You know what a token is. You know what context means, what an agent does, what trust looks like inside a system architecture. You've been selling these concepts for years.
That accumulated fluency is exactly what's going to trip you up.
AI and identity management share a vocabulary where the same words point at completely different mechanisms. Token. Context. Agent. Model. Trust. Your brain hears them in a buyer conversation and pattern-matches to concepts you've held for a decade. The match feels solid. That's where the trouble starts.
That gap between feeling fluent and being fluent is where you lose technical credibility in a room, and nobody tells you it happened.
This section maps those collisions, one at a time.
How the words ended up doing double duty
AI didn't coin new language. It borrowed from the fields closest to hand: security, linguistics, cognitive science, statistics. The borrowing wasn't coordinated. Nobody convened a working group to reconcile "token" across SAML assertions and LLM pricing. The words just migrated, dragging old connotations into territory where those connotations are actively wrong.
Then vendor marketing piled on. Terms like "agentic AI" and "context-aware orchestration" land in buyer conversations carrying both technical instability and positioning spin. Your buyer may be using vocabulary that hasn't settled technically and has already been stretched by a sales deck. Two layers of imprecision, compounding.
So now your buyers use words you recognize to describe systems you don't. A CISO who says "we need to manage agent identity" might mean your agents, AI agents, or both. The architecture for each is different enough that nodding along to the wrong one costs you the conversation's technical trust.
The standards bodies haven't reconciled this either
This collision goes all the way up.
NIST maintains two separate glossary systems: the CSRC cybersecurity glossary for security and identity terms, and the AIRC glossary for AI terms. The cybersecurity glossary explicitly redirects AI vocabulary to the AIRC system. The AIRC glossary, built on NIST AI 100-3, has been in beta since 2023. Still pending final release.
Two glossary systems. One redirect. No reconciliation layer.
Look up "token" in the CSRC glossary and you get four definitions: a PIV card, a claimant's authentication key, a portable cryptographic device, a blockchain asset representation. All identity or security artifacts. None of them describe how an LLM processes text. Look up "agent" and you get "a program acting on behalf of a person or organization." Nothing about an AI system that reasons autonomously, selects tools, and chains actions across multiple steps.
Anthropic, in a formal submission to NIST's CAISI initiative on agentic AI security (docket NIST-2025-0035, March 9, 2026), stated plainly: "The term 'AI agent' does not yet have a rigorous, settled definition." A major AI provider telling the U.S. government, in writing, that the vocabulary hasn't stabilized. The same filing called on NIST to develop "shared vocabulary that lets developers, deployers, and researchers describe what went wrong in terms precise enough to compare across systems." And the AI 100-3 glossary's own design goal? Documenting that multiple meanings exist, with no plan to resolve them.
Your buyers are operating inside this gap whether they know it or not.
Last month's definitions, already stale
In April 2026, Anthropic released Claude Opus 4.7 with a new tokenizer. The pricing documentation notes that the new tokenizer "may use up to 35% more tokens for the same fixed text." The multiplier ranges from 1.0x to 1.35x depending on content type, with code and structured data hitting the upper end.
Same input. Same paragraph of English, same JSON payload. Up to 35% more tokens than the previous model generation. Unit price didn't change. Unit count did. The word "token" already meant something different from your IDAM token. Now it meant something different from what it meant in the same product line six months earlier.
If a core billing unit can shift meaning across a single model generation within a single vendor, treating any AI term as settled is a mistake. The definitions in this section are current as of May 2026. Some will move. Specific numbers, especially context window sizes and pricing, change without notice.
The collision map
Each piece in this section takes one collision point: a word or concept that lives in both your IDAM vocabulary and the AI vocabulary your buyers are using. For each, we map three things:
Where your existing intuition applies. Some of it transfers cleanly. Where it misleads. The specific point where the IDAM mental model breaks. What to say instead. Language precise enough for a technical conversation without requiring you to become an ML engineer.
The collision points we'll cover: token, context window, model, agent, trust, policy, and permission. The list may grow as the field does. Each gets its own piece. Each is short enough to read before a call.
In identity, a token is a credential: an artifact that proves something (authentication, session validity, a granted permission). OAuth access tokens, SAML assertions, session cookies. In AI, a token is a processing unit — a chunk of text, roughly a word or subword, that the model consumes or produces. It's also the billing unit. The divergence: your token carries trust. An LLM token carries no trust, no identity, no assertion. It's a piece of text with a price tag. When a buyer says "token management," ask which kind. The architectures are unrelated.
In identity and zero trust, context means risk signals informing an access decision: device posture, location, behavior patterns, time of request. It's what makes adaptive authentication adaptive. In AI, context means the model's working memory: everything the model can "see" during a single interaction, measured in tokens. A context window is a capacity limit, not a risk signal. The divergence: your context is about trust. AI context is about memory. When a buyer says "the model needs more context," they mean input capacity, not richer security signals. Different problems, different solutions.
Before your next call
The goal here is narrow: get familiar words to stop bypassing your critical ear.
The failure mode worth worrying about is false recognition. You hear a word you know, assume you understand the sentence, and lose the thread of what the buyer actually means. Ignorance you'd catch. False fluency, you won't.
The next piece starts with the first collision: what a token actually is in AI, why it costs money, and why your OAuth intuition helps up to a specific point, which we'll mark clearly.
Things to follow up on...
- NIST's unfinished AI glossary: The NIST AI 100-3 glossary has been in beta since 2023, documenting over 500 terms with multiple definitions per entry rather than resolving them to single meanings.
- Anthropic's NIST filing on agents: Anthropic's formal response to NIST CAISI on agentic AI security explicitly called for shared vocabulary as a precondition for meaningful standards, acknowledging the field can't even describe failures consistently yet.
- The Opus 4.7 tokenizer cost shift: Anthropic's pricing documentation confirms the new tokenizer can inflate token counts up to 35% for the same input, a change that contributed to Anthropic doubling its public cost estimates for Claude Code developers.
- Federal agentic AI standards gap: A Cloud Security Alliance Labs analysis of federal AI security standards found that no standalone federal agentic AI security standard exists, even as agency deployments are already underway.