- Agent Readiness
- Zustand, in dem Inhalte und Prozesse so aufbereitet sind, dass KI-Agenten kontrolliert darauf zugreifen und handeln können.
- AI Overview
- A summarised answer generated by a language model that Google renders above its classical results.
- AI Retrieval
- The technical process by which an AI system fetches relevant content from a source to embed it in a generated answer — typically via embeddings, vector search, reranking, and filtering.
- AI Search
- Search systems whose output is not a list of links but a generated or composed answer, supported by retrieval, embeddings, and LLM synthesis.
- AI-first architecture
- A system and platform architecture designed from the start for agents, retrieval pipelines, and programmatic consumption.
- AI-ready CMS
- A content management system whose content, structural models, and APIs are designed so that retrieval pipelines, AI search systems, and agents can consume them directly without screen-scraping.
- AI-ready Commerce
- An e-commerce platform whose product data, categories, availability, and content are modelled so that AI search engines, comparison agents, and recommendation systems can read, classify, and embed them reliably in generative answers.
- Bottlerocket
- An AWS-maintained minimal immutable Linux image for container workloads, primarily for Kubernetes on EKS and ECS.
- Cluster Autoscaler
- The classical Kubernetes component that scales predefined node groups up and down based on pod demand.
- Container Escape
- The act of breaking out of a running container into the host kernel, the host filesystem, or neighbouring containers.
- Content Federation
- An architectural pattern that joins content from multiple source systems into a common, retrievable layer.
- Copy-on-Write (COW)
- An optimisation technique where a shared resource is physically copied only when one of its users writes to it.
- Crypto Agility
- Architectural principle that treats cryptographic algorithms as swappable configuration rather than hard-coded assumptions — a prerequisite for migrating to post-quantum schemes.
- CVE
- Common Vulnerabilities and Exposures — a public identification scheme for security vulnerabilities, operated by MITRE with numerous CNAs.
- Declarative Infrastructure
- A model that describes what state should exist rather than how to reach it.
- DevSecOps
- A way of working in which security requirements, tooling, and responsibility are an integral part of development and operations — not a downstream audit step.
- Digital Sovereignty
- The ability of an organisation or a state to make independent decisions about its digital systems, data, interfaces, and suppliers.
- Enterprise CMS
- A CMS built for the requirements of larger organisations: multisite, multi-language, granular permissions, workflows, versioning, long-term support.
- Entity-based SEO
- An SEO practice whose primary unit is the entity — person, company, product, place, concept — as it appears in knowledge graphs and LLM knowledge stores, rather than the keyword.
- European Cloud
- Cloud offerings from providers with seat, ownership, and operations in the EU, whose services fall primarily under EU law and EU data locations.
- Falco
- An open-source runtime security tool for Linux and Kubernetes; CNCF Graduated.
- Flatcar Linux
- An immutable, container-optimised Linux distribution in the lineage of CoreOS Container Linux, maintained under the CNCF.
- Generative Engine Optimization (GEO)
- The discipline of designing content and technical delivery so that generative search engines (ChatGPT Search, Perplexity, Google AI Overviews, Gemini) cite and incorporate them correctly.
- GitOps
- An operating model in which the desired state of infrastructure and applications is fully described in a Git repository.
- Harvest-now-decrypt-later
- Attack strategy in which encrypted data is collected today to be decrypted once a sufficiently powerful quantum computer becomes available.
- Headless CMS
- A CMS that delivers content exclusively or primarily via APIs and leaves presentation to an external frontend.
- Immutable Infrastructure
- An operating approach in which servers, nodes, and container images are never modified after deployment.
- Karpenter
- A Kubernetes autoscaler that provisions worker nodes just in time: instead of scaling fixed node groups, it starts matching instances directly at the cloud provider.
- Kernel Hardening
- The set of measures that reduce the attack surface and exploit tolerance of a Linux kernel.
- Kernel LPE
- A local privilege escalation issue residing directly in the Linux kernel — for instance in memory management, filesystems, eBPF, or the network stack.
- Kubernetes
- An open-source orchestration system for containerised applications that schedules containers across machines, maintains a desired state, and scales horizontally.
- Kubernetes Worker Node
- A machine (physical or virtual) on which Kubernetes actually runs pods.
- Lattice-based cryptography
- Family of cryptographic schemes based on hard lattice problems (LWE), considered resistant to quantum attacks and forming the mathematical foundation of ML-DSA and ML-KEM.
- Local Privilege Escalation (LPE)
- A class of vulnerabilities in which an attacker who already has limited local access escalates to higher privileges (e.g. root).
- MCP
- Offener Standard, über den KI-Modelle und Agenten einheitlich auf externe Werkzeuge und Daten zugreifen.
- ML-DSA
- NIST-standardised post-quantum digital signature algorithm (FIPS 204), replacing classical schemes such as ECDSA in APIs, JWTs, and identity flows.
- ML-KEM
- NIST-standardised post-quantum key encapsulation mechanism (FIPS 203), used alongside classical ECDH in hybrid TLS handshakes to provide quantum-resistant key exchange.
- NixOS
- A Linux distribution whose entire system configuration is declared in the Nix language; every change produces a new generation with an atomic switch and rollback.
- Open Source
- Software whose source code is published under a licence that allows use, study, modification, and redistribution — in line with the OSI Open Source Definition.
- Open Source CMS
- A CMS whose source code is available under an open-source licence and which can be installed, operated, and adapted without proprietary licence fees.
- Page Cache
- The Linux kernel mechanism that transparently caches file contents in main memory to speed up repeated read and write access.
- Platform Engineering
- The discipline of building and operating an Internal Developer Platform (IDP) that lets product teams deploy and operate applications without deep ops expertise.
- Pod Security Standards
- A three-tier profile model with which Kubernetes evaluates pods against permitted security properties: privileged, baseline, and restricted.
- Post-Quantum Cryptography
- Cryptographic algorithms designed to remain secure against attacks by quantum computers — standardised by NIST in FIPS 203 (ML-KEM) and FIPS 204 (ML-DSA).
- RAG
- Retrieval-Augmented Generation: das Sprachmodell ruft zur Laufzeit relevante Inhalte aus einer Wissensquelle ab und bezieht sie in die Antwort ein.
- Retrieval-ready content
- Content optimised for AI retrieval: self-contained meaning units, precise heading hierarchy, semantic HTML, enriched with metadata such as entities, language, publication date, citations, and stable URLs.
- Runtime Security
- A security discipline that observes and evaluates processes, network, and file activity during execution, rather than relying solely on static checks.
- SBOM
- Software Bill of Materials: maschinenlesbare Stückliste aller Komponenten, Bibliotheken und Versionen einer Software.
- Self-hosted Infrastructure
- Infrastructure that an organisation runs itself — on its own hardware, in a co-location, or in a cloud environment where it controls every layer above the bare machine.
- Semantic HTML
- HTML that conveys the meaning of its elements — <article>, <section>, <nav>, <header>, correctly nested headings, native lists, <figure>/<figcaption>, plus ARIA roles where needed.
- SLSA
- Supply-chain Levels for Software Artifacts: Rahmenwerk für die überprüfbare Integrität der Software-Lieferkette.
- Sovereign Infrastructure
- IT infrastructure operated in a way that lets an organisation make substantial decisions at any time about what runs on it, who has access, and where data flows.
- Structured Content
- Content modelled as modular, typed building blocks (heading, lead, FAQ, person, product, …) instead of an unstructured rich-text blob inside a WYSIWYG editor.
- Structured Content Modeling
- The editorial and technical discipline of modelling content as typed building blocks with relationships.
- Talos Linux
- A minimal, immutable, API-driven Linux distribution purpose-built to run Kubernetes.
- Tetragon
- An eBPF-based component from the Cilium project for runtime observation and policy enforcement in the Linux kernel.
- Threat Detection
- The job of filtering, correlating, and prioritising security-relevant events from logs, metrics, traces, and runtime sensors.
- TYPO3
- A free, PHP-based enterprise CMS with a long LTS history, native multisite, multi-language, and structured-content support.
- TYPO3 Cluster
- A multi-instance TYPO3 setup in which several frontend pods or servers run behind a load balancer and share a common database, fileadmin, and a distributed cache.
- TYPO3 Extension
- A modular extension package for TYPO3 that adds functionality, content types, plugins, or configuration.
- TYPO3 Kubernetes
- Running TYPO3 on Kubernetes — typically with separate pods for frontend workers, backend, cron/scheduler, Solr/OpenSearch, and caches.
- Vendor Lock-in
- A situation in which switching from one vendor to another becomes so expensive that it effectively does not happen, even when it would make strategic sense.
- Wolfi OS
- A container-focused Linux distribution ("undistro") from Chainguard, designed for a minimal footprint, supply-chain-secure builds, and fast patch cycles.