Glossary

Key terms and concepts used throughout Serpentine documentation.

A

Asset Graph: A continuously updated representation of all security-relevant entities (devices, users, applications, data stores) and their relationships within an organization's environment.
Attack Path: A sequence of vulnerabilities, misconfigurations, or excessive permissions that an attacker could chain together to reach a target asset. Serpentine's Offense module identifies and validates these paths.
AI-Security (ProtivAI): Secures AI/ML infrastructure — model registries, training pipelines, inference endpoints. Detects prompt injection, model poisoning, and AI-specific attack vectors. One of Serpentine's ten core modules.
Agent Control (Zastapnik): The agentic action layer. Governs AI agents and MCP tools acting in your environment — tool-poisoning detection, agent-as-identity enforcement, and reachability analysis over the graph. One of Serpentine's ten core modules.
Agent Intelligence Layer: Watches AI agents and MCP tools acting in your environment — agent invocations, tool calls, and machine-identity activity. Feeds tool-poisoning detection and agent-as-identity governance. One of Serpentine's seven intelligence layers.

Blast Radius: The potential scope of damage if a specific vulnerability is exploited or control fails. Calculated by analyzing the asset graph to determine what an attacker could access from a compromised starting point.
Behavioral Intelligence Layer: Analyzes patterns of activity across identity, network, and application layers. Detects anomalous behavior and indicators of compromise that signature-based detection misses. One of Serpentine's seven intelligence layers.

Compliance Drift: The gradual degradation of security controls between audit periods. Traditional compliance is point-in-time; Serpentine provides continuous validation to prevent drift.
Continuous Validation: The practice of regularly testing security controls through automated offensive techniques, rather than relying on periodic assessments or assumed configurations.
Control: A security measure implemented to protect assets, enforce policies, or meet compliance requirements. Examples include firewall rules, access controls, encryption, and monitoring.
Control State Contradiction: A situation where a security control is documented or configured but doesn't function as intended. Example: a firewall rule that should block traffic but has an exception that permits it.
Classification (Podatoci): Data discovery and classification across cloud storage, databases, and repositories. Identifies sensitive data, tracks data flows, and maps to compliance obligations. One of Serpentine's ten core modules.

Decision Intelligence: Serpentine's capability to provide context-aware recommendations by analyzing the security graph, historical data, and organizational priorities to guide response actions.
Detection (Odbrana): The identification of vulnerabilities, misconfigurations, and exposures through continuous scanning of web applications, APIs, infrastructure, and cloud assets. One of Serpentine's ten core modules.
DORA: Digital Operational Resilience Act. EU regulation establishing requirements for ICT risk management, incident reporting, resilience testing, and third-party risk management for financial entities.

Evidence: Artifacts that demonstrate a security control's existence and effectiveness. In Serpentine, evidence is collected automatically and linked to compliance requirements in the security graph.
Exposure Intelligence Layer: Monitors your external attack surface — exposed services, leaked credentials, dark web mentions, brand impersonation, and supply chain dependencies. One of Serpentine's seven intelligence layers.

Governance (Regulativa): Continuous compliance monitoring across 35+ frameworks and 3,000+ obligations, with automatic evidence packet generation from substrate findings. One of Serpentine's ten core modules.
Graph-Based Security: An architectural approach where security data is stored as interconnected nodes and relationships rather than isolated records, enabling complex queries about how entities relate to each other.

Hardening (Postava): Automated hardening for Linux hosts — firewall, SSH, kernel parameters, intrusion detection — with continuous drift monitoring. One of Serpentine's ten core modules.

Investigation (Istraga): Adversarial reasoning engine that synthesizes signals across all modules, predicts emerging risk, and produces written analysis grounded in substrate evidence. One of Serpentine's ten core modules.

NIS2: Network and Information Security Directive 2. EU directive expanding cybersecurity requirements to more sectors and introducing stricter supervisory measures and enforcement.

Offense (Napad): Controlled exploit verification that proves which vulnerabilities are actually exploitable in your environment, not just theoretically vulnerable. One of Serpentine's ten core modules.
Oversight (Nadzor): Identity security and access governance — monitors privilege escalation paths, dormant accounts, excessive permissions, and identity-based attack paths. One of Serpentine's ten core modules.
OSINT: Open Source Intelligence. Information gathered from publicly available sources to assess external attack surface, leaked credentials, or threat actor activity.

Policy-as-Code: Security policies defined in machine-readable formats that can be automatically enforced, tested, and version-controlled alongside infrastructure code.
Posture: The overall security state of an organization, including the effectiveness of controls, presence of vulnerabilities, and compliance status.

Sovereign Inference (Jadro): The sovereign brain the agentic modules reason on. Runs reasoning on managed cloud models or a local, air-gapped model with zero egress, so your security graph and prompts never leave your environment. One of Serpentine's ten core modules.
Security Graph: Serpentine's unified data model that connects assets, vulnerabilities, controls, compliance requirements, and validation results into a queryable knowledge graph.
Security Substrate: The foundational layer of Serpentine's architecture that ingests, normalizes, and correlates data from all sources into the unified security graph.
Sovereignty: Control over where data is stored and processed, typically to meet regulatory requirements like GDPR. Serpentine offers EU-sovereign deployment options.

Telemetry: Data collected from security tools, infrastructure, and applications that provides visibility into the environment's state and activity.
Threat Intelligence Layer: Aggregates threat actor TTPs, malware indicators, campaign tracking, and emerging attack patterns. Maps external threat landscape to your specific environment. One of Serpentine's seven intelligence layers.

Validation: The process of confirming that a security control actually works as intended, typically through testing rather than configuration review alone.
Validation Loop: Serpentine's core workflow: detect issues → harden defenses → validate with offense → govern continuously. Each step informs the others through the security graph.