Noma Launches Agent Access Control to Govern AI Agents and MCP Servers Across Enterprises
What Happened — Noma unveiled Noma Agent Access Control, a platform that automatically discovers, inventories, and enforces access policies for AI agents and Model Context Protocol (MCP) servers. The solution creates a real‑time registry, assigns distinct identities to each agent, and offers three policy states (Approved, Requires Review, Blocked) to control interactions.
Why It Matters for TPRM —
- AI agents are an emerging third‑party risk vector; uncontrolled agents can exfiltrate data or act on malicious prompts.
- Visibility and enforceable policies reduce the attack surface of autonomous workloads that span multiple vendors and cloud services.
- Early adoption of governance tooling helps organizations meet emerging regulatory expectations around AI use.
Who Is Affected — Enterprises that deploy AI agents or MCP servers, notably technology/SaaS, financial services, healthcare, retail, and any sector with developer‑centric AI workloads.
Recommended Actions —
- Conduct an inventory of all AI agents and MCP endpoints in your environment.
- Map existing IAM controls to the new agent identities and identify gaps.
- Evaluate Noma Agent Access Control (or comparable solutions) as part of your third‑party risk program.
- Update vendor risk assessments to include AI‑agent governance requirements.
Technical Notes — The product does not rely on a disclosed vulnerability; it introduces a registry that continuously updates, agent identity tagging, and a two‑layer enforcement model (policy definition + runtime verification). No CVEs are associated. Source: Help Net Security