Key Concepts
Components
AIOStack is made up of data plane components that run inside your environment and control plane components that run in Aurva's infrastructure.
Observer (data plane)
The eBPF-based DaemonSet agent that runs on every node in your cluster. It attaches kernel-level probes (sock_ops, kprobe, tc, uprobe) to capture network traffic and system calls without modifying any application code. The observer reconstructs application-layer protocols from raw packets and feeds a structured event stream to the outpost.
Outpost (data plane) The cluster-side service that receives events from the observer, enriches them with cloud and identity context, and forwards telemetry to the Aurva control plane. The outpost also performs cloud API calls (IAM, RDS, S3) to build the datasource and identity inventory.
Commander (control plane)
The Aurva control plane endpoint (hq.aurva.ai:443) that the outpost connects to. It receives telemetry, runs detection logic, and powers the console.
Intelligence (control plane) The control plane component responsible for threat intelligence. It enriches runtime events with context from threat feeds, known-bad destinations, and behavioral models to surface higher-confidence findings.
Emissary (control plane) The API gateway layer for the Aurva platform, managing inbound API traffic, authentication, and routing between platform services.
Comms (control plane) Handles outbound communications from the Aurva platform — alert delivery, webhook dispatch, and notification routing to configured destinations such as Slack, email, or ticketing systems.
Discovery & Inventory
AI Workload Any application, service, or container that makes LLM API calls, uses ML frameworks, or exhibits agentic behavior. AIOStack discovers these automatically without requiring labels or annotations.
Shadow AI AI workloads running in your environment that were not formally registered, approved, or disclosed — discovered by AIOStack through runtime observation rather than configuration.
Agent An autonomous AI process that uses tools, makes sequential decisions, and interacts with external services or data stores to complete a goal. AIOStack tracks agent identity, tool use, data access, and downstream destinations.
MCP Server A service implementing the Model Context Protocol, used by agents to expose tools and resources. AIOStack detects MCP endpoints and the tool invocations made against them.
Vector Store A database optimized for embedding-based retrieval — Pinecone, Weaviate, Qdrant, pgvector, and others. AIOStack tracks which workloads query vector stores and correlates this with broader agent workflows.
Identity
Non-Human Identity (NHI) Any identity that is not a human user — a Kubernetes service account, AWS IAM role, GCP service account, or API key used by an application or agent. NHIs are a primary focus of AIOStack's identity chain mapping.
Identity Chain The full sequence of identities involved in a single request or workflow: human initiator → agent → orchestrator → service account → database principal → destination. AIOStack reconstructs this chain from runtime evidence.
IRSA (IAM Roles for Service Accounts) The AWS mechanism that allows a Kubernetes service account to assume an AWS IAM role. AIOStack uses IRSA for its outpost to call read-only cloud APIs.
Workload Identity The GCP equivalent of IRSA — allows a Kubernetes service account to impersonate a GCP service account without static credentials.
Service Account A Kubernetes identity used by pods and workloads to interact with the Kubernetes API and, via IRSA or Workload Identity, with cloud services. AIOStack maps service accounts to the AI workloads using them.
Data & Datasources
Datasource A database, S3 bucket, RDS instance, or other data store that AIOStack has inventoried. Datasources are linked to the AI workloads and identities that access them.
Sensitive Data Data classified as PII, PHI, PCI, credentials, or other high-sensitivity types. AIOStack tracks which datasources contain sensitive data and which workloads access them.
Data Flow The observed path that data takes from a datasource through an identity or agent to a destination. AIOStack records these flows to make sensitive data movement visible.
Egress Destination Any external endpoint that an AI workload sends data to — an LLM provider API, a third-party SaaS tool, an S3 bucket, or an unknown internet destination. Novel or unexpected egress destinations are flagged automatically.
Detection & Security
Runtime Evidence Observed telemetry captured from actual execution — network calls, system calls, query patterns, data movement — as opposed to static configuration or policy definitions. AIOStack's detections are grounded in runtime evidence.
Appropriateness Whether a given data access is contextually justified — taking into account the agent's intended purpose, the sensitivity of the data, the timing, the volume, and the destination. Authorized access that fails the appropriateness check is flagged as a finding.
Purpose Drift When an agent's observed behavior diverges from its intended function — for example, an agent designed to answer support queries begins querying customer financial records. AIOStack detects purpose drift by comparing runtime behavior against established baselines.
Prompt Injection An attack where malicious content in data retrieved by an agent manipulates the agent's behavior. AIOStack detects data access patterns consistent with prompt injection workflows.
Novel Destination An egress endpoint that a workload has not contacted before, or that falls outside expected destinations for that workload's role. Novel destinations are surfaced as findings for review.
Policies & Governance
Least Privilege The principle that every identity should have only the permissions it actually needs. AIOStack supports least privilege enforcement by comparing granted permissions against observed runtime usage and surfacing over-provisioned identities.
Permission Drift When an identity's actual usage diverges significantly from its granted permissions — typically because permissions were granted broadly and never reviewed. AIOStack uses runtime evidence to identify and remediate permission drift.
Finding A detected event or pattern that warrants review — a novel egress destination, a first-time sensitive data access, purpose drift, or a policy violation. Findings are surfaced in the Aurva console with supporting runtime evidence.