FAQ

NEED HELP GETTING STARTED?

Frequently Asked Questions

This FAQ is designed to help CISOs, Security Directors, and AI governance leaders understand how Noma Security addresses the unique challenges of securing enterprise AI environments — from model discovery through to runtime protection and regulatory compliance.

Traditional AI models are passive: they respond to prompts and return data. Autonomous AI agents are active: they make independent decisions, execute code, send emails, query databases, call external APIs, and take actions with real-world consequences — often without human review.

This creates three categories of risk that did not previously exist:

 

Most organisations currently have zero visibility into these systems. Noma was the first platform purpose-built to secure agents at scale.

Noma covers the full spectrum of enterprise agent categories:

 

Coverage extends to MCP (Model Context Protocol) servers — the emerging standard for connecting AI agents to tools and data sources — which introduce their own supply chain risks.

Prompt injection is the primary attack vector against LLM-based systems. An attacker embeds malicious instructions in data that the model processes (documents, emails, web pages), causing the agent to deviate from its intended behaviour — exfiltrating data, taking unauthorised actions, or bypassing safety controls.

Noma’s Runtime Protection layer monitors every prompt and output in real time, applying configurable guardrails that:

AI Asset Discovery & Posture Management

Noma is designed for frictionless enterprise deployment. The platform connects via API — no code changes to existing AI applications are required. Integration typically takes minutes, not months, and data science teams can implement security controls without disrupting their workflows.

Deployment options include:

A major pharmaceutical company deployed Noma into production within one month — a speed they had not previously achieved with any enterprise security vendor.

Noma integrates natively with the major cloud and AI platforms:

Noma is available through the AWS Marketplace via the Extended Plan, enabling procurement through existing cloud agreements.

Noma offers two commercial models, both on an annual SaaS subscription basis:

Rexdata can assist Benelux organisations with commercial negotiations, proof-of-concept scoping, and integration support as the authorised regional partner.

 

Agentic AI Security

Noma Security is an enterprise AI security platform purpose-built to secure AI applications and autonomous AI agents throughout their entire lifecycle. Traditional cybersecurity tools — SIEMs, EDRs, CNAPPs — were not designed to detect, monitor, or govern AI-specific threats such as prompt injection, model poisoning, data exfiltration via agents, or misconfigured MLOps pipelines.

As organisations deploy AI models, RAG pipelines, and autonomous agents at scale, they create an entirely new attack surface that existing tools cannot see. Noma fills that gap with three integrated capabilities: AI discovery and posture management, AI red teaming, and runtime threat protection.

Cloud Security Posture Management (CSPM) and Cloud-Native Application Protection Platforms (CNAPP) govern infrastructure — VMs, containers, cloud configurations. They have no visibility into the behaviour or risk of AI models, training datasets, LLM pipelines, or autonomous agents.

Noma is AI-native by design. It understands the semantics of AI workloads: which model has access to what data, what actions an agent can trigger, what the blast radius of a compromised pipeline looks like. This context is what makes risk prioritisation meaningful rather than a flood of generic alerts.

Yes. Noma Security has been recognised by Gartner as a 2025 Cool Vendor in AI Security and as a leader in AI Trust, Risk and Security Management (AI TRiSM). The company received the SINET16 Innovator Award and is backed by Evolution Equity Partners, Ballistic Ventures, Glilot Capital, and Databricks Ventures, having raised $132 million to date.

Noma also discovered ForcedLeak — the first-ever critical agentic vulnerability in Salesforce Agentforce — demonstrating its deep expertise in emerging AI attack vectors.

Deployment & Integration

Noma Security is an enterprise AI security platform purpose-built to secure AI applications and autonomous AI agents throughout their entire lifecycle. Traditional cybersecurity tools — SIEMs, EDRs, CNAPPs — were not designed to detect, monitor, or govern AI-specific threats such as prompt injection, model poisoning, data exfiltration via agents, or misconfigured MLOps pipelines.

As organisations deploy AI models, RAG pipelines, and autonomous agents at scale, they create an entirely new attack surface that existing tools cannot see. Noma fills that gap with three integrated capabilities: AI discovery and posture management, AI red teaming, and runtime threat protection.

Cloud Security Posture Management (CSPM) and Cloud-Native Application Protection Platforms (CNAPP) govern infrastructure — VMs, containers, cloud configurations. They have no visibility into the behaviour or risk of AI models, training datasets, LLM pipelines, or autonomous agents.

Noma is AI-native by design. It understands the semantics of AI workloads: which model has access to what data, what actions an agent can trigger, what the blast radius of a compromised pipeline looks like. This context is what makes risk prioritisation meaningful rather than a flood of generic alerts.

Yes. Noma Security has been recognised by Gartner as a 2025 Cool Vendor in AI Security and as a leader in AI Trust, Risk and Security Management (AI TRiSM). The company received the SINET16 Innovator Award and is backed by Evolution Equity Partners, Ballistic Ventures, Glilot Capital, and Databricks Ventures, having raised $132 million to date.

Noma also discovered ForcedLeak — the first-ever critical agentic vulnerability in Salesforce Agentforce — demonstrating its deep expertise in emerging AI attack vectors.

Regulatory Compliance — NIS2, DORA & EU AI Act

The NIS2 Directive (effective October 2024) requires essential and important entities across 18 sectors — including energy, financial services, transport, healthcare, and digital infrastructure — to implement risk-based cybersecurity measures and report significant incidents within 24 hours.

Noma directly supports NIS2 compliance through:

DORA (Digital Operational Resilience Act, effective January 2025) applies to all financial entities in the EU and sets prescriptive requirements for ICT risk management, operational resilience testing, and incident reporting within four hours of classification.

For financial institutions deploying AI, Noma provides:

 

A leading CIO at a Fortune 100 financial institution cited Noma as a prerequisite for agentic AI deployment across the organisation — using security governance as a business enabler rather than a blocker.

The EU AI Act classifies AI systems by risk level and imposes conformity obligations on high-risk systems — including those used in critical infrastructure, financial services, and employment.

Noma supports AI Act compliance through:

Yes. Noma maps all identified risks and findings to established AI security frameworks:

Operations & Sector Applicability

Noma is most immediately valuable in regulated, data-intensive sectors where AI adoption is rapid and the consequences of a breach are severe:

As the authorised Benelux partner, Rexdata manages the full customer journey:

Data privacy is a first-class concern in Noma’s architecture:

Rexdata can provide detailed data processing and sovereignty documentation for procurement and legal review.

Still have questions?

Our team is ready to answer your questions and help you find the right solution for your organisation. Get in touch for personalised guidance.


Contact us