A false positive is a security alert triggered by harmless activity. The system reports an incident even though no actual attack or policy violation has occurred.
False positives are one of the biggest operational problems in information security. Too many false alarms lead to alert fatigue: the security team becomes desensitized and misses real incidents amid the noise. Tuning IDS/IPS rules, SIEM correlations, and DLP policies is a continuous process. The counterpart is the false negative — a real attack that goes undetected. Good security monitoring finds the balance between the two.