Glossary.

Agent2Agent Protocol. An open standard from the Linux Foundation defining how AI agents discover and call each other; advertised via an Agent Card published at /.well-known/agent-card.json or /.well-known/agent.json. → a2a.dev

Agent Connect Protocol. Part of AGNTCY (Linux Foundation), describes how agents handshake and exchange capability declarations; OpenAPI-described. → agntcy.org

Open-source agent collective stewarded by the Linux Foundation; publishes OASF (Open Agentic Schema Framework) and ACP. → agntcy.org

American Institute of Certified Public Accountants. Publisher of SOC 2. → aicpa.org

AI Bill of Materials. A machine-readable inventory of the foundation models, fine-tunes, training data lineage, and dependencies that power an AI system; analogous to SBOM (software). Referenced as a Compliant sub-axis input on Trustmark.

Agent / AI Optimization. Sometimes used interchangeably with LLMO; refers to optimizing a brand's web presence for being recommended by AI assistants rather than ranked by search engines.

Agent Interaction & Transaction Protocol. Draft pre-v1.0 spec from NEAR AI. → near.ai

Agent Network Protocol. Open-source spec; pairs agent discovery with cryptographic identity at the website layer using W3C DID. → arXiv 2508.00007

Agent Payments Protocol. Defines mandate types (Intent / Cart / Payment Mandate) for agent-initiated transactions.

Application Programming Interface. The standard term for a documented HTTP-callable interface to a service.

Business-to-Business. Standard sales-channel descriptor; Eaccountability's customer base.

Business-to-Business Software-as-a-Service. The category of vendor Eaccountability primarily serves with EVI scans and Trustmark certifications.

A schema.org action type (BuyAction) signaling that a product page is purchasable, paired with OfferCatalog and potentialAction.target=EntryPoint in agentic-commerce patterns. Tracked as an EVI v2 Commerce sub-axis signal. → schema.org/BuyAction

Creative Commons Attribution 4.0 International. The open license under which the EVI and Trustmark methodologies are published. Anyone can use, modify, or build on the spec with attribution. → creativecommons.org/licenses/by/4.0

California Consumer Privacy Act. State-level privacy regulation; cited alongside GDPR in compliance contexts.

Content Delivery Network. Edge-cached delivery infrastructure; relevant for serving the Trustmark verification URL with high availability.

Command-Line Interface. Standard for tools shipped with a terminal-callable executable; Trustmark ships a Python CLI (trustmark-score).

Cloud Security Alliance. Publisher of MAESTRO (multi-agent system threat taxonomy). → cloudsecurityalliance.org

Common Vulnerabilities and Exposures. The standard public catalog of disclosed security vulnerabilities; referenced as a trigger for interim Trustmark re-grading. → cve.mitre.org

Distributed Denial-of-Service / Denial-of-Service. Attack patterns that flood a service to make it unavailable.

Decentralized Identifier. A W3C standard for self-sovereign identifiers (often did:web or did:wba) used by ANP for cryptographic agent identity. → w3.org/TR/did-core

Domain Name System. The internet's name-to-IP resolution protocol; relevant for .well-known URI discovery and verification URL contracts.

Data Universal Numbering System. A nine-digit business identifier issued by Dun & Bradstreet; required on Tier 2 and Tier 3 Trustmark certificates because procurement systems key vendor records on it.

The LLC that publishes EVI and Trustmark, runs the agent-ready directory, and ships the agent-discovery stack. Founded 2026.

Ethereum Request for Comments #8004. An on-chain agent registration standard; queryable by domain.

European Union Artificial Intelligence Act. Risk-tiered EU regulation requiring logging, human oversight, transparency, and conformity assessment for AI systems by risk class. → artificialintelligenceact.eu

Elephant Universal Checklist. Eaccountability's published merchant-metadata schema at /.well-known/euc.json. Renamed from UCP (Universal Commerce Protocol) to avoid conflict with Google's existing UCP.

Elephant Visibility Index. Eaccountability's open methodology for scoring how often and how prominently AI assistants recommend a vendor when a buyer asks a category question. Six axes, 100 points, Bronze / Silver / Gold tiers. CC BY 4.0.

Fortune 100. The 100 largest US companies by revenue; the universe Eaccountability ran a public-proof EVI audit against. 94 of 100 ship no machine-discoverable agent surface as of April 2026.

Financial Industry Regulatory Authority. Self-regulatory body for US broker-dealers; the 2026 FINRA Annual Regulatory Oversight Report includes AI-agent governance requirements (access monitoring, HITL procedures, action logging) that feed the Trustmark Compliant sub-axis. → finra.org

General Data Protection Regulation. EU privacy law (in force since 2018); cited alongside CCPA. → gdpr.eu

Human-In-The-Loop. AI system design pattern requiring human approval before an agent takes a consequential action. Required by FINRA 2026 AI Oversight; tracked as a Trustmark Auditable sub-axis input.

Hypertext Transfer Protocol (Secure). The transport for the entire web; HTTPS is the TLS-encrypted variant. Required for all .well-known discovery surfaces.

Inter-Quartile Range. Statistical measure used in EVI v2 scoring to penalize variance — high IQR across LLM responses means a brand's mention quality is inconsistent.

ISO 42001:2023, AI Management Systems standard. Defines requirements for organizational AI governance: risk assessment, lifecycle management, supplier oversight. Tier 3 Trustmark cert includes a full ISO 42001 alignment document. → iso.org/standard/81230.html

JSON for Linked Data. The schema.org-recommended encoding for structured data; scores higher than Microdata on the EVI Discoverability sub-axis. → json-ld.org

JSON Web Token. Compact signed token format used for authentication and signed manifests.

JSON Web Key Set. The set of public keys a server publishes (typically at /.well-known/jwks.json) so clients can verify JWT signatures.

Hosts AGNTCY, A2A, and several other open-agent standards. → linuxfoundation.org

Large Language Model. The category of AI systems Eaccountability scores brands against (ChatGPT, Claude, Gemini, Perplexity, Copilot).

Large Language Model Optimization. The category of work Eaccountability sells: making a brand discoverable and recommendable inside LLM-powered assistants.

Multi-Agent Environments, Security, Threats, Risks, and Outcomes. CSA's threat taxonomy for multi-agent systems. Cited as a Trustmark Security upstream framework.

Model Context Protocol. Open standard from Anthropic for connecting LLMs to tools and data sources via a uniform JSON-RPC interface. Eaccountability publishes its MCP server at /.well-known/mcp.json. → modelcontextprotocol.io

A permissive open-source software license; the Trustmark reference Python library and EVI Python library are both MIT-licensed (the spec content itself is CC BY 4.0). → opensource.org/license/mit

Adversarial Threat Landscape for AI Systems. MITRE's framework cataloging AI/ML attack tactics (16 tactics, 84 techniques in v5.4). Trustmark Security upstream. → atlas.mitre.org

The team behind AITP.

National Institute of Standards and Technology. US federal standards body; publishes the NIST AI Risk Management Framework (AI RMF 1.0). Trustmark Security upstream. → nist.gov

NIST AI Risk Management Framework 1.0. Lifecycle framework: Govern, Map, Measure, Manage. Trustmark Security and Capability upstream.

New York Department of Financial Services. State financial regulator with cybersecurity rules covering third-party service providers; cited as a Trustmark Compliant upstream input.

Open Agentic Schema Framework. Part of AGNTCY; Linux Foundation-governed.

Open Authorization. Industry-standard delegated-access protocol; OAuth 2.1 + PKCE is the auth model required by the Anthropic MCP security spec. → oauth.net

OpenID Connect. Authentication layer built on OAuth 2.0; metadata served at /.well-known/openid-configuration.

Open machine-readable specification format for REST APIs (formerly Swagger). EVI v2 probes for /openapi.json, /swagger.json, or /v3/api-docs. → openapis.org

Open Worldwide Application Security Project. Publishes the OWASP LLM Top 10 and the OWASP Agentic AI Top 10 — both Trustmark Security upstream frameworks. → owasp.org

Portable Document Format. Output format for all Eaccountability sample reports and Trustmark certificates.

Personally Identifiable Information. Data that identifies a specific individual (name, email, address); central to GDPR/CCPA compliance and the Trustmark Private sub-axis.

Proof Key for Code Exchange. OAuth extension that protects authorization-code flows from interception; required by the Anthropic MCP security spec. → oauth.net/2/pkce

Resource Description Framework in Attributes. Older alternative to JSON-LD for embedding structured data in HTML; tracked as a Discoverability hygiene signal.

Representational State Transfer. The dominant architectural style for HTTP APIs.

IETF spec defining the /.well-known/security.txt format for publishing a security-contact policy. Required (not expired) for full Auditable sub-axis credit. → RFC 9116

IETF spec governing the format of robots.txt; relevant to Cloudflare's "Content Signals Policy" extension. → RFC 9309

IETF spec defining /.well-known/api-catalog for publishing API discovery manifests. → RFC 9727

Request For Proposal. Procurement document buyers issue when shopping for vendors; the procurement-acceptable language on the Trustmark $99 receipt is designed to drop into RFP responses verbatim.

Remote Procedure Call. Generic name for a class of API protocols (gRPC, JSON-RPC, etc.); MCP is JSON-RPC-based.

Really Simple Syndication. Feed format; presence with fresh <updated> timestamps is an EVI freshness signal.

Software-as-a-Service. The delivery model for most Eaccountability customers.

A shared vocabulary of structured-data types (Product, Offer, Organization, BuyAction, etc.) supported by major search and AI engines; the canonical source for the JSON-LD that EVI scores. → schema.org

Software Development Kit. A bundled set of libraries and docs for integrating with a service.

Search Engine Optimization. The traditional discipline of ranking on Google; Eaccountability's positioning is "LLMO is the new SEO."

Service Organization Control 2. AICPA-audited report covering security, availability, confidentiality, processing integrity, and privacy trust services criteria. SOC 2 audits the organization; Trustmark scores the deployed agent. The two are complementary. → aicpa.org SOC 2

Secure Sockets Layer. Predecessor to TLS; the term still appears colloquially.

Original name for what is now OpenAPI; the legacy /swagger.json path is one of the EVI v2 API-discovery probe targets.

Transport Layer Security. Standard cryptographic protocol for encrypted HTTP (HTTPS).

Eaccountability's open standard for scoring AI agent trust. Two axes: Security and Capability. Aggregates OWASP, NIST, ISO 42001, SOC 2, EU AI Act, MITRE ATLAS, CSA MAESTRO, NYDFS, FINRA, and the Anthropic MCP Security Spec. v0.9 RFC, v1.0 locks 2026-06-22. CC BY 4.0; reference Python library MIT.

Universal Commerce Protocol. Eaccountability's prior name for what is now EUC (Elephant Universal Checklist). Renamed because Google's UCP exists and the conflict was confusing buyers.

Uniform Resource Identifier. Generalization of URL.

Uniform Resource Locator.

Verifiable Credentials. W3C standard for cryptographically signed claims; an issuer endpoint is referenced via the service array on a DID document. → w3.org/TR/vc-data-model

World Wide Web Consortium. Web standards body; publishes DID, Verifiable Credentials, WebMCP. → w3.org

Browser API surface for the Model Context Protocol; W3C Community Group deliverable. Distinct from the MCP server protocol — WebMCP runs in the page context.

IETF standard URI prefix (/.well-known/<name>) for publishing site-level discovery metadata. Eaccountability uses it for mcp.json, agent.json, agent-card.json, euc.json, security.txt, and the Trustmark verification manifest. → RFC 8615

YC W25 startup; published the agents.json agent-discovery spec.

A pay-per-call payment signal for agent-initiated API calls.

Y Combinator. Startup accelerator; reference appears in the context of Wildcard AI (YC W25).