N

Noma Security

Enterprise AI Security Platform Reference

Quick reference guide for Noma Security's positioning, market landscape, and structured learning path to reach expert level in AI Security.

Core Thesis

Traditional AppSec / CloudSec tooling is insufficient for autonomous AI systems.

Noma is building a broad enterprise AI security platform focused on securing LLMs, RAG systems, AI agents, copilots, AI development pipelines, and runtime AI interactions.

Strongest Focus

→ AI Security Posture Management (AISPM)
→ AI Red Teaming
→ Runtime Guardrails
→ Agent Governance

Positioning

"The Palo Alto / Wiz / CrowdStrike for enterprise AI systems."

Differentiators

• Unified platform
• Contextualized visibility
• AI-agent-centric security
• Runtime + Posture + Testing

AI Security Ecosystem

Security Layer	What It Means	Noma Position
AI Discovery / AISPM	Inventory + posture + governance	Strong
AI Red Teaming	Adversarial testing / jailbreak testing	Strong
Runtime Protection	Prompt filtering / guardrails / monitoring	Strong
Agent Security	Securing autonomous agents/tools	Very Strong
AI Governance / Compliance	AI policy + risk + compliance	Strong
Model Security	Protecting ML models/training pipelines	Moderate
Traditional AppSec for AI	SDLC / code / API security	Adjacent

AI Security Posture Management (AISPM)

The “CNAPP/CSPM equivalent” for AI.

Focus Areas

• Discover AI assets
• Inventory models/agents
• Risky AI deployments
• Shadow AI detection
• Contextual dependency mapping

Top Competitors

Protect AI – MLSecOps + model scanning
Cranium – Closest AISPM competitor
HiddenLayer – AI model/runtime threat detection

AI Red Teaming / Adversarial Testing

Key Activities

• Jailbreak & prompt injection testing
• Tool abuse simulation
• Agent exploit testing
• Continuous DevOps/MLOps integration

Top Competitors

Mindgard – Strongest pure-play red teaming
Lakera – Prompt injection & runtime
DeepKeep – Adversarial ML robustness

Runtime AI Protection / Guardrails

"Every prompt, every response, every tool call."

Key Concepts

• Prompt & output inspection
• Policy engines & content filtering
• Tool-call inspection
• Runtime observability

Top Competitors

Lakera
Pillar Security
HiddenLayer

AI Agent Security Noma's Strongest Area

Autonomous agents with permissions, tools, workflows, and data access — the fastest growing attack surface.

Focus

• MCP server governance
• Tool access control & action policies
• Rogue agent prevention
• AI blast radius management

Key Competitors

Palo Alto Networks
Wiz
Cranium
Emerging: Lasso Security, NeuralTrust, Airia

The Simplest Way to Explain Noma

"An enterprise AI security platform focused on visibility, governance, red teaming, and runtime protection for LLMs and AI agents."

"Trying to become the control plane for enterprise AI security."

Training & Learning Path

Phase 1 (2 weeks) – Foundations

Mirror Security Academy – AI attack surface, RAG attacks, runtime defense, agent security, OWASP LLM, MITRE ATLAS
OWASP LLM Top 10
MITRE ATLAS

Phase 2 (2–4 weeks) – Hands-on Red Teaming

Phase 3 (1–2 months) – Advanced

Runtime guardrails & policy engines
LangChain / LangGraph security
Agent permissioning & observability
AI Governance & EU AI Act

Phase 4 – Become Visible

Publish AI security testing notes, prompt injection findings, agent security experiments, MCP threat models.

Essential Resources - Youtube

Matt Wolfe - AI NEWS (News Weekly) AI Explained - AI NEWS (News Weekly) Prompt Injection Explained (Phase 1) Network Chuck - Hacking AI is TOO EASY (Phase 1) Network Chuck - Become an AI HACKER (Phase 1) Network Chuck - You SUCK at Prompting AI (Phase 1) LangGraph Tutorial - How to Build Advanced AI Agent Systems (Phase 3) Fireship - (Phase 2-3 - companion to building locally) Setup Claude Code - (Beginner) Claude Code Masterclass - (Beginner) Cloud Code Hooks Explained - (Beginner) Use Claude Code Skills like the 1% - (Beginner) Claude Code Tutorial - 21 essential tips- (Beginner) How AI agents & Claude skills work (Clearly Explained) (Beginner) GenAI vs Agentic AI vs AI Agents explained- (Beginner) AI Gateway Explained (Beginner) MCP clearly explained (Beginner) OWASP Top 10 for LLM Applications (Beginner) OWASP's Top 10 Ways to Attack LLMs: AI Vulnerabilities Exposed (Beginner) Top 10 Security Risks in AI Agents Explained (Beginner) Hugging Face Tutorial for beginners (Beginner) Every AI Model Explained in 19 Minutes (Beginner)

Essential Resources - Podcasts

AI Security Podcast (Phase 1) The Generative AI Meetup (Phase 1) AI Security 101 Podcast (Beginner) The TWIML AI Podcast (General) Super Prompt (General) Security NOW (General) Unsupervised Learning (General)

Essential Resources

MCP Security Guide LangChain Security Docs OpenAI Safety Best Practices

Noma Self Study Resources

A Gentle Introduction to Machine Learning (Section 1) But what is a neural network? | Deep learning chapter 1 (Section 1) Pre-training vs Fine-Tuning vs In-Context Learning of Large Language Models (Section 1) What is Hugging Face? (section 2) Experiment using an open source model for image generation (section 2) What are AI Agents? (section 3) Create your own Low-Code/No-Code (LCNC) Agent in Microsoft Copilot Studio (section 3) the vulnerability Noma discovered in Salesforce AgentForce (section 3 -doc) What is MCP? (section 4) MCP Explained: The New Standard Connecting AI to Everything (section 4) Review MITRE ATLAS & OWASP Top-10 ML & LLM risks -- review the references at the end of each OWASP Top 10 section, as they provide real-world examples