Defined terms.

An autonomous or semi-autonomous AI system that takes actions in the world on behalf of an organization. The unit of HI-AAF scope is a single deployed agent, not a model or a codebase.

A Human Intelligence employee or contractor formally designated to perform a HI-AAF Assessment. Assessors are bound by an internal independence policy and are rotated off any single customer engagement at a documented cadence.

The maximum scope of harm a single agent action could cause. Measured in record counts, monetary impact, geographic scope, or other domain-appropriate units. HI-AAF requires blast-radius limits to be documented and enforced.

See also: ACT-02

A discrete, testable requirement within a domain. Each control has an ID, a name, a short description, and at higher editions a long-form description and maturity criteria.

The full sequence of prompts, retrievals, tool calls, and intermediate outputs that produced an agent action. HI-AAF requires that decision paths be reconstructable from audit logs.

See also: MON-01

A grouping of related controls. HI-AAF v1.2 has nine domains: GOV, SPC, IAM, INP, ACT, DAT, OUT, MON, MAS.

A material departure of agent behavior in production from the agent's Specification. Drift may be slow (gradual change over weeks) or fast (rapid change driven by a model update or input distribution shift).

See also: MON-02

A written document, produced by a Workshop engagement, that captures the agent's intended behavior, operating envelope, and the questions the assessment must answer. The Charter is the input to every subsequent HI engagement.

See also: practice/workshop

A handoff from the agent to a human reviewer or the customer's own staff, triggered by a documented condition. Escalations are surfaced to the human review queue.

See also: SPC-03 · MON-03

A framework published by an organization that is not a regulator and is not accredited by any government or accreditation body to issue compliance attestations. HI-AAF is an independent framework.

The formal written artifact concluding a HI-AAF Assessment engagement. It states which controls are met, which are partially met, and which are not met, and identifies the maturity level achieved.

See also: practice/assessment

A change to an agent or its operating environment significant enough to require re-attestation against the Specification. Material changes include model version changes, scope expansions, new tool integrations, and changes to escalation triggers.

See also: SPC-07

A five-level grading applied per control: L1 Ad hoc, L2 Documented, L3 Operated, L4 Measured, L5 Continuously Improved. Overall agent maturity is the lowest level achieved across all required controls.

See also: /standard/maturity

The range of inputs, contexts, and tasks within which an agent is fit for use. Outside the envelope, the agent must escalate, refuse, or be supervised.

See also: SPC-02

A check performed before an agent action takes effect — either by a human reviewer or by a deterministic policy engine. Required for irreversible actions above documented thresholds.

See also: ACT-03

The named individual with formal authority and accountability for an agent in production. Has documented authority to suspend the agent at any time.

See also: GOV-01

The operational substrate beneath HI-AAF that captures per-step telemetry, detects drift, and routes decisions to the human review queue. Human Intelligence operates a runtime layer called Bobby.

See also: /platform

A written document — produced under SPC-01 — that captures an agent's intended behavior, its operating envelope, and the conditions under which it must escalate.

See also: SPC-01

Used throughout this site, capitalized, to refer specifically to HI-AAF.

An invocation in which one agent calls another, whether by direct API, message bus, orchestrator pattern, or external A2A protocol.

See also: MAS-02 · MAS-06

The controlling specification for an agent's purpose, scope, authorities, and prohibitions. Maintained under GOV-01 and referenced throughout the framework.

See also: GOV-01 · SPC-01

A unique reference that links every hop in a multi-agent chain to its originating user request, enabling end-to-end traceability.

See also: MAS-06

The right of an affected individual to challenge a consequential agent decision and obtain human review.

See also: OUT-14

A control whose failure precludes HI-AAF Certification regardless of other findings. Critical controls are marked in the framework text.

The model by which an agent acts on behalf of a user or another agent under defined, time-bound, revocable scope.

See also: IAM-05

The ability to produce an intelligible account of the basis for a consequential agent decision.

See also: OUT-13

The degree to which an output is supported by, and traceable to, identified source content.

See also: OUT-01

Persistent or session-scoped storage that the agent reads from or writes to, including conversation memory, vector indexes, and embedding stores.

See also: DAT-10 · DAT-11

The set of agents that cooperate to deliver an outcome, together with the calls and data flows permitted between them.

See also: MAS-01

Input whose characteristics fall outside the distribution represented in the agent's evaluation set or training data.

See also: SPC-02

A logically isolated customer or business unit served by a shared agent infrastructure.

See also: DAT-02 · DAT-11

The (impermissible) propagation of trust through a delegation chain such that a downstream agent exercises authority exceeding its caller's.

See also: MAS-04

A demarcation between content of different trust levels — for example, between user-provided input and content retrieved from a vetted internal corpus. HI-AAF requires that trust boundaries be enforced at every layer.

See also: INP-03 · INP-07