1(520) 261-1728

info@threatintel-solutions.net

Threat Intel Solutions

Let’s Talk

Noma Security Raises $32 Million to Safeguard Gen-AI Applications

**Tel Aviv, Israel based Noma Security has emerged from stealth mode with $32 million in Series A funding led by Ballistic Ventures.**The new funding follows previously undisclosed seed funding led by Glilot Capital Partners, with participation from Cyber Club London. Dozens of angel investors have also supported Noma’s growth.Noma provides a platform to protect the data and lifecycle of emerging gen-AI applications, which introduces new threats not covered by existing security controls. ‘We’re already seeing organizations compromised by misconfigured data pipelines and vulnerable and malicious open source models,’ explains Niv Braun, co-founder and CEO of Noma. ‘It’s only a matter of time before we see AI’s equivalent of SolarWinds or Log4Shell. There’s an urgent need for a new security solution that holistically covers the Data -& AI Lifecycle.’Braun explained the issues to *SecurityWeek*. There are many different security controls that protect the development and runtime of traditional classic software applications; ‘But when we look at the Data and AI Lifecycle, it’s truly a different process. To build a working model, you need to train it on data. You need to collect that data and prepare it — you need to make sure that all the data is in the right format and that the different data sets can be correlated.’This is the data preparation performed by data engineers. Next you have the modeling performed by data scientists. ‘They define the different configurations and deep learning parameters that eventually become a machine learning model or a gen AI model. But when we look at the process, it includes different risks and vulnerabilities — like code that is never scanned because data scientists work differently than software developers, and their code is stored in different places.’This is just part of the new risk coming from AI development, and especially with the new emphasis on gen-AI as opposed to machine learning (which is relatively well understood). For gen-AI, many firms download existing models from Hugging Face. These models have not been scanned by the existing classic application security tools because they are a different technology with different objects, and the classic tools don’t know how to scan them. This introduces another new supply chain risk, similar in some ways to the OSS supply chain risk but requiring a different solution.Braun added a further new risk — the statistical rather than deterministic nature of a gen-AI application. ‘Classic software is what we call deterministic,’ he said. ‘If you input an *x* in classic software, you know what it’s going to respond — it’s going to be *y* or *z* . AI models are different; they’re statistical. You can go to a model like ChatGPT, and input *x* three times and you get three different responses. It has options and you cannot absolutely predict which option it will give for its response.’Because of this, he continued, you have completely new risks. ‘The new risks called prompt injection and jailbreaking can use crafted inputs to manipulate the statistical reasoning of the model to return data or do other stuff it was never meant to.’ Advertisement. Scroll to continue reading. ![Data & AI Life Cycle](https://www.securityweek.com/wp-content/uploads/2024/11/AI-Data-Lifecycle-1024×570.png)There are tools that exist and can help different parts of the AI development lifecycle. But Noma offers a single platform that helps secure the entire process. ‘If you speak to security guys today,’ continued Braun, ‘you’ll find they need four different tools from four different vendors. The single Noma platform provides complete end to end security for the new Data -& AI lifecycle.’The Noma [website](https://noma.security/) elaborates on this: ‘The Noma platform extends all the way to production, delivering real-time monitoring, blocking, sensitive data masking, and alerting to defend against AI adversarial attacks and data leakage and enforce safety guardrails aligned with your organizational and app-specific policies.’Noma, headquartered in Herzliya, Tel Aviv, Israel, was founded in 2023 by Niv Braun (CEO) and Alon Tron (CTO). Both are former members of the IDF’s 8200 intelligence unit.**Related** : [Researchers Bypass ChatGPT Safeguards Using Hexadecimal Encoding and Emojis](https://www.securityweek.com/first-chatgpt-jailbreak-disclosed-via-mozillas-new-ai-bug-bounty-program/)**Related** : [‘Deceptive Delight’ Jailbreak Tricks Gen-AI by Embedding Unsafe Topics in Benign Narratives](https://www.securityweek.com/deceptive-delight-jailbreak-tricks-gen-ai-by-embedding-unsafe-topics-in-benign-narratives/)**Related** : [Microsoft Details ‘Skeleton Key’ AI Jailbreak Technique](https://www.securityweek.com/microsoft-details-skeleton-key-ai-jailbreak-technique/)**Related** : [New Scoring System Helps Secure the Open Source AI Model Supply Chain](https://www.securityweek.com/new-scoring-system-helps-secure-the-open-source-ai-model-supply-chain/) ![](https://www.securityweek.com/wp-content/uploads/2023/01/Kevin-Townsend-SecurityWeek-Icon.jpeg) Written By [Kevin Townsend](https://www.securityweek.com/contributors/kevin-townsend/ ‘Posts by Kevin Townsend’) Kevin Townsend is a Senior Contributor at SecurityWeek. He has been writing about high tech issues since before the birth of Microsoft. For the last 15 years he has specialized in information security; and has had many thousands of articles published in dozens of different magazines — from The Times and the Financial Times to current and long-gone computer magazines. [](https://twitter.com/kevtownsend)[](https://www.linkedin.com/in/kevtownsend/) More from [Kevin Townsend](https://www.securityweek.com/contributors/kevin-townsend/ ‘Posts by Kevin Townsend’)—————————————————————————————————————* [Honeypot Surprise: Researchers Catch Attackers Exposing 15,000 Stolen Credentials in S3 Bucket](https://www.securityweek.com/honeypot-surprise-researchers-catch-attackers-exposing-15000-stolen-credentials-in-s3-bucket/)* [FakeCall Android Trojan Evolves with New Evasion Tactics and Expanded Espionage Capabilities](https://www.securityweek.com/fakecall-android-trojan-evolves-with-new-evasion-tactics-and-expanded-espionage-capabilities/)* [WhiteRabbitNeo: High-Powered Potential of Uncensored AI Pentesting for Attackers and Defenders](https://www.securityweek.com/whiterabbitneo-high-powered-potential-of-uncensored-ai-pentesting-for-attackers-and-defenders/)* [Google Invests in Alternative Neutral Atom Quantum Technology](https://www.securityweek.com/google-invests-in-alternative-neutral-atom-quantum-technology/)* [New Scoring System Helps Secure the Open Source AI Model Supply Chain](https://www.securityweek.com/new-scoring-system-helps-secure-the-open-source-ai-model-supply-chain/)* [IBM Boosts Guardium Platform to Address Shadow AI, Quantum Cryptography](https://www.securityweek.com/ibm-boosts-guardium-platform-to-address-shadow-ai-quantum-cryptography/)* [Latrodectus Malware Increasingly Used by Cybercriminals](https://www.securityweek.com/latrodectus-malware-increasingly-used-by-cybercriminals/)* [AI and Hardware Hacking on the Rise](https://www.securityweek.com/ai-and-hardware-hacking-on-the-rise/)Latest News———–* [NCSC Details ‘Pygmy Goat’ Backdoor Planted on Hacked Sophos Firewall Devices](https://www.securityweek.com/ncsc-details-pygmy-goat-backdoor-planted-on-hacked-sophos-firewall-devices/)* [GreyNoise Credits AI for Spotting Exploit Attempts on IoT Livestream Cams](https://www.securityweek.com/greynoise-credits-ai-for-spotting-exploit-attempts-on-iot-livestream-cams/)* [In Other News: FBI’s Ransomware Disruptions, Recall Delayed Again, CrowdStrike Responds to Bloomberg Article](https://www.securityweek.com/in-other-news-fbis-ransomware-disruptions-recall-delayed-again-crowdstrike-responds-to-bloomberg-article/)* [US, Israel Describe Iranian Hackers’ Targeting of Olympics, Surveillance Cameras](https://www.securityweek.com/us-israel-describe-iranian-hackers-targeting-of-olympics-surveillance-cameras/)* [Ex-Disney Worker Accused of Hacking Computer Menus to Add Profanities, Errors](https://www.securityweek.com/ex-disney-worker-accused-of-hacking-computer-menus-to-add-profanities-errors/)* [Lottie-Player Supply Chain Attack Targets Cryptocurrency Wallets](https://www.securityweek.com/lottie-player-supply-chain-attack-targets-cryptocurrency-wallets/)* [Bug Bounty Platform Bugcrowd Secures $50 Million in Growth Capital](https://www.securityweek.com/bug-bounty-platform-bugcrowd-secures-50-million-in-growth-capital/)* [Sophos Used Custom Implants to Surveil Chinese Hackers Targeting Firewall Zero-Days](https://www.securityweek.com/sophos-used-custom-implants-to-surveil-chinese-hackers-targeting-firewall-zero-days/) ![](https://www.securityweek.com/wp-content/uploads/2022/04/SecurityWeek-Small-Dark.png)

Related Tags:
NAICS: 519 – Web Search Portals

Libraries

Archives

Other Information Services

NAICS: 81 – Other Services (except Public Administration)

NAICS: 541 – Professional

Scientific

Technical Services

NAICS: 52 – Finance And Insurance

NAICS: 518 – Computing Infrastructure Providers

Data Processing

Web Hosting

Related Services

NAICS: 92 – Public Administration

NAICS: 922 – Justice

Public Order

Safety Activities

NAICS: 523 – Securities

Commodity Contracts

Other Financial Investments And Related Activities

NAICS: 51 – Information

Associated Indicators:

Search

Popular Posts

Categories

Archives

Tags

Follow Us