Private AI Security Glossary: Plain-English Definitions

Private AI security hides behind a wall of acronyms — air gap, RBAC, TLS, OWASP LLM01 — that mostly stand for simple, sensible ideas. This is our plain-English glossary of the terms that come up when you keep your model, prompts, and documents on hardware you own. Each definition is one or two sentences, with no hype and no fake precision, and where a term deserves a deeper answer we link to the guide that explains it.

Secure My Private AI Call 832-338-2926

Network isolation: keeping the box off the internet

The terms that describe how far you cut the AI server off from the outside world — the first layer of control. The air-gapped AI server guide goes deeper on the strongest tier.

Air gap: A machine with no physical or network path to the public internet — data can only move via media you carry. It is the strongest isolation tier, and the right call for the most sensitive work. See the air-gapped AI server guide for who actually needs it.
LAN-only inference: The AI model answers only to devices on your local network, with no outbound calls leaving the building. It is the sensible default for most businesses — strong isolation without the inconvenience of a full air gap.
VLAN segmentation: Splitting your network into isolated zones so the AI server can only talk to what it needs to. It limits the blast radius if any one device is compromised, which is why it is part of every serious on-prem build.

Identity and access: who can do what

The controls that decide who reaches the AI and what they can do once they are in — the layer people skip most often. The AI access control guide covers the roles in detail.

RBAC (role-based access control): Granting permissions by job role — user, admin, auditor — instead of giving everyone the same access. It is the fix for the most common self-hosted mistake, "everyone is admin." See the access control guide.
SSO (single sign-on): One central login that grants access across systems, so credentials are not scattered or reused. It means a departing employee can be cut off everywhere at once, from one place.
MFA (multi-factor authentication): Requiring a second proof of identity — like a code or a hardware key — beyond a password. It closes the gap a leaked or guessed password would otherwise open on an inference endpoint.

Encryption and keys: protecting the data itself

The three questions that matter — data on disk, data on the wire, and where the keys live. More in the encryption for private AI guide.

Encryption at rest: Scrambling data stored on disk — commonly AES-256 — so a stolen drive is unreadable. It protects you when hardware walks out the door, though not while the system is running and unlocked. See the encryption guide.
Encryption in transit: Protecting data moving across the network — commonly TLS 1.3 — even inside your own LAN. "Internal" traffic still passes other devices, so encrypting it closes a quiet eavesdropping gap.
Key management: How encryption keys are stored, rotated, and controlled — the part that actually keeps encryption meaningful. The strongest cipher is useless if the key sits next to the data it protects.

Threats and the LLM attack surface

The named risks that come with running a model — and the honest note that owning the box does not erase all of them. The OWASP LLM Top 10, explained walks through each one.

Prompt injection: Tricking an LLM with crafted input so it follows an attacker's hidden instructions instead of yours (OWASP LLM01). Going local does not fix it — it is a design-level risk, so we reduce the blast radius with output handling and least agency.
Indirect prompt injection: Hidden instructions planted in a document, web page, or image that the model reads and obeys. It is the real exposure for document-AI and RAG pipelines, where the model ingests files it did not write.
OWASP Top 10 for LLM Applications: A community-maintained list of the most critical LLM security risks (2025 edition, LLM01–LLM10) that a serious build designs against. See the full plain-English rundown.
Excessive agency: Giving an AI agent more permissions or autonomy than the task needs, widening the damage if it is misused (LLM06). The fix is least privilege — let the agent do only what its job actually requires.
Sensitive information disclosure: An LLM revealing data it should not, such as other users' inputs or secrets (LLM02). This is one risk where keeping the model on-prem genuinely helps, because there is no vendor holding your inputs.
Shadow AI: Staff quietly using unapproved public AI tools, leaking company data without anyone signing off. It is the data leak most owners do not know they have — and a sanctioned in-house assistant is the cure.

Auditability and your data

Where the data lives, who touched it, and the records you can hand an auditor — the proof layer that turns control into evidence.

Data residency: Where your data physically lives. With on-prem AI it is a server in your building you can point at, not an unnamed cloud region — the core promise of the whole private-AI approach.
Immutable / tamper-evident logs: Audit records that cannot be silently altered, so you can prove who accessed what. They are the difference between "we think we are fine" and evidence you can put in front of an assessor.
Audit log retention: How long access records are kept; some frameworks, such as HIPAA, expect six years. On-prem means you set and control that retention rather than inheriting a vendor's default.
Vector store: The database of embeddings a RAG system searches. It holds your data and must be secured and encrypted like any other store — an easily forgotten spot that the OWASP list flags as LLM08.

Compliance terms, honestly framed

The frameworks a Texas business actually faces — and the one distinction that matters most. TIS builds infrastructure that supports these programs; it does not certify your organization. Your auditor, assessor, or counsel handles sign-off.

TDPSA: The Texas Data Privacy and Security Act, effective July 1, 2024 — Texas's consumer data-privacy law. It largely exempts small businesses (by the SBA definition), though consent is still required to sell sensitive personal data. Confirm your status with counsel.
HIPAA Security Rule: Federal rules for safeguarding electronic protected health information (ePHI): access control, encryption, and audit logs. On-prem AI keeps ePHI in your building with those controls, supporting — not replacing — your compliance program.
CMMC: Cybersecurity Maturity Model Certification — the DoD program (final rule 2025) for contractors handling FCI/CUI, built on NIST SP 800-171. On-prem controls support the effort, but a C3PAO or self-assessment performs the assessment, not us.
Supports compliance vs. certifies: Infrastructure can support a framework by providing controls and evidence; only an auditor or assessor can certify an organization. This is the honesty boundary we hold to on every compliance-adjacent page.

Resilience: what happens if the box dies

The terms that answer the single biggest objection to owning your AI outright — a single-site server's continuity is yours to plan.

Disaster recovery (DR): Your plan and capability to restore the AI service after hardware failure or disaster. On-prem means you own continuity, so a real DR plan — not just a backup — is what turns a failure into an inconvenience.
RTO / RPO: Recovery Time Objective (how fast you are back up) and Recovery Point Objective (how much data you can afford to lose). Setting both in plain numbers is how a DR plan stops being a vague promise.

Where to go next

Now that the terms make sense, these guides put them to work:

Start with the threat model — the OWASP LLM Top 10, explained for business owners, with the honest "does on-prem help?" call on each risk.
Lock down who can do what in the AI access control guide — RBAC roles, SSO, and MFA done right.
Make sure the data is actually protected in the encryption for private AI guide — at rest, in transit, and where the keys live.
Weighing the strongest isolation tier? Read the air-gapped AI server guide on when no-internet AI is worth the trade-offs.
Ready to put the controls together? The private AI infrastructure overview ties the whole stack into a machine you own.
Want your team fluent in these terms? That is a AI training conversation.

We turn these terms into controls you can point at

You do not need to master every acronym on this page — that is our job. Tell us the work and the data you need to protect, and we will design the isolation, access, and encryption, then hand-build and install the server here in Texas, on-site from Sugar Land to Katy. See our Texas service areas.

Past the jargon — what does your AI actually need?

Skip the acronym soup. Tell us your data and your obligations, and we will scope a Texas-built private AI you own outright, with the controls explained in plain English.