CONFERENCE Cyber AI & Automation Summit - NOW LIVE
Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Artificial Intelligence

Noma Security Raises $32 Million to Safeguard Gen-AI Applications

Noma provides a platform to protect the data and lifecycle of emerging gen-AI applications, which introduces new threats not covered by existing security controls.

Tel Aviv, Israel based Noma Security has emerged from stealth mode with $32 million in Series A funding led by Ballistic Ventures. 

The new funding follows previously undisclosed seed funding led by Glilot Capital Partners, with participation from Cyber Club London. Dozens of angel investors have also supported Noma’s growth.

Noma provides a platform to protect the data and lifecycle of emerging gen-AI applications, which introduces new threats not covered by existing security controls. “We’re already seeing organizations compromised by misconfigured data pipelines and vulnerable and malicious open source models,” explains Niv Braun, co-founder and CEO of Noma. “It’s only a matter of time before we see AI’s equivalent of SolarWinds or Log4Shell. There’s an urgent need for a new security solution that holistically covers the Data & AI Lifecycle.”

Braun explained the issues to SecurityWeek. There are many different security controls that protect the development and runtime of traditional classic software applications; “But when we look at the Data and AI Lifecycle, it’s truly a different process. To build a working model, you need to train it on data. You need to collect that data and prepare it – you need to make sure that all the data is in the right format and that the different data sets can be correlated.”

This is the data preparation performed by data engineers. Next you have the modeling performed by data scientists. “They define the different configurations and deep learning parameters that eventually become a machine learning model or a gen AI model. But when we look at the process, it includes different risks and vulnerabilities – like code that is never scanned because data scientists work differently than software developers, and their code is stored in different places.”

This is just part of the new risk coming from AI development, and especially with the new emphasis on gen-AI as opposed to machine learning (which is relatively well understood). For gen-AI, many firms download existing models from Hugging Face. These models have not been scanned by the existing classic application security tools because they are a different technology with different objects, and the classic tools don’t know how to scan them. This introduces another new supply chain risk, similar in some ways to the OSS supply chain risk but requiring a different solution.

Braun added a further new risk – the statistical rather than deterministic nature of a gen-AI application. “Classic software is what we call deterministic,” he said. “If you input an x in classic software, you know what it’s going to respond – it’s going to be y or z. AI models are different; they’re statistical. You can go to a model like ChatGPT, and input x three times and you get three different responses. It has options and you cannot absolutely predict which option it will give for its response.”

Because of this, he continued, you have completely new risks. “The new risks called prompt injection and jailbreaking can use crafted inputs to manipulate the statistical reasoning of the model to return data or do other stuff it was never meant to.”

Advertisement. Scroll to continue reading.
Data & AI Life Cycle

There are tools that exist and can help different parts of the AI development lifecycle. But Noma offers a single platform that helps secure the entire process. “If you speak to security guys today,” continued Braun, “you’ll find they need four different tools from four different vendors. The single Noma platform provides complete end to end security for the new Data & AI lifecycle.”

The Noma website elaborates on this: “The Noma platform extends all the way to production, delivering real-time monitoring, blocking, sensitive data masking, and alerting to defend against AI adversarial attacks and data leakage and enforce safety guardrails aligned with your organizational and app-specific policies.”

Noma, headquartered in Herzliya, Tel Aviv, Israel, was founded in 2023 by Niv Braun (CEO) and Alon Tron (CTO). Both are former members of the IDF’s 8200 intelligence unit.

Related: Researchers Bypass ChatGPT Safeguards Using Hexadecimal Encoding and Emojis

Related: ‘Deceptive Delight’ Jailbreak Tricks Gen-AI by Embedding Unsafe Topics in Benign Narratives

Related: Microsoft Details ‘Skeleton Key’ AI Jailbreak Technique

Related: New Scoring System Helps Secure the Open Source AI Model Supply Chain

Written By

Kevin Townsend is a Senior Contributor at SecurityWeek. He has been writing about high tech issues since before the birth of Microsoft. For the last 15 years he has specialized in information security; and has had many thousands of articles published in dozens of different magazines – from The Times and the Financial Times to current and long-gone computer magazines.

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Don’t miss this Live Attack demonstration to learn how hackers operate and gain the knowledge to strengthen your defenses.

Register

Join us as we share best practices for uncovering risks and determining next steps when vetting external resources, implementing solutions, and procuring post-installation support.

Register

People on the Move

Video platform Vimeo has appointed Ryan Weeks as Chief Information Security Officer.

LPL Financial has welcomed Renana Friedlich as Chief Information Security Officer.

SSH Communications Security has appointed Pauli Haikonen as the company’s Chief Information Security Officer (CISO).

More People On The Move

Expert Insights

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest cybersecurity news, threats, and expert insights. Unsubscribe at any time.