AI & vibe coding glossary.

AI systems that take actions in the world over multiple steps, not just produce a single response.

Software development where an AI agent autonomously plans, writes, tests and ships code with minimal human keystrokes.

A large AI model pre-trained on broad data that can be adapted to many downstream tasks.

When an AI model generates output that is plausible but factually incorrect or fabricated.

An open standard from Anthropic that lets AI assistants connect to external tools and data sources securely.

The practice of writing inputs to AI models in ways that produce reliable, well-structured outputs.

The hidden instructions sent to a language model before any user input, defining its role, rules and behaviour.

A specialised database that stores text or other content as numeric embeddings and supports similarity search.

A browser-based full-stack AI app builder by StackBlitz that ships working apps from natural language prompts.

Anthropic's command-line agentic coding tool that reads, writes and edits code across an entire repository.

A web-based AI app builder that generates React + Supabase applications from natural language prompts.

An open-source, fair-code automation platform that you can self-host or run as a managed cloud service.

An open-source backend-as-a-service that provides a Postgres database, auth, storage and edge functions.

An attack where a user's authenticated session is abused to perform actions they did not intend, by tricking their browser into making a request.

An attack where malicious script is injected into a trusted website and runs in other users' browsers.

OWASP's parallel security list specifically for applications built on large language models.

An authorised simulated attack on a system to find vulnerabilities before a real attacker does.

A model where permissions are granted to roles, and users are assigned to roles, rather than permissions being assigned per user.

An attack where a server is tricked into making an HTTP request to an internal or unexpected destination on behalf of an attacker.

A security model where no user, device or service is trusted by default, including those inside the network perimeter.

The national regulator of charities in Australia, responsible for registration, transparency and governance.

The Australian government's lead agency for cyber security, part of the Australian Signals Directorate.

The Australian Cyber Security Centre's recommended baseline of eight mitigation strategies for protecting business systems against cyber threats.

An ASD program of independent assessors who evaluate ICT systems against Australian government security requirements.

The independent regulator for safety, well integrity and environmental management of Australian offshore oil and gas operations.

Australian law requiring organisations covered by the Privacy Act to notify affected individuals and the OAIC about eligible data breaches.

The Australian federal law that governs how organisations collect, use, disclose and protect personal information.

An HTTP response header that tells browsers which sources of script, style, image and other content the page is allowed to load.

A named value injected into an application at runtime, used to configure behaviour and inject secrets without committing them to code.