The process of breaking down large documents into smaller, semantically meaningful segments. Proper chunking preserves context while staying within AI model token limits.

The maximum amount of information (measured in tokens) that a language model can process in a single request. Different models have different context windows—some handle a few thousand tokens, while newer models can process hundreds of thousands. The context window includes both your input and the model's response.

Numerical representations of text that capture semantic meaning. Similar concepts have similar embeddings, enabling computers to understand that "car" and "automobile" mean the same thing.

A graph-based algorithm for approximate nearest neighbor search in high-dimensional spaces. HNSW enables fast vector search on millions of embeddings with sub-50ms response times.

A type of AI model trained on vast amounts of data to understand and generate responses. LLMs accept input data (instructions and needed information) and configuration settings (parameters like temperature for randomness and max tokens for length) to produce outputs. Frontier models from providers like OpenAI, Anthropic, and Google have billions of parameters and excel at complex reasoning, while smaller models are faster and cheaper for simple tasks.

A natural language processing technique that identifies and classifies named entities in text (people, organizations, locations, dates, etc.). NER extracts structured information from unstructured text.

An AI architecture that combines information retrieval with text generation. RAG systems first search for relevant documents, then use that context to generate accurate, grounded responses.

The basic unit of text that language models process. Tokens are typically words or word fragments—for example, "chatbot" might be one token, while "extraordinary" could be split into "extra" and "ordinary". Most LLMs have token limits that constrain how much information they can process at once.

A search method that finds documents based on semantic similarity rather than exact keyword matches. Vector search uses embeddings to understand meaning and context.

A set of rules and protocols that allow different software applications to communicate. APIs define how requests should be formatted and what responses to expect.

A resilience pattern that prevents cascading failures by stopping requests to a failing service. Like an electrical circuit breaker, it "opens" when failures occur and "closes" when the service recovers.

A property where an operation produces the same result regardless of how many times it's executed. Idempotent APIs prevent duplicate actions when requests are retried.

Data that describes other data—such as file names, dates, tags, or document properties. Metadata helps organize and find information but doesn't contain the actual content.

An architectural style that structures an application as a collection of loosely coupled, independently deployable services. Each service handles a specific business function.

A software architecture where a single instance of an application serves multiple customers (tenants). Each tenant's data is logically isolated from other tenants, even though they share infrastructure.

A technique to control the number of requests a client can make to an API within a time window. Rate limiting prevents abuse, ensures fair usage, and protects system resources.

A server push technology that allows servers to send real-time updates to clients over a single HTTP connection. SSE is simpler than WebSockets for one-way communication.

Computer memory that requires power to maintain stored data. When power is lost or a process ends, volatile memory is automatically cleared. RAM (Random Access Memory) is the most common type.

HTTP callbacks triggered by specific events. Webhooks allow applications to notify other systems when something happens, enabling real-time integrations.

A symmetric encryption algorithm adopted by the U.S. government as the standard for encrypting sensitive information. AES-256 uses 256-bit keys, making it virtually unbreakable with current technology.

A model where customers use their own API keys for external services rather than relying on a provider's shared access. BYOK gives organizations direct control, usage visibility, and cost management.

Encrypted data that appears as scrambled, unreadable text. Ciphertext can only be converted back to plaintext (decrypted) using the correct encryption key.

U.S. government standards for cryptographic modules. FIPS 140-2 Level 3 requires physical tamper-evidence and identity-based authentication for accessing cryptographic keys.

An authenticated encryption mode that provides both confidentiality and authenticity. GCM detects if encrypted data has been tampered with, preventing malicious modifications.

A cryptographic function that derives multiple keys from a single master key. HKDF creates unique keys for different purposes without storing them separately.

A physical computing device that safeguards and manages cryptographic keys. HSMs are tamper-resistant and provide a secure environment for key generation and encryption operations.

A cloud service that manages cryptographic keys for applications. KMS handles key creation, rotation, and access control, removing the burden of manual key management.

A "number used once"—a random value used in cryptographic operations to ensure the same data encrypted multiple times produces different outputs. Prevents pattern analysis attacks.

A padding scheme for RSA encryption that adds randomness and prevents certain cryptographic attacks. OAEP makes RSA encryption more secure against chosen-ciphertext attacks.

Unencrypted, human-readable data. Plaintext can be read by anyone who accesses it without requiring decryption keys.

A public-key cryptosystem used for secure data transmission. RSA uses two keys: a public key for encryption and a private key for decryption.

Random data added to inputs before hashing or encryption. Salts ensure that identical inputs produce unique outputs, preventing rainbow table attacks and pattern recognition.

A temporary encryption key used for a single session or transaction. Session keys are generated on-demand and discarded after use, limiting exposure if compromised.

A cryptographic protocol that provides secure communication over a network. TLS 1.3 is the latest version, offering improved security and performance.

A geographically distributed network of servers that cache and deliver content closer to users. CDNs reduce latency and improve load times by serving static assets from nearby locations.

A fully managed serverless platform on Google Cloud that runs containerized applications. Cloud Run automatically scales from zero to thousands of instances based on traffic.

Object storage for unstructured data like documents, images, and backups. GCS provides high durability (99.999999999%) and encryption at rest by default.

A PostgreSQL extension that adds vector similarity search capabilities. pgvector stores embeddings and performs efficient nearest-neighbor searches using HNSW indexes.

An open-source relational database known for reliability, data integrity, and advanced features like JSON support and full-text search. PostgreSQL is ACID-compliant and highly extensible.

An in-memory data store used for caching, session management, and real-time analytics. Redis provides sub-millisecond response times by storing data entirely in RAM.

A database security feature that restricts which rows a user can access based on policies. RLS enforces data isolation at the database level, preventing accidental data leakage.

The process of removing or masking personally identifiable information from datasets. Proper anonymization makes it impossible to identify individuals from the data.

California state law that grants consumers rights over their personal data, including the right to know what data is collected, the right to delete data, and the right to opt out of data sales.

European Union regulation that governs data privacy and gives individuals control over their personal data. GDPR requires explicit consent, data portability, and the right to be forgotten.

U.S. regulation that protects sensitive patient health information from disclosure without consent. HIPAA applies to healthcare providers, not individuals managing their own health records.

Any information that can identify a specific individual—including names, addresses, phone numbers, email addresses, Social Security numbers, and more. PII requires special protection under privacy laws.

A security model where the service provider has no knowledge of the data being stored. Even administrators cannot access user data without the user's encryption keys.