llmthreat
For vendors 21 vendors · 10 tools Matrix Vendors

Noma Security is an AI-SPM / Runtime Protection vendor based in Tel Aviv, Israel. Its flagship product is Noma AI Security Platform (Discovery, AI-SPM, Red Teaming, Runtime Protection, Agentic Risk Map). Against the OWASP LLM Top 10 (2025) we score it Covered on 5 of 10 risks, Partial on 4, with 7 MITRE ATLAS techniques mapped as of . It's independent.

5/10
Risks covered
4
Partial
7
ATLAS techniques
$132M
Funding
Active
Status

At a glance

Category
AI-SPM / Runtime Protection
Headquarters
Tel Aviv, Israel
Founded
2023
Employees
51-200
Flagship product
Noma AI Security Platform (Discovery, AI-SPM, Red Teaming, Runtime Protection, Agentic Risk Map)
Deployment
SaaS and self-hosted (enterprise); covers full AI/agent lifecycle
Best for
Enterprises wanting one platform for AI/ML supply-chain posture, agent runtime protection and framework-mapped governance
Funding to date
$132M
Last round
Series B ($100M) · 2025-07
Status
Active

Facts as of .

What does Noma Security do?

Aims to be the whole AI-security stack in one place: discovery, posture, red teaming, and runtime protection for agents. It ships as SaaS and self-hosted (enterprise); covers full AI/agent lifecycle, and it's built for enterprises wanting one platform for AI/ML supply-chain posture, agent runtime protection and framework-mapped governance. It's a weaker fit for buyers seeking a narrow standalone red-team tool or a lightweight open-source option.

Which OWASP LLM Top 10 risks does Noma Security cover?

Noma Security's strongest verdict is LLM01Prompt Injection. The two tables below come from our editorial read of Noma Security's public documentation as of — it's what the docs support, not a hands-on lab test — and this row also sits in the full matrix across all 21 vendors.

OWASP LLM Top 10 (2025) coverage — as of 2026-07-13
OWASP LLM Risk What it is Noma Security coverage How it's addressed Source
LLM01 Prompt Injection User or hidden input overrides the model's rules or intended behavior. Covered Real-time threat protection blocks runtime prompt injection and jailbreaks. https://noma.security/blog/owasp-top-10-agentic-risks-with-noma/
LLM02 Sensitive Information Disclosure The model leaks secrets, personal data, or proprietary content in its output. Covered Runtime data-leakage protection plus securing sensitive training data across the lifecycle. https://www.globenewswire.com/news-release/2024/10/31/2972786/0/en/Noma-Exits-Stealth-with-32M-to-Secure-the-Entire-Data-AI-Lifecycle-from-Development-to-Production.html
LLM03 Supply Chain Compromised models, datasets, plugins, or dependencies add risk before runtime. Covered Identifies/remediates AI supply-chain risk: vulnerable data pipelines, misconfigured MLOps, malicious models. https://techcrunch.com/2024/10/31/noma-is-building-tools-to-spot-security-issues-with-ai-apps/
LLM04 Data and Model Poisoning Tampered training or fine-tuning data corrupts how the model behaves. Covered Addresses model poisoning and unscanned code/data used for training. https://techcrunch.com/2024/10/31/noma-is-building-tools-to-spot-security-issues-with-ai-apps/
LLM05 Improper Output Handling Downstream systems trust model output without checking it, enabling injection or code execution. Unverified No explicit public statement on improper output handling. None found
LLM06 Excessive Agency An agent holds more permissions, tools, or autonomy than the task needs. Covered Agentic Risk Map and agent runtime protection constrain compromised/misconfigured agent actions and tool use. https://noma.security/blog/owasp-top-10-agentic-risks-with-noma/
LLM07 System Prompt Leakage The system prompt or the secrets inside it get exposed to users. Partial Runtime threat protection covers prompt attacks; explicit system-prompt-leakage control not separately documented. https://noma.security/blog/owasp-top-10-agentic-risks-with-noma/
LLM08 Vector and Embedding Weaknesses Flaws in RAG stores let attackers poison, extract, or infer data. Partial ARM analyzes agent knowledge sources/embeddings for risky combinations; specific embedding-inversion control unverified. https://noma.security/blog/owasp-top-10-agentic-risks-with-noma/
LLM09 Misinformation The model produces false or fabricated content that users act on. Partial Noma's agentic-risk documentation describes behavioral analytics/anomaly detection that flags deviations to help 'defend against cascading hallucinations and rogue agents' as part of runtime protection, though not framed as a dedicated hallucination-detection feature. https://noma.security/agentic-security/series-3-addressing-agentic-risk/blog-3-2-addressing-agentic-risk-part-2/
LLM10 Unbounded Consumption Uncontrolled requests drive cost, denial of service, or model extraction. Partial Noma's runtime guardrails documentation discusses enforcing rate limits to resist overload attempts and blocking risky tool calls to prevent resource-exhaustion/'denial of wallet' abuse, though not detailed as a standalone product feature page. https://noma.security/agentic-security/series-3-addressing-agentic-risk/blog-3-2-addressing-agentic-risk-part-2/
MITRE ATLAS coverage — as of 2026-07-13
ATLAS Technique (ID) Tactic Noma Security coverage Notes Source
LLM Prompt Injection (AML.T0051) Initial Access / Execution Covered Runtime protection detects/blocks prompt injection; platform maps controls to MITRE ATLAS. https://noma.security/blog/owasp-top-10-agentic-risks-with-noma/
LLM Data Leakage (AML.T0057) Exfiltration Covered Runtime data-leakage protection across apps and agents. https://noma.security/blog/owasp-top-10-agentic-risks-with-noma/
ML Supply Chain Compromise (AML.T0010) Initial Access Covered Detects vulnerable/malicious models and misconfigured MLOps in the pipeline. https://techcrunch.com/2024/10/31/noma-is-building-tools-to-spot-security-issues-with-ai-apps/
Poison Training Data (AML.T0020) Resource Development / Persistence Partial Protects sensitive/unscanned training data used for model training. https://www.globenewswire.com/news-release/2024/10/31/2972786/0/en/Noma-Exits-Stealth-with-32M-to-Secure-the-Entire-Data-AI-Lifecycle-from-Development-to-Production.html
User Execution: Unsafe ML Artifacts (AML.T0011) Execution Partial Scans data-science environments and models for unsafe/backdoored artifacts. https://techcrunch.com/2024/10/31/noma-is-building-tools-to-spot-security-issues-with-ai-apps/
LLM Jailbreak (AML.T0054) Privilege Escalation / Defense Evasion Covered Runtime protection and automated red teaming test/block jailbreaks. https://noma.security/blog/owasp-top-10-agentic-risks-with-noma/
External Harms (AML.T0048) Impact Partial ARM models cascading impact of compromised agents to prevent downstream harm. https://noma.security/blog/owasp-top-10-agentic-risks-with-noma/

Is Noma Security independent, and how is it funded?

Noma Security is an independent company as of . It has raised $132M to date, most recently a Series B ($100M) dated 2025-07. Lead investors: Evolution Equity Partners, Ballistic Ventures.

Noma Security alternatives

The closest alternatives we track in AI-SPM / Runtime Protection are Apiiro, Cranium, HiddenLayer.

Frequently asked questions

What is Noma Security used for?

Noma Security is an AI-SPM / Runtime Protection vendor. Its flagship product is Noma AI Security Platform (Discovery, AI-SPM, Red Teaming, Runtime Protection, Agentic Risk Map). It ships as SaaS and self-hosted (enterprise); covers full AI/agent lifecycle, and it's built for enterprises wanting one platform for AI/ML supply-chain posture, agent runtime protection and framework-mapped governance.

Is Noma Security independent or acquired?

Noma Security is an independent company as of 2026-07-13 and has not been acquired.

How many OWASP LLM Top 10 risks does Noma Security cover?

We score Noma Security as Covered on 5 of the ten OWASP LLM Top 10 (2025) risks, with 4 more Partial, as of 2026-07-13. The table on this page breaks down every risk, including the ones marked Not covered or Unverified.

How is Noma Security deployed?

Noma Security ships as SaaS and self-hosted (enterprise); covers full AI/agent lifecycle.

What are the best alternatives to Noma Security?

The closest AI-SPM / Runtime Protection alternatives llmthreat tracks are Apiiro, Cranium, HiddenLayer.

Last verified . Sources: https://noma.security/blog/noma-security-raises-100m-to-drive-adoption-of-ai-agent-security/, https://www.securityweek.com/noma-security-raises-100-million-for-ai-security-platform/, https://www.globenewswire.com/news-release/2024/10/31/2972786/0/en/Noma-Exits-Stealth-with-32M-to-Secure-the-Entire-Data-AI-Lifecycle-from-Development-to-Production.html, https://noma.security/blog/owasp-top-10-agentic-risks-with-noma/, https://techcrunch.com/2024/10/31/noma-is-building-tools-to-spot-security-issues-with-ai-apps/. Funding and repo figures are third-party and go stale. Re-verify before you rely on them.
Informational, not professional security advice — verify Noma Security's claims and threat coverage against the official OWASP and MITRE sources and the vendor directly before making a purchasing or security decision. OWASP, MITRE, and the listed vendors and maintainers do not endorse llmthreat.com.