Taxonomy — canonical category set

GENERATED from taxonomy.yaml by scripts/gen_taxonomy_md.py — do not edit by hand.

taxonomy.yaml is the machine source of truth for category slugs, layers, adoption tiers, and controlled vocabularies (see SCHEMA.md). The layer-cake blog doc remains the spine (Foundation → Data → Model/Prompt → Retrieval → UX → Governance → Policy/Process); the survey categories map into it.

Legend — Tier: day-1 (before any AI in production) · day-2 (once scaling/agents) · situational (depends on deployment pattern; see trigger) · firm-type-specific · practice (a process, not a purchase). Agent-sec = agent_security_context: the lethal trifecta is a core concern for this category (SCHEMA.md §0); trifecta framing elsewhere fails editorial lint.

Counts: 42 canonical categories across 7 layers.


Foundation layer

slugdisplay nametieragent-sectriggersurvey questionnotes
identity-accessIdentity & Access (IdP/SSO)day-1any users at all — the human + agent front doorGeneral IdentityEntra, Okta, Ping, ForgeRock.
non-human-identityNon-Human / Agent Identity Governanceday-2agents and workloads hold their own credentials and call toolsNon-Human Identity / Agent Identity GovernanceNHI: secrets-less workload + agent identity. CyberArk, Astrix, Aembit, Oasis, Token, Natoma, Entro, Clutch.
identity-governanceIdentity Governance & Visibility (IGA / ISPM)day-2enough headcount/apps that joiner-mover-leaver and access certs need automationIdentity Governance & Visibility (IGA / ISPM)SailPoint, Saviynt, Veza, CyberArk, ConductorOne, Lumos, Linx, Hydden.
secrets-managementSecrets Managerday-1any code or agent that authenticates to anythingSecrets ManagerVaulting + rotation. Key Vault, HashiCorp Vault, AWS/GCP, Conjur, 1Password, Doppler, Infisical.
siem-socEnterprise Logging / SIEM / SOCday-1table stakes — you cannot investigate what you did not logSIEM/SOAR/SecOpsSentinel, Splunk, Cortex XSIAM, Sumo, ELK, Google SecOps, LogScale.
ai-soc-analystsAI SecOps / Agentic SOC Analystsday-2SOC alert volume outgrows analyst headcountAI SOC analystsMerges doc ‘AI SecOps’ + CSV ‘AI SOC analysts’ (same vendors). Prophet, Dropzone, 7AI, Radiant, Simbian, Charlotte, Cortex AgentiX, Jazz, Torq.
edr-xdrEDR / XDRday-1table stakes — usually already deployedEDR / XDRCrowdStrike, Defender, SentinelOne, Cortex XDR.
network-security-saseNetwork Security / SASE (SSE)day-1table stakes — the TLS-inspecting egress path AI traffic rides onAI-aware Network Security (SSE/SASE)Palo Alto, Zscaler, Netskope, Cloudflare, Cisco, Cato, Forcepoint.
sspmSaaS Security Posture Management (SSPM)day-2SaaS sprawl — many third-party apps with OAuth grants into your tenantSaaS Security Posture Management (SSPM)AppOmni, Obsidian, Adaptive Shield, Grip, Valence, Wing, DoControl.
software-supply-chainSoftware Supply Chain & Coding Securityday-2shipping code; day-1 if shipping AI-generated codeSoftware supply chainSnyk, Semgrep, Endor, Socket, Apiiro, Legit, Aikido, Sonatype, JFrog, GitHub AS, GitLab.
anti-deepfakeSecurity Awareness / Anti-Deepfakeday-2wire-transfer authority + voice/video approval workflows = deepfake exposureAI Antiphishing/deepfake/social engineering defenseAdaptive, Doppel, Reality Defender, GetReal, Pindrop.

Data layer

slugdisplay nametieragent-sectriggersurvey questionnotes
dspmData Classification & DSPMday-1before AI touches internal data you must know what/where the sensitive data isDSPM / Data Security PosturePurview, BigID, Securiti, Cyera, Sentra, Normalyze, Wiz DSPM, Concentric, Bedrock, Immuta, Collibra.
dlpData Loss Prevention (DLP)day-1employees can paste sensitive data into anything with a text boxData Loss Prevention (DLP)Cyberhaven, Nightfall, MIND, Prompt Security, Lasso, Netskope/Purview DLP. CSV merged DSPM+DLP; we keep the split.
data-access-governanceData Access Governanceday-2day-1 if doing RAG over internal permissioned dataData Access GovernanceVaronis, SailPoint DAS, Cyera, Sentra, Concentric, Veza, ConductorOne, Silverfort, Netwrix.

AI model & prompt layer

slugdisplay nametieragent-sectriggersurvey questionnotes
ai-runtime-securityAI Runtime Security (AI Firewall)day-1any self-built LLM app in front of users or data (governed vendor assistants can lag slightly)AI Runtime Security / AI FirewallPrisma AIRS, HiddenLayer, WitnessAI, Pillar, Cisco AI Defense, SplxAI, Aim, Lasso, Enkrypt, CalypsoAI, Lakera, Prompt Security, TrojAI.
ai-gatewayAI Gatewayday-1any LLM API traffic beyond a single vendor SDKAI GatewaySingle exit door for model traffic. Portkey, LiteLLM, Kong, F5, Cloudflare, TrueFoundry, OpenRouter.
llm-observabilityLLM Observability & Evaluationday-1any LLM feature you need to debug, evaluate, or show evidence forLLM Observability & EvalLangfuse, LangSmith, Arize Phoenix, Helicone, Braintrust, Datadog, W&B Weave, Comet Opik, Fiddler, TruLens.
ai-red-teamingAI Red Teaming / Guardrailsday-2self-built AI apps worth adversarially testing before and after launchAI Red Teaming / GuardrailsOffensive testing vs runtime guardrails bundled here — scope-boundary note required. Mindgard, SplxAI, Promptfoo, HiddenLayer, Lakera, Guardrails AI, NeMo Guardrails, Galileo, Patronus, Pangea, Maxim, Haize.
ai-access-governanceAI Access Governance (CASB for AI) / Shadow-AIday-1employees using third-party AI tools (i.e., immediately)Shadow-AI / Insider riskGoverns employees using AI; runtime security protects AI you build. WitnessAI, Harmonic, Aurascape, Nudge, Lanai, Cyberhaven, Wald.ai, Portal26, Zscaler AI Guard, Netskope One, Reco.
ai-spmAI-SPM (AI Security Posture Management)day-2enough AI assets/agents that you need an inventory and posture viewAI-SPM (AI estate inventory & posture)Discover/inventory/govern AI assets & agents. Noma, Wiz AI-SPM, Prisma AIRS, Cranium, Quilr, Zenity, Reco, Nudge, Torq.
agent-runtime-securityAgent Security (Runtime)day-2agents act autonomously with tool access — untrusted input meets real permissionsAgent Security (runtime protection of agents)Runtime protection of agentic apps. Zenity, Lasso, Operant, Apex (acq. Tenable), Straiker.
authorization-engineAuthorization Engine (Agent / Tool)day-2agents or apps need fine-grained, externalized authorization decisionsAuthorization Engine (Agent / Tool)Fine-grained externalized authz. Cerbos, OPA, Styra, Permit.io, AuthZed/SpiceDB, Oso.
mcp-gatewayMCP Gateway / Tool Access Controlday-2agents call tools via MCP; the tool path needs a policy choke pointMCP Gateway / Tool Access ControlKong MCP, agentgateway (Solo.io), Arcade, TrueFoundry MCP, Obot, MintMCP, IBM ContextForge, Docker MCP, Pomerium, Prisma AIRS Agent Gw.
tool-identity-integrationTool Identity & Integrationday-2agents authenticate to SaaS on users’ behalf — managed connectors + agent authTool Identity & Integration (Agent Auth)Composio, StackOne, Arcade, CyberArk, Descope, Stytch, WorkOS.

Retrieval layer

slugdisplay nametieragent-sectriggersurvey questionnotes
content-sourcesEnterprise Content Sourcessituationaldoing RAG over internal documentsSharePoint, OneDrive, Confluence, Google Drive. Infra, not a survey shortlist.
vector-retrievalVector Retrievalsituationaldoing RAGAzure AI Search, Pinecone, Weaviate, OpenSearch.
entitlement-aware-ragEntitlement-Aware RAGsituationalnon-negotiable if doing RAG over internal permissioned dataEntitlement-Aware RAG / Retrieval PermissionsGlean, Microsoft Graph, Knostic.

User experience layer

slugdisplay nametieragent-sectriggersurvey questionnotes
enterprise-ai-assistantEnterprise AI Assistantday-1the chatbot people actually use — first AI purchase for most firmsEnterprise AI AssistantChatGPT Enterprise, Claude Enterprise, M365 Copilot, Gemini Enterprise, Amazon Q, Perplexity, Glean.
third-party-ai-appsThird-Party AI Appspracticedomain AI tools adopted outside the core assistant — route via the gatewayProcess/architecture pattern, not a single shortlist.
enterprise-browserEnterprise BrowsersituationalBYOD / contractor access, or browser-level AI controls beyond SASEEnterprise Browser SecurityIsland, Prisma Access Browser, Menlo, Seraphic, Red Access, Chrome Enterprise Premium, Edge for Business.
browser-security-extensionBrowser Security Extensionsituationalwant browser-level AI/data controls without replacing ChromeEnterprise Browser SecurityBolt-on to existing Chrome. LayerX, Material, Grip. Often either/or with enterprise browser.

Governance layer

slugdisplay nametieragent-sectriggersurvey questionnotes
ai-governance-platformAI Governance / Model Risk & Compliancefirm-type-specificday-1 for bank-affiliated / model-validation-mandated (SR 11-7) firms; day-2 otherwiseAI Governance, Model Risk & ComplianceCredo AI, Holistic AI, ModelOp, Fairly AI (now Asenion), Monitaur, IBM watsonx.governance, Vanta, CalypsoAI, GovernGPT.
enterprise-grcEnterprise GRCday-1usually already owned — extend existing GRC to AI riskEnterprise GRCServiceNow GRC, Archer, LogicGate, AuditBoard, OneTrust, Onspring.
vendor-riskThird-Party / Vendor Risk + Cyber Ratingsday-1extend existing TPRM to AI vendors and AI features of existing vendorsVendor RiskProcessUnity, SecurityScorecard, BitSight, Black Kite, UpGuard.
comms-surveillanceComms Surveillancefirm-type-specificregistered advisers / regulated comms (MAR/MNPI) — hedge-fund-criticalComms SurveillanceSurveillance/analysis, NOT capture/archival — scope-boundary note required. Behavox, SteelEye, NICE Actimize, Theta Lake, Shield, Relativity Trace.
ephemeral-environmentsEphemeral Environmentspracticeunderpins trust-zone design — disposable compute for risky AI workGitHub Codespaces, Azure Dev Boxes, Terraform Cloud, Cloudflare Workers.
policy-as-codePolicy-as-Codeday-2guardrails you want enforced by software, not documentsOPA, HashiCorp Sentinel, Kyverno.

Policy / process layer

slugdisplay nametieragent-sectriggersurvey questionnotes
trust-zone-segmentationTrust Zone Segmentationpracticethe organizing idea — red/yellow/green zones for agentic AIZone design keeps untrusted input, sensitive data, and egress from combining in one agent context.
risk-tiersRisk Tierspracticeclassify AI use cases by stakes before controls can be proportionateClassify AI use cases by stakes.
promotion-gatesPromotion GatespracticeCI/CD sign-off between experiment and productionSign-off between experiment and production.
hitl-approvalsHITL Approvalspracticehuman-in-the-loop on consequential agent actionsHuman sign-off on consequential agent actions.
acceptable-use-policiesAcceptable Use Policiespracticethe cheapest control there is — write it down firstThe cheapest control there is.

Bundled CSV entries split into separate vendor pages

Per CLAUDE.md §3. Recorded in log.md.

  • 1Password / Doppler / Infisical1password, doppler, infisical
  • OPA / Styraopen-policy-agent (project) + styra (commercial company)
  • Immuta / Collibraimmuta, collibra
  • Obot / MintMCPobot, mintmcp
  • Promptfoo (acq. by OpenAI)promptfoo

Cross-listed vendors (one page, multiple categories)

Notable multi-category vendors: Palo Alto Networks (Prisma AIRS, Cortex, Prisma Access, Portkey), CyberArk (NHI, IGA, secrets, tool-identity), HiddenLayer (runtime + red-teaming), Cyberhaven (DLP + shadow-AI), WitnessAI (runtime + access-governance), Lasso (runtime + agent + DLP), Zenity (AI-SPM + agent-runtime), Veza (IGA + data-access-governance), OneTrust (GRC + governance

  • DSPM), Reco / Nudge Security (AI-SPM + shadow-AI), Wiz (DSPM + AI-SPM), Glean (assistant + entitlement-aware-RAG).