Glossary M

A man-in-the-middle attack intercepts communications between two parties without their knowledge, allowing the attacker to eavesdrop, modify, or inject data. HTTPS with proper certificate validation, HSTS, and certificate pinning are primary defenses against network-level MitM attacks. MitM attacks at the application layer (e.g., through malicious proxies or BGP hijacking) require additional controls like mutual TLS and certificate transparency monitoring.

A managed database service abstracts away database infrastructure management — provisioning, patching, backups, replication, and failover — letting teams focus on schema design and query optimization. Managed databases trade some configuration flexibility for significantly reduced operational burden. AWS RDS, Cloud SQL, Azure Database for PostgreSQL, and Amazon Aurora are popular managed relational offerings.

Azure Managed Identity is an Azure Active Directory feature that provides Azure services with an automatically managed identity for authenticating to any service that supports Azure AD authentication, without storing credentials in code or configuration. System-assigned managed identities are tied to a specific resource's lifecycle, while user-assigned managed identities are independent resources that can be assigned to multiple services. Managed identities eliminate the need for service principals with long-lived client secrets.

Managed Kubernetes services run the Kubernetes control plane (API server, etcd, scheduler, controller manager) as a cloud-provider-managed service, leaving customers responsible only for worker nodes and workloads. Control plane upgrades, HA configuration, and etcd backups are handled by the provider. EKS, GKE, and AKS are the three major managed Kubernetes offerings.

WAF managed rule groups are pre-configured sets of rules maintained by cloud providers or security vendors that protect against common web threats without requiring customers to write and maintain individual rules. AWS WAF Managed Rules include rule groups for OWASP Top 10 threats, known bad inputs, SQL injection, and vendor-specific protections. Managed rules are continuously updated as new attack patterns emerge, reducing the operational burden of maintaining custom WAF rules.

A matrix build runs a CI job multiple times in parallel across combinations of variables — such as operating systems, language versions, or dependency combinations. Matrix strategies ensure software works across all supported configurations without sequentially running each variant. GitHub Actions, GitLab CI, and most CI platforms support matrix configuration natively.

MCP is an open protocol developed by Anthropic that standardizes how AI applications provide tools, context, and data sources to language models. It defines a client-server architecture where MCP servers expose resources (files, APIs, databases) that AI hosts can access during agentic workflows. MCP enables modular, interoperable tool ecosystems for AI agents across different model providers.

MDR is a managed security service where a third-party provider delivers threat detection, hunting, and incident response capabilities on behalf of an organization. MDR providers operate 24/7 SOCs, leverage proprietary technology, and bring specialized expertise that many organizations cannot build internally. MDR is popular with mid-market companies that lack in-house security operations capacity.

Memcached is a high-performance, distributed in-memory key-value cache originally designed for web application caching. It is simple, fast, and horizontally scalable, but does not support persistence, replication, or complex data structures. Memcached remains widely used for simple read-heavy caching patterns where Redis's additional features are unnecessary.

Memory safety refers to a class of programming language properties and runtime protections that prevent vulnerabilities arising from incorrect memory access — including buffer overflows, use-after-free, double-free, and null pointer dereferences. Memory-safe languages like Rust enforce ownership rules at compile time, eliminating entire vulnerability classes present in C/C++ without runtime overhead. The NSA and CISA recommend migrating to memory-safe languages for new development.

A merge queue serializes pull request merges to ensure every commit to the main branch is tested against the latest state of the branch. Without a merge queue, two PRs that each pass tests independently might break when merged together. GitHub, GitLab, and tools like Mergify implement merge queues to prevent this 'semantic conflicts' problem at scale.

A message broker is middleware that translates messages between producers and consumers, enabling asynchronous, decoupled communication between services. Brokers persist messages, handle delivery guarantees, and manage consumer groups and subscriptions. RabbitMQ, Apache Kafka, AWS SQS/SNS, and Azure Service Bus are common message brokers used to decouple microservices and buffer traffic spikes.

A message queue is a form of asynchronous communication where producers place messages in a queue and consumers process them at their own pace. Queues provide durability (messages persist if the consumer is offline), load leveling (smooth out traffic spikes), and work distribution across multiple consumers. RabbitMQ, AWS SQS, and Apache Kafka are widely used message queuing systems.

Metrics are numerical time-series measurements of system behavior — CPU usage, request count, error rate, queue depth — aggregated and stored efficiently for querying and alerting. The four golden signals (latency, traffic, errors, saturation) are a common starting framework for service metrics. Prometheus is the de facto standard for metrics collection in cloud-native environments.

MFA requires users to provide two or more verification factors to access a resource — typically something they know (password), something they have (phone/hardware key), and/or something they are (biometrics). MFA significantly reduces the risk of unauthorized access even when passwords are compromised.

Micro-frontends extend microservice principles to the frontend by decomposing a web UI into independently deployable pieces owned by separate teams. Each team owns its slice of the UI end-to-end, from frontend to backend. Composition happens at runtime (via iframes, module federation, or web components) or at build time. Micro-frontends reduce coordination overhead for large teams but add integration complexity.

Microsegmentation divides cloud and data center networks into small, isolated segments and enforces granular access controls between them at the workload level rather than the network perimeter level. In cloud environments, microsegmentation is implemented through Kubernetes NetworkPolicies, security group rules, and service mesh authorization policies that restrict which services can communicate with which. It limits lateral movement by ensuring a compromised workload cannot access unrelated services.

Microservices is an architectural style where an application is built as a collection of small, independently deployable services that communicate over well-defined APIs. Each service owns its data, can be deployed and scaled independently, and is typically owned by a single team. The style improves deployment velocity and fault isolation but introduces distributed systems complexity around service discovery, distributed tracing, and eventual consistency.

MITRE ATT&CK is a globally accessible knowledge base of adversary tactics and techniques based on real-world observations. It provides a common taxonomy for red teams, blue teams, and threat intelligence that enables consistent communication about attacker behavior. Security teams use ATT&CK to assess detection coverage, plan purple team exercises, and map threat actor profiles to defensive gaps.

Mixed precision training performs the forward and backward passes in lower-precision formats (FP16 or BF16) while maintaining a full-precision (FP32) master copy of weights for parameter updates. This reduces memory usage and increases throughput on modern GPUs without significant accuracy loss. Gradient scaling prevents underflow of small gradient values in FP16.

MMLU is a benchmark consisting of approximately 15,000 multiple-choice questions across 57 academic and professional subjects, from elementary mathematics to professional law and medicine. It measures a model's breadth of world knowledge and reasoning ability. MMLU scores are widely reported in model release papers, though models trained on instruction-following datasets can achieve high scores without genuine understanding.

Model serving refers to the infrastructure and software stack for deploying trained AI models to handle real-time inference requests. Key challenges include managing GPU memory for concurrent requests, batching for efficiency, and meeting latency SLOs. Specialized serving frameworks like vLLM, TGI, and TensorRT-LLM use techniques such as continuous batching and KV cache management to maximize throughput.

A monolith is an application where all components — UI, business logic, and data access — are tightly coupled and deployed as a single unit. Monoliths are simpler to develop and debug initially but become harder to scale and maintain as teams and codebases grow. The Strangler Fig pattern is a common approach for incrementally migrating monoliths to microservices.

A monorepo stores multiple projects — libraries, services, and applications — in a single version control repository, enabling atomic cross-project changes and shared tooling. Tools like Nx, Turborepo, and Bazel provide build caching and task orchestration to keep monorepos fast at scale. Monorepos trade the simplicity of independent repos for improved code sharing, refactoring, and dependency management.

Monorepo CI refers to CI/CD strategies optimized for repositories containing multiple packages or services. Key challenges include only building affected packages (change detection), managing dependency graphs between packages, and scaling pipelines across hundreds of services. Tools like Nx, Turborepo, Bazel, and Pants provide intelligent build caching and affected-change detection for monorepos.

An MPA serves a distinct HTML document for each page, with full browser navigation between pages. Traditional server-rendered web apps are MPAs. They have excellent SEO and fast initial loads but feel less interactive than SPAs between navigation events. Modern frameworks blur the boundary by adding client-side navigation and hydration to MPAs for a smoother experience.

MPC is a cryptographic technique enabling multiple parties to jointly compute a function over their private inputs without any party revealing its data to the others. It's used in threshold key signing (splitting private keys across multiple parties), private set intersection (finding common customers without sharing full lists), and collaborative analytics. MPC is practical today for specific use cases like crypto custody.

mTLS extends standard TLS by requiring both the client and server to present and validate certificates, providing two-way authentication. In microservice architectures, mTLS ensures that only authorized services communicate with each other, preventing lateral movement by compromised workloads. Service meshes like Istio and Linkerd automate mTLS certificate issuance and rotation transparently.

MTTD measures the average time between when a security incident begins and when the security team becomes aware of it. It is a key SOC performance metric; industry studies show breaches go undetected for an average of weeks to months. Reducing MTTD requires better instrumentation, detection rules, and threat hunting capabilities. MTTD is tracked alongside MTTR to measure overall incident response effectiveness.

MTTR in security contexts measures the average time from incident detection to full containment and remediation. It combines investigation time, decision-making, and remediation execution. SOAR automation significantly reduces MTTR for high-volume, well-understood attack types. MTTR is a core SLA metric for MDR services and a key indicator of security operations maturity.

Multi-agent systems coordinate multiple AI agents that collaborate, communicate, or compete to accomplish complex tasks. Individual agents may specialize in roles (planner, executor, critic) and pass messages or artifacts to each other. Frameworks like AutoGen, CrewAI, and LangGraph implement orchestration patterns for multi-agent workflows, enabling parallelization and division of labor for complex tasks.

Multi-cloud security addresses the challenges of maintaining consistent security posture across workloads deployed on multiple cloud providers (AWS, Azure, GCP). It requires cloud-agnostic CSPM tools, normalized identity management (often via workload identity federation standards like SPIFFE), consistent policy enforcement through policy-as-code, and centralized log aggregation across cloud audit trails. Multi-cloud strategies introduce complexity that can create security gaps between provider-specific controls.

Multi-head attention runs the self-attention mechanism in parallel across multiple learned projection subspaces (heads), allowing the model to simultaneously attend to different aspects of the input sequence. Each head computes its own query, key, and value projections; outputs are concatenated and projected back to the model dimension. Multiple heads enable richer representational capacity than a single attention computation.

A multi-region architecture deploys application components across two or more geographic cloud regions to provide global availability, low-latency access for distributed users, and protection against regional outages. Multi-region deployments introduce complexity around data consistency, synchronization lag, and operational tooling but are required for the highest tiers of availability and data residency compliance.

A multi-stage Docker build uses multiple FROM statements in a single Dockerfile to separate build-time dependencies from the final runtime image. Build tools, compilers, and test dependencies exist only in intermediate stages and are discarded in the final image. This produces minimal, secure production images without complex external build scripts.

Multi-tenancy is an architecture where a single software instance serves multiple customers (tenants) while keeping their data logically isolated. SaaS products use multi-tenancy to reduce infrastructure costs and operational overhead. Isolation strategies range from shared database with tenant-scoped row filtering (highest efficiency) to separate databases or infrastructure per tenant (highest isolation).

Multimodal AI models process and generate content across multiple data modalities — text, images, audio, and video — within a unified architecture. GPT-4V, Claude 3, and Gemini are multimodal models that accept image inputs alongside text. Multimodal capability enables applications like visual question answering, document analysis, and speech-to-text-to-response pipelines.

An MVP is the simplest version of a product that delivers enough value to early adopters and generates validated learning about customers. The concept, popularized by Eric Ries in The Lean Startup, helps teams avoid building features nobody wants. In enterprise software, MVPs often focus on solving one painful workflow extremely well.