HomeIntelligenceBrief
BREACH BRIEF⚪ Informational Advisory

Noma Introduces Agent Access Control to Govern AI Agents and MCP Servers Enterprise‑Wide

Noma announced a new platform that automatically discovers, inventories, and enforces access policies for AI agents and Model Context Protocol servers. The solution gives security teams real‑time visibility and identity for each agent, helping organizations mitigate emerging AI‑related third‑party risks.

LiveThreat™ Intelligence · 📅 June 02, 2026· 📰 helpnetsecurity.com
Severity
Informational
AD
Type
Advisory
🎯
Confidence
High
🏢
Affected
4 sector(s)
Actions
4 recommended
📰
Source
helpnetsecurity.com

Noma Launches Agent Access Control to Govern AI Agents and MCP Servers Across Enterprises

What Happened — Noma unveiled Noma Agent Access Control, a platform that automatically discovers, inventories, and enforces access policies for AI agents and Model Context Protocol (MCP) servers. The solution creates a real‑time registry, assigns distinct identities to each agent, and offers three policy states (Approved, Requires Review, Blocked) to control interactions.

Why It Matters for TPRM

  • AI agents are an emerging third‑party risk vector; uncontrolled agents can exfiltrate data or act on malicious prompts.
  • Visibility and enforceable policies reduce the attack surface of autonomous workloads that span multiple vendors and cloud services.
  • Early adoption of governance tooling helps organizations meet emerging regulatory expectations around AI use.

Who Is Affected — Enterprises that deploy AI agents or MCP servers, notably technology/SaaS, financial services, healthcare, retail, and any sector with developer‑centric AI workloads.

Recommended Actions

  • Conduct an inventory of all AI agents and MCP endpoints in your environment.
  • Map existing IAM controls to the new agent identities and identify gaps.
  • Evaluate Noma Agent Access Control (or comparable solutions) as part of your third‑party risk program.
  • Update vendor risk assessments to include AI‑agent governance requirements.

Technical Notes — The product does not rely on a disclosed vulnerability; it introduces a registry that continuously updates, agent identity tagging, and a two‑layer enforcement model (policy definition + runtime verification). No CVEs are associated. Source: Help Net Security

📰 Original Source
https://www.helpnetsecurity.com/2026/06/02/noma-brings-visibility-and-access-governance-to-ai-agents-and-mcp-servers/

This LiveThreat Intelligence Brief is an independent analysis. Read the original reporting at the link above.

From the Verisq platform · SOC 2 Readiness

Access is where most audits get tested.

Verisq AI Trust Operations maps incidents like this to your access controls and collects the evidence continuously, keeping your SOC 2 posture defensible.

See where you'd stand with Verisq AI Trust Operations →