TechCrunch published their annual AI glossary Thursday — four bylines, the full AI desk (Lomas, Dillet, Wiggers, Ropek), 2:20 PM PDT on July 3. When a publication sends its entire beat team to define vocabulary, it's worth reading the choices as carefully as the definitions.
The terms that made it in are a cultural artifact as much as an editorial one. A concept crosses the glossary threshold when enough non-technical people encounter it in meetings, pitch decks, or news articles that someone needs to write the disambiguation piece. By that measure, the list is accurate. Hallucination, AI agent, AGI, chain-of-thought, RAG, RLHF, API endpoints — all earned their slots.
The definitions, though, are flattened in ways that matter.
Take hallucination. The mainstream framing — "the model made something up" — implies a fixable bug. The expert framing is less comfortable: hallucination is a structural feature of probabilistic text generation, not a defect. Models generate statistically likely token sequences; sometimes those sequences describe things that don't exist. The architecture cannot distinguish between a plausible output and a true one. That's not a training problem waiting to be solved. It's a load-bearing property of the approach. The distinction has significant implications for any deployment in healthcare, legal, or financial contexts. The glossary doesn't carry it.
On AI agents: TechCrunch's definition acknowledges the ambiguity honestly — "there are lots of moving pieces in this emergent space, so 'AI agent' might mean different things to different people." That's a polite way of saying the term is currently doing more marketing work than technical work. Note the same-day signal from the feed: Zuckerberg told Meta staff Thursday that AI agents "haven't progressed as quickly as he'd hoped." The gap between the mainstream definition and the technical reality is live, documented, and now on record from the person who bet the most on closing it.
What the agent definition omits is the trust architecture problem entirely. An AI agent isn't just "software that does multi-step tasks" — it's an autonomous system that takes actions with external side effects, operating with delegated authority, in an environment it cannot fully model. The glossary describes agents as able to "find and use API endpoints on their own, opening up powerful and sometimes unexpected possibilities." From a security framing, that's an autonomous lateral movement engine. "Unexpected possibilities" is doing a lot of work in that sentence.
On chain-of-thought: the definition is accurate at the surface and sufficient for most readers. What it doesn't carry is that reasoning tokens are a new attack surface. Prompt injection attacks can now target the reasoning chain itself, not just the final output — poison the intermediate steps, manipulate the output while the scratchpad looks coherent. This is a live research area with zero representation in mainstream vocabulary.
Which brings us to what didn't make the list, and why.
Prompt injection is the most significant omission. It's the SQL injection of the AI era — a structural vulnerability in how language models process untrusted input — and it is entirely absent from mainstream AI vocabulary. It's not in the glossary because it's not commercially flattering and because it doesn't have a mainstream narrative hook yet. It will get one. That's a matter of when, not if. Every other major vulnerability class arrived in mainstream discourse the same way: one high-profile incident that made the term unavoidable.
Other absent terms worth noting: context window poisoning, tool-use abuse, model exfiltration, sycophancy, GPAI (the EU AI Act regulatory classification that triggers specific compliance obligations), emergent behavior, inference-time compute, MCP. The list of what's missing maps almost perfectly onto "what enterprise buyers are underinformed about when they make procurement decisions."
The Koi Security case that surfaced Wednesday illustrates where this lands. A startup is suing Palo Alto Networks because an AI-hallucinated threat intelligence report falsely linked it to Chinese espionage. "Hallucination" is now appearing in legal pleadings. Courts will need to adjudicate what it means — and when they do, they'll force definitional precision that the mainstream glossary deliberately avoids. That's the pattern. Mainstream vocabulary standardization leads to regulatory and legal uptake, which forces precision on definitions that were previously soft. The TechCrunch glossary is step one of that process for 2026's vocabulary set.
The terms most likely to undergo forced precision first: hallucination (already in litigation), AI agent (liability for autonomous actions), AGI (GPAI threshold triggers under the EU AI Act), and eventually prompt injection — when the first material breach is formally attributed to it.
The glossary is useful. It's also a map of what the public conversation hasn't reached yet. The gap between those two lists is where most enterprise AI risk currently lives.