Learn · Glossary
The Mizanic glossary.
Plain-English definitions for the terms we use across services and products. Bookmark this when an auditor asks ‘what does that mean, exactly?’
- Agentic DevOps
- DevOps where an autonomous agent runs the observe-diagnose-draft-gate-ship loop — watching infrastructure, drafting IaC changes as pull requests, and shipping fixes through human-approval gates. Consensus is Mizanic's agentic DevOps product.
- Agentic pentesting
- Penetration testing where an autonomous agent drives discovery, exploitation, and finding-shaping continuously across web, API, and cloud surfaces — versus the traditional one-shot, point-in-time engagement. Naqid is Mizanic's agentic pentesting product.
- AI agent
- Software that takes goal-shaped instructions, picks its own tools, and runs multi-step work autonomously. Distinguished from an AI feature, which wraps an LLM call inside a flow where the user stays in the loop.
- AI-leveraged delivery
- An engineering practice where AI is woven across the SDLC — design, code, review, ops — to compress timelines without diluting quality. Requires production discipline (evals, guardrails, observability) to capture the speed without dropping craft.
- AWS landing zone
- A pre-architected, multi-account AWS foundation that codifies guardrails, networking, identity, logging, and billing so workloads can be deployed safely from day one. Typically built with Control Tower plus custom guardrails for the regulatory bar.
- AWS Well-Architected review
- A formal AWS-defined review of a workload against the six Well-Architected pillars — operational excellence, security, reliability, performance efficiency, cost optimization, sustainability — producing a written assessment and remediation backlog.
- Blast radius
- The scope of damage a single change, failure, or compromise can cause. Engineering judgement treats blast radius as a first-class concern: guardrails, account boundaries, and IAM scope all exist to bound it.
- CIS Benchmarks
- Configuration baselines published by the Center for Internet Security. Level 1 covers general production hardening; Level 2 covers high-sensitivity workloads. Mizanic Marketplace images ship aligned to CIS Level 1 or Level 2 with documented exceptions.
- Continuous pentesting
- Penetration testing run continuously rather than annually — typically driven by an agent (e.g. Naqid) that builds context across runs and ships findings as remediation tickets the day they're discovered.
- DefinedTermSet
- The Schema.org type used to mark up a glossary so search engines and AI engines can extract terms and definitions as a structured entity. This page emits a DefinedTermSet with one DefinedTerm per entry.
- E-E-A-T
- Experience, Expertise, Authoritativeness, Trustworthiness — Google's quality framework. For a technical-services brand it shows up as named authors, biographical depth, verifiable credentials, and outbound citations to authoritative sources.
- Eval harness
- A test suite for AI features and agents — datasets, scoring functions, and runners — tied to the actual workflow rather than toy benchmarks. The gap between a demo and a production agent is usually the eval harness.
- FinOps
- Cloud financial operations — tagging, allocation, budget guardrails, and cost-anomaly detection — treated as an engineering discipline rather than a finance afterthought. Mizanic delivers FinOps programmes alongside landing zones.
- GuardDuty
- AWS-managed threat-detection service that continuously monitors CloudTrail, VPC Flow Logs, and DNS for anomalous behaviour. A standard component of Mizanic-delivered security accounts inside an AWS landing zone.
- Guardrail
- A policy, control, or check that constrains what an automated workflow (or human) can do without explicit approval. Guardrails are how agentic systems stay safe — Consensus respects existing guardrails rather than inventing its own.
- HIPAA
- The U.S. Health Insurance Portability and Accountability Act. The Security Rule sets administrative, physical, and technical safeguards required for protected health information (PHI). Mizanic delivers HIPAA-aligned environments on AWS and Azure.
- HITL (Human-in-the-loop)
- A design pattern where an autonomous workflow pauses for a human decision at defined gates — approval, escalation, audit. The pattern that lets agentic systems take productive action without ceding consequential decisions to the agent.
- Landing Zone Accelerator
- An AWS reference solution for building production-ready multi-account landing zones. Mizanic builds landing zones using the Accelerator where it fits, and with custom guardrails where the regulatory bar pushes beyond it.
- Naqid
- Mizanic's agentic pentesting product. Continuous offensive testing across web, API, and cloud surfaces, returning findings as remediation tickets mapped to HIPAA, PCI, SOC 2, or ISO 27001 — live in fintech and healthcare client engagements.
- OWASP Top 10 for LLM Applications
- The OWASP project cataloguing the most critical risks specific to LLM-powered applications — prompt injection, insecure output handling, training-data poisoning, model denial-of-service, supply-chain risk, and more. A baseline for AI security work.
- Private AI
- Self-hosted LLM inference and retrieval inside the customer VPC, with no third-party API calls or model telemetry leaving the account. Mizanic Marketplace ships a hardened Private AI image with vLLM/Ollama, GPU drivers, and no-egress defaults.
- SOC 2
- A trust-services audit under the AICPA framework. Type 1 reports the design of controls at a point in time; Type 2 reports the operating effectiveness of those controls over a period. Mizanic delivers SOC 2 readiness work; an independent CPA firm runs the audit.
- Trust strip
- The row of client logos on a B2B services site that signals real engagements. Mizanic's trust strip names Evercare Bahrain, CoWrkr AI, Magnolia Impact, Payhuddle, UpGrad, and Intellipaat.
- VAPT
- Vulnerability Assessment and Penetration Testing. A combined service — surface discovery via scanning plus manual or agent-driven exploitation. Mizanic delivers VAPT as a fixed-cycle engagement and continuously via Naqid.
- WebApplication / SoftwareApplication
- Schema.org types used to mark up software products. Mizanic Consensus and Naqid emit SoftwareApplication JSON-LD so Google and AI engines treat them as discrete product entities rather than generic pages.
Want one of these as a working session?
If a term in this glossary sits on your roadmap — a landing zone, a SOC 2 readiness, an agentic-pentesting trial — get in touch and we'll talk through it.