Prompt injection
An attack that manipulates an agent through crafted input (in a prompt, a tool result, or retrieved content) to make it act against policy.
Part of the Agent Control Fabric: Highflame's identity, policy, and enforcement substrate for AI agents.
Keep exploring the glossary.
Red teaming
Continuous adversarial testing of AI systems (jailbreaks, extraction, manipulation) with findings turned into enforcement policy and re-scanned to prove the fix.
Read →RFC 8693 (token exchange)
The standard that lets one token be exchanged for another with attenuated scope: the basis for verifiable agent-to-agent delegation.
Read →Scope attenuation
Narrowing permissions at each delegation hop so a sub-agent can never hold more authority than the agent that delegated to it.
Read →Shadow agents
Agents running across clouds, IDEs, and SaaS that no one inventoried or assigned an owner: the unmanaged majority of an enterprise's agent footprint.
Read →SPIFFE / WIMSE
Open standards for verifiable workload identity. Highflame extends them with agent-shaped claims for delegation, trust, and attribution.
Read →Trust tier
A provenance-based level on an agent's identity (first-party/attested, verified third-party, or unverified) that gates what the agent is eligible for and tightens its policy. It is a verified input to every decision, never a bypass: each action is still authorized per request, so there is no implicit trust.
Read →