What it does
An end-to-end AI application security platform providing AI Security Posture Management (AI-SPM). Covers the full AI development lifecycle from data preparation through production monitoring, with visibility into model risks, data flows, and security posture.
Security relevance
Noma provides the broadest coverage of any AI security platform — spanning all 10 OWASP LLM risks across all lifecycle stages. Their AI-SPM approach gives security teams a single pane of glass for understanding AI risk across the organisation. Discovered the ForcedLeak vulnerability in Salesforce Agentforce — a critical prompt injection allowing external attackers to exfiltrate CRM data. Also discovered the AgentSmith prompt-hub proxy attack. Both are tracked in the OWASP ASI Exploits & Incidents Tracker.
When to use it
Evaluate when you need comprehensive AI security coverage from a single platform. Enterprise procurement with org-wide deployment across AI development teams and infrastructure. This is a platform commitment, not a point tool.
OWASP coverage
Risks addressed — mapped to both OWASP Top 10 standards. 10 in LLM, 4 in Agentic.
The raw record
What Yuntona stores. Single source of truth — fork it on GitHub.
name: Noma Security slug: noma-security type: Mixed category: Identity & AppSec url: https://noma.security reviewed: 2026-04 added: 2026-04 updated: 2026-04 risks: llm: [LLM01, LLM02, LLM03, LLM04, LLM05, LLM06, LLM07, LLM08, LLM09, LLM10] asi: [ASI02, ASI03, ASI04, ASI10] complexity: Enterprise Only pricing: — audience: Blue Team lifecycle: [deploy] tags: [AI-SPM, AppSec, Lifecycle]