Noma Security

A quiet shift is occurring in enterprise security that most non-technical leadership teams have yet to quantify. It usually starts with a prompt or instruction from a regular, well-meaning employee to a local agent. However, when standard employees interact with autonomous agents, they frequently provide incomplete or context-deficient instructions. Deprived of guardrails and clarity, autonomous […] The post The Silent Spread: Destructive Autonomous Agents appeared first on Noma Security .

I’ve had a number of people ask me “Why did you agree to co-chair the Cloud Security Alliance (CSA) Autonomous Action Runtime Management (AARM) initiative?” Well, partly, because I was asked! Who would pass on the opportunity to collaborate with Herman Errico, the author of AARM, as well as Akul Loomba and Chris Hughes? But […] The post That’s a Great Question: Why am I Joining the CSA AARM Initiative? appeared first on Noma Security .

Quarterly Report filed 2026-05-14

Material Event filed 2026-05-14

CISO-Voted List Recognizes the 30 Private Cybersecurity Companies Shaping Enterprise Security in the Age of AI Tel Aviv, May 12, 2026 – Noma Security, The market leader in securing AI, agents, and whatever comes next, today announced its inclusion in Rising in Cyber 2026, an independent annual list launched by Notable Capital to recognize the […] The post Noma Security Named to Rising in Cyber 2026 List of Top Cybersecurity Startups appeared first on Noma Security .

TL;DR: We evaluated NVIDIA Nemotron-3-Nano-30B against Claude Opus 4.5 as the attack-prompt generator in Noma’s red teaming engine. Nemotron achieved a 70% higher attack success rate at roughly one-tenth the cost, running fully self-hosted via NIM. We’re integrating it into production via Amazon Bedrock, with a self-hosted NIM deployment to follow. Background: How Noma’s Red […] The post Noma Security Integrates NVIDIA Nemotron into its AI Red Teaming Engine appeared first on Noma Security .

Many vendors in AI security are talking about gateways right now, but they don’t all mean the same thing. Between all of these, the word “gateway” is doing a lot of work, and not all of it is consistent. Security teams are being asked to evaluate these technologies, and the terminology is genuinely confusing. In […] The post AI Gateways vs. MCP Gateways: What Security Teams Need to Know appeared first on Noma Security .

One of the more interesting questions I keep coming back to with other CISOs and security friends is how we should govern AI agent identities. Do we treat them like service accounts? Like users? Or something else entirely? Where I’ve landed, at least for now, is: both, and neither. Agents are a true hybrid. They […] The post That’s a Great Question: Rethinking Identity for AI Agents appeared first on Noma Security .

TL;DR Amazon Quick Desktop’s new “local-first” model introduces a high-risk Excessive CAP profile. Noma Security researchers identified three critical attack vectors: the manipulation of agents to write and stage malicious code scripts in local directories, the hijacking of browser automation to execute destructive actions in authenticated SaaS sessions, and the vulnerability of Scheduled Agents to […] The post Amazon Quick Security Risks: Top Misconfigurations and Data Leakage Threats appeared first on Noma Security .

The efficiency, limitless scale, and promise of the autonomous AI agent are undeniable. By granting a model the ability to use tools, browse the web, and execute code, organizations can achieve true productivity automation. However, as recent incidents demonstrate, giving an AI agent write access to production environments creates a new class of systemic risk. […] The post Off the Map: When Autonomous Agents Go Rogue appeared first on Noma Security .

One of the questions I’ve been sitting with since RSAC is deceptively simple: when your orchestrator agent hands off a task to a sub-agent, how does the sub-agent know the instruction is legitimate? It sounds almost philosophical. But it isn’t. It’s a governance gap most of us haven’t closed yet, and the infrastructure to close […] The post Your Agents Are Trusting Each Other – Should They? appeared first on Noma Security .