Security Glossary

Short, quotable explanations of the security terms AI-assisted product teams keep running into. Each entry translates jargon into practical release risk.

Token validation wireframe showing signature and claim validation path.

01Security GlossaryApril 9, 2026

What Is JWT Token Forgery and Claim Spoofing?

JWT claim spoofing occurs when token claims are trusted without robust signature, issuer, audience, and context validation.

Authorization model comparison wireframe across role, attribute, and row-level controls.

02Security GlossaryApril 8, 2026

What Is RBAC vs ABAC vs FGAC?

RBAC controls by role, ABAC by attributes, and FGAC by fine-grained object/field-level policy enforcement.

Dark wireframe showing a broken Stripe secret key with leaked payment impact symbols and exposed credential paths.

03Security GlossaryApril 8, 2026

What Is Stripe Secret Key Exposure?

Stripe secret key exposure occurs when privileged API credentials become reachable from frontend, logs, or insecure server responses.

Agent control-plane wireframe with policy gates and monitoring layers.

04Security GlossaryApril 7, 2026

What Is AI Agent Security Best Practice in 2026?

Production-grade agent security requires strict tool permissions, context provenance controls, and runtime policy enforcement.

Risk map wireframe of major OWASP-aligned LLM attack classes.

05Security GlossaryApril 6, 2026

What Is OWASP LLM Top 10 (2026) for Founders?

The OWASP LLM risk model maps practical exploit classes such as prompt injection, excessive agency, and tool-chain trust failures.

Server action security wireframe across form inputs, identity, and data writes.

06Security GlossaryApril 5, 2026

What Is Next.js Server Action Security?

Server Actions are server-executed functions, but they still require explicit authorization and input ownership validation.

Key leakage wireframe from server context into public client paths.

07Security GlossaryApril 4, 2026

What Is Supabase Service Role Key Exposure?

Service-role key exposure grants bypass-level access and can invalidate row-level protections if leaked to client or logs.

Two-lane SAST vs DAST wireframe showing potential risk from static analysis versus validated exploit paths from runtime testing.

08Security GlossaryApril 3, 2026

What Is SAST vs DAST for AI-Built Apps?

SAST identifies potential insecure patterns in code; DAST validates exploitability in running application behavior.

Live attack path simulation wireframe across API and data layers.

09Security GlossaryApril 2, 2026

What Is Runtime Exploit Simulation?

Runtime exploit simulation validates whether a vulnerability is actually exploitable in the live application behavior path.

Protocol trust boundary wireframe between agent and tool servers.

10Security GlossaryApril 1, 2026

What Is Model Context Protocol (MCP) Impersonation Attack?

MCP impersonation is an attack where a rogue server mimics a trusted tool endpoint to intercept or manipulate agent traffic.

Agent objective flow diagram with malicious branch takeover.

11Security GlossaryMarch 31, 2026

What Is Agent Goal Hijacking?

Agent goal hijacking is a stateful attack that shifts an agent from authorized objective execution to attacker-directed actions.

Agent pipeline wireframe showing malicious content flowing into model context.

12Security GlossaryMarch 30, 2026

What Is Indirect Prompt Injection in AI Agents?

Indirect prompt injection occurs when malicious instructions hidden in external data are executed by an agent as trusted context.

Authorization flow wireframe across client, server, and data layers.

13Security GlossaryMarch 29, 2026

What Is Broken Access Control in AI-Built Apps?

Broken access control means authenticated users can perform actions or access resources outside their intended privilege boundary.

Dark security wireframe showing object ID request paths and authorization checks.

14Security GlossaryMarch 28, 2026

What Is BOLA (IDOR) Vulnerability?

BOLA happens when changing an object ID grants access to data or actions outside the authenticated actor's scope.

Dark database wireframe with row-level access lanes highlighted.

15Security GlossaryFebruary 26, 2026

What Is Row Level Security (RLS)?

RLS is the database policy layer that enforces row-by-row authorization at query time, even when API routes or frontend checks fail.

Security Glossary

Run a scan after you review this section.

These guides explain the pattern. Ubserve checks whether the same issue is live in your app and returns fix-ready evidence.

Start free scan View pricing