AI Foundations
AI Foundations
Same Words, Different Machines
Token. Context. Agent. Trust. You've been selling these concepts for years. Your buyers are now using the same words to describe AI systems where every one of them means something different. The pattern match feels solid, and that confidence is exactly the problem.
NIST maintains two separate glossaries for security and AI terms with no reconciliation layer between them. Anthropic told the U.S. government in writing that "AI agent" doesn't have a settled definition yet. This section maps each collision point: where your IDAM intuition transfers cleanly, where it misleads, and what to say instead. Starting with the word that means a credential to you and a billing unit to your buyer.
Same Words, Different Machines
Token. Context. Agent. Trust. You've been selling these concepts for years. Your buyers are now using the same words to describe AI systems where every one of them means something different. The pattern match feels solid, and that confidence is exactly the problem.
NIST maintains two separate glossaries for security and AI terms with no reconciliation layer between them. Anthropic told the U.S. government in writing that "AI agent" doesn't have a settled definition yet. This section maps each collision point: where your IDAM intuition transfers cleanly, where it misleads, and what to say instead. Starting with the word that means a credential to you and a billing unit to your buyer.
Every policy engine you've sold shares a property so fundamental you've never had to name it: same input, same rules, same result. Machine learning doesn't work that way. The "rules" are statistical weights nobody wrote, the outputs are probabilistic, and the providers say so in their own documentation. Your buyers are adopting these systems anyway. The testing, auditing, and incident response playbooks they've built around deterministic software won't survive the transition intact. This piece maps exactly where your IDAM instincts help and where they start to mislead.
In IDAM, "how did it decide?" has a clean answer: policy rule, attribute match, timestamp, logged decision. The explanation is the mechanism. You've given that answer hundreds of times. When a buyer asks the same question about an AI system, the words are identical. The answer is a fundamentally different kind of thing. A neural network has no rules that fire. It has billions of learned weights interacting across dozens of nonlinear math layers, and nobody, including the CEOs of major model providers, can fully trace why a specific output was produced. Interpretability is an open research problem. NIST names it explicitly. The distinction reshapes the conversation.
You've spent your career configuring models. RBAC, ABAC, MAC — frameworks with enumerable rules, deterministic outputs, auditable decisions. Now your buyer says "we're evaluating models" and means a trained neural network that predicts text one token at a time. Same word, fundamentally different object. The difference changes how you should think about testing, procurement, and governance in ways that will cost you credibility if you reach for the wrong intuition. This piece covers the mechanism behind large language models, why scaling laws matter for procurement conversations, and exactly where your IDAM expertise gives you a real advantage versus where it sets a trap.
If you sell Adaptive MFA, you already sell predictive AI. If anyone in your account has mentioned agents or copilots, you're already encountering generative AI. Most buyers use the word "AI" to mean both, and the governance requirements are different. Predictive AI scores and classifies — bounded outputs, auditable, fast. Generative AI produces new content — text, code, API calls, policies. The structural fact worth carrying into every conversation: generative models can increasingly do predictive work, but predictive models cannot do generative work. That one-way street is reshaping enterprise architecture, and your buyer is navigating it right now.
Your buyer is going to say "customize" in an AI conversation. They mean it the way you'd mean it: configuration, settings, making the platform behave. That instinct will carry you through most of the conversation. The part it misses is what this piece is about. Foundation models ship unfinished on purpose. The buyer's organization finishes them. But the adaptation method they actually need — prompting, RAG, or fine-tuning — determines the cost, the complexity, and whether identity infrastructure touches the problem at all. Most buyers describing "customization" are describing configuration. Knowing which kind changes the conversation.
You've spent years managing tokens with scopes, expiry, and issuers. In an AI architecture conversation, "token" means a chunk of text the model processes and bills you for. Same word, zero overlap. Your brain won't flag the moment you lose the thread. Worse, the unit of measurement keeps changing between model versions — same input, up to 35% more tokens billed. This piece covers what tokens, context windows, and inference actually mean mechanically, and where your IDAM instincts help versus quietly mislead you.
A misconfigured federation trust throws a 403. An expired certificate kills a login flow. Your career runs on systems that announce when they break. Language models don't do that. A model produces a confident, polished, completely fabricated answer, and it looks identical to a correct one. No error code. No stack trace. Nothing in the logs. NIST AI 600-1 calls this "confabulation," not "hallucination," and the vocabulary choice matters when your buyer is scoping an ATO. What follows profiles the two failure modes side by side, walks through the five dimensions where your software intuition stops working, and gives you field-ready language for the conversation.
AI Foundations Recap — Four Clusters to Hold Onto
Seven vocabulary collisions between IDAM and AI, compressed into four clusters you can hold in your head before a call. The model is a predictor. It retrieves nothing. Context is instruction plus data plus history, all sharing one finite window. "Token" means something completely unrelated. And determinism doesn't exist, regardless of what you set temperature to. Each cluster carries one load-bearing claim, vocabulary mapping tables showing exactly where your IDAM intuition helps and where it starts lying to you, and a source index weighted toward NIST frameworks and provider documentation. This is the scaffold for everything that follows. If it holds, the details reconstruct themselves.