An active entity, typically a user, process, or device, which causes information to flow among objects or changes the system’s state. The subject essentially initiates and controls these actions, making it a critical component of access control models and security protocols. It’s crucial to verify the identity and permissions of a subject before allowing access to sensitive resources.