Glossary H

Hallucination refers to language models generating confident-sounding but factually incorrect, fabricated, or unsupported information. Hallucinations occur because LLMs are trained to produce fluent, plausible text rather than strictly factual claims. Mitigation strategies include retrieval augmentation, grounding, citation requirements, factuality fine-tuning, and output verification pipelines.

A hardened container image is a base image built with security as the primary concern — removing unnecessary packages, running as a non-root user, using minimal distributions (Alpine, distroless), and applying CIS benchmarks for container configuration. Hardened images reduce attack surface by eliminating tools that attackers could use post-exploitation (package managers, shells, curl) while maintaining only what the application needs to function. Organizations maintain approved hardened base images that application teams extend.

System hardening is the process of reducing a system's attack surface by disabling unnecessary services, removing default credentials, applying security patches, enforcing secure configurations, and enabling logging. Hardening benchmarks published by CIS (Center for Internet Security) provide prescriptive, scored checklists for operating systems, databases, cloud services, and network devices. Automated compliance scanning tools measure systems against hardening baselines continuously.

Helm is the package manager for Kubernetes that packages applications as 'charts' — collections of templated Kubernetes manifests with configurable values. Charts are versioned, shareable, and publishable to registries like Artifact Hub. Helm simplifies deploying complex applications (databases, monitoring stacks) and supports upgrade, rollback, and lifecycle hooks.

Hexagonal architecture (Ports and Adapters) isolates the core application domain from external systems by defining explicit ports (interfaces) and adapters (implementations). The domain has no dependencies on databases, frameworks, or external APIs; those details plug in via adapters. This makes the core logic independently testable and allows infrastructure to be swapped without changing business logic.

HIDS monitors the internal state of individual hosts — including system calls, log files, file changes, and running processes — to detect intrusions that network-based tools cannot see. Wazuh and OSSEC are popular open-source HIDS platforms. HIDS is especially valuable for detecting insider threats and malware that communicates over encrypted channels.

HIPAA is U.S. legislation that establishes standards for protecting sensitive patient health information (PHI). The Security Rule requires administrative, physical, and technical safeguards for electronic PHI. Software companies handling healthcare data must implement encryption, access controls, audit logging, and breach notification procedures.

Hot reload (HMR) updates changed modules in a running application without a full page refresh, preserving application state and reducing the edit-save-test cycle to milliseconds. Vite and webpack implement HMR for web development; React Fast Refresh extends it to preserve component state during updates. Fast hot reload is one of the highest-leverage improvements to developer experience in modern build tooling.

The Horizontal Pod Autoscaler automatically scales the number of pod replicas in a Kubernetes deployment based on observed CPU utilization, memory usage, or custom metrics. HPA continuously reconciles current replica count against desired replica count to maintain target metric values. It works in conjunction with Cluster Autoscaler to add nodes when pending pods cannot be scheduled.

An HSM is a tamper-resistant hardware device that generates, stores, and manages cryptographic keys in a secure boundary that prevents key extraction even by administrators. HSMs are used for root CA key protection, payment transaction signing, and code signing. Cloud HSMs (AWS CloudHSM, Azure Dedicated HSM) provide FIPS 140-2 Level 3 validated key protection without on-premises hardware.

HSTS is an HTTP response header that instructs browsers to only communicate with a server over HTTPS for a specified duration. Once a browser has seen an HSTS header, it will automatically upgrade all future requests to that domain to HTTPS and refuse to connect over plain HTTP. HSTS with long max-age and includeSubDomains protects against SSL stripping attacks and accidental HTTP connections.

HumanEval is a benchmark introduced by OpenAI to evaluate the code generation capabilities of language models. It consists of 164 Python programming problems with unit tests, and models are scored by the fraction of problems solved (pass@k). HumanEval is a standard benchmark for comparing coding LLMs, though its small size and Python focus limit its coverage.

Hybrid search combines dense vector similarity search with traditional sparse keyword (BM25) retrieval to leverage the strengths of both approaches. Dense retrieval excels at semantic matching while sparse retrieval captures exact keyword matches and rare terms. Combining the two using reciprocal rank fusion or learned merging typically outperforms either method alone in RAG pipelines.

Hydration is the process of attaching JavaScript event handlers and state to server-rendered HTML in the browser, making a static page interactive. Full hydration re-processes all components; partial hydration (islands architecture, used by Astro) only hydrates interactive components. Hydration overhead is a primary cause of Time-to-Interactive performance issues in SSR frameworks.