts. It ensures security teams focus on the most critical threats. Streamlined alert triage prevents security teams from getting overwhelmed with false positives and low-priority notifications, enabling them to identify and respond to essential threats—and reducing the likelihood of a breach.

Corporate security is the strategic policies, measures, processes, protocols, and technologies implemented by private sector organizations to protect people, assets, and operations. When taking a holistic approach, a number of teams can be involved in the risk management activities designed to identify, avoid, mitigate, and respond to a broad range of internal and external events, threats, and risks.

Cyber-Physical Security (CPS) defends integrated systems that control physical processes using digital components (Cyber-Physical Systems). Unlike traditional IT security, CPS protects real-world safety and operational continuity, making it vital for critical infrastructure (e.g., power grids, utilities, transportation).

Continuous Control Monitoring (CCM) is a cybersecurity capability that continuously evaluates the effectiveness of security controls using real telemetry from an organization’s security stack. Rather than relying on periodic audits or manual compliance checks, CCM automatically validates whether defensive controls are active, properly configured, and capable of mitigating real-world threats. 

Cyber risk quantification (CRQ) is evaluating and assigning financial value to your organization’s potential cyber risks. Rather than using ambiguous metrics, CRQ translates potential threats to the organization, including financial losses, operations disruption, and reputational damage, into monetary terms, giving businesses a clear understanding of the financial impact of cyber incidents.

Cyber threat data aggregation is the meticulous process of collecting, consolidating, and analyzing all data relating to cyber threats. Data can come from multiple sources, including third-party sites and commercial sources. The primary goal of cyber data aggregation is to provide organizations with comprehensive information about potential threats and help them devise a mitigation plan to prevent possible data breaches and future cyberattacks.

Cyber Threat Intelligence (CTI), often referred to as threat intelligence, is information about potential or current threats to an organization. It involves aggregating, transforming, and enriching raw data into intelligence that can be analyzed, disseminated, and acted upon. By understanding the cyber threat landscape, organizations can proactively defend against attacks, mitigate risks, and enhance their overall security posture.

Cybersecurity risk assessment is the process of identifying and evaluating potential threats to an organization’s digital infrastructure. Organizations must determine threats and vulnerabilities, assess their likelihood of occurring, and measure their potential impact.

Continuous Threat Exposure Management is a proactive security approach that shifts organizations from reactive remediation to continuous exposure reduction. Rather than treating vulnerabilities, identities, and misconfigurations as isolated issues, CTEM unifies them into a single, risk-based view of what adversaries can actually exploit.

Executive protection encompasses the specialized security measures, protocols, and advanced planning dedicated to ensuring the safety of high-profile individuals, such as C-suite executives, board members, celebrities, athletes, and government officials. This discipline focuses on mitigating specific targeted risks—ranging from physical attacks and harassment to kidnapping and privacy breaches—that target individuals due to their status, wealth, or influence.

Federated search is simultaneously retrieving information across multiple websites, online databases, and repositories using a single search tool. This strategy makes large amounts of data easily searchable when compared to using several sets of indexes. Federated search can reduce data duplication, but it also requires secure integrations and access controls to keep users and systems protected.

Force protection consists of the preventive measures taken to mitigate hostile actions against military personnel, resources, facilities, and critical information. It is an operational necessity applied in all environments—from home stations to combat zones—to ensure the force remains safe, capable, and ready to execute its mission.

Generative AI refers to a class of artificial intelligence systems designed to create new content, ideas, or outputs similar to existing data. By leveraging advanced machine learning models, it can generate text, images, music, and more, mimicking human creativity while relying on patterns and structures it has learned from substantial datasets. 

Incident response refers to the steps and strategies an organization implements to detect and respond to cyberattacks or data breaches. It involves developing a strategic plan that aims to prevent cybersecurity incidents and minimize damage, operational disruptions, and costs.

An Indicator of Compromise (IoC) is used to identify potential security breaches or malicious activities within computer systems, networks, or digital environments. IoCs serve as “red flags” that security analysts and systems can use to detect and respond to threats. They encompass various types of evidence, such as malicious files, network traffic patterns, unusual behaviors, or specific characteristics associated with cyberattacks. By monitoring and analyzing IoCs, security professionals can better safeguard their systems and data against cyber threats.

ISO 42001 is a globally recognized standard focused on the governance and ethical management of artificial intelligence (AI) systems. It outlines key principles, requirements, and best practices to ensure AI technologies are developed, deployed, and maintained with a focus on transparency, accountability, risk management, and fairness. The standard aims to foster trust in AI by addressing significant challenges such as bias, data quality, and lifecycle sustainability while providing a robust framework for organizations to follow.

Large Language Models (LLMs) are an advanced category of artificial intelligence frameworks designed to process and generate human-like text. Leveraging vast datasets and powerful computational methods, LLMs have revolutionized the way machines understand and produce language. They find applications in numerous industries, driving innovation in automation, customer service, threat intelligence, and more.

Malware analysis is the process of studying the origin, functionality, and potential effects of malicious software. It involves analyzing malware code to understand how it works, how it differs from other types, and the source of the attack. By dissecting malware, organizations can better understand how to defend and protect their systems from future threats.

MITRE Adversarial Tactics, Techniques, and Common Knowledge, or MITRE ATT&CK, is a public knowledge base of adversary tactics, techniques, and procedures (TTPs) based on real-world observations. It’s a globally accessible repository used as the basis for developing many specific threat models and methodologies in cybersecurity, government, and the private sector.

Predictive Intelligence refers to the application of advanced analytics, artificial intelligence (AI), and machine learning to anticipate future events, behaviors, and risks. By analyzing large and diverse datasets to identify patterns and anomalies, Predictive Intelligence enables organizations to proactively mitigate threats, optimize security operations, and make data-driven decisions in dynamic environments—especially in physical and cybersecurity where emerging adversary tactics demand early visibility.

Real-Time AI processes, analyzes, and responds to incoming data with minimal latency, often in milliseconds. Unlike traditional batch processing, real-time AI is engineered for immediate action, powered by high-speed data streams and optimized infrastructure for continuous, instantaneous application of insights. Its core value is enabling instantaneous, high-stakes decisions and personalization at scale.

Risk Intelligence is the practice of systematically collecting, analyzing, and synthesizing data from across an organization and its external environment to provide a comprehensive, real-time understanding of potential threats and vulnerabilities.

Threat Detection and Response (TDR) is the discipline of continuously identifying, analyzing, and responding to cyber threats across the attack lifecycle. Modern TDR combines analytics, threat intelligence, automation, and response workflows to reduce exposure time and prevent business-impacting incidents.

Travel risk management (TRM) is a comprehensive program organizations use to ensure the safety, security, and well-being of employees traveling for business. It goes beyond simple travel planning and logistics to encompass a continuous cycle of preparing, monitoring, and supporting travelers against a wide array of potential risks—from medical emergencies and transport accidents to geopolitical instability and natural disasters.

Threat Intelligence Operations is a critical component of modern cybersecurity, empowering organizations to proactively identify, analyze, and respond to evolving cyber threats. More specifically, they’re the people, processes, and technologies that transform raw threat data into actionable intelligence to drive critical security decisions and response priorities.

Vulnerability prioritization is the systematic process of ranking security vulnerabilities based on multiple risk factors (including severity, exploitability, business impact, asset criticality, and threat intelligence) to determine which should be remediated first. Rather than fixing every vulnerability or relying solely on CVSS scores, this risk-based approach enables security teams to focus limited resources on addressing the weaknesses that pose the greatest actual risk to the organization, ensuring remediation efforts align with business priorities and deliver the most significant risk reduction.