en.Wedoany.com Reported - On June 2, U.S.-based enterprise AI and agent security platform Noma Security announced the launch of Noma Agent Access Control, designed to help enterprise security teams discover, govern, and enforce access policies for AI agents and Model Context Protocol servers, covering the entire agent governance chain from asset inventory and identity attribution to tool-level control.

This product launch addresses the emerging security infrastructure needs in enterprise AI applications. As AI agents and Model Context Protocol servers rapidly proliferate across development environments, business systems, and automated workflows, enterprises are no longer just managing traditional accounts, interfaces, and service accounts—they must also manage autonomous agents capable of invoking tools, accessing data, and executing actions. The core of Noma's Agent Access Control is to establish a dynamic registration directory for each agent, connected Model Context Protocol server, and tool, embedding three governance states—"Allow," "Require Review," and "Block"—into the connection process. This enables security teams to know which agents are running, which tools they are connected to, whether they are accessing sensitive systems, and whether their access behavior complies with current policies. Rather than post-incident investigation, enterprises need to establish identity, permissions, and risk context before agents connect to business systems.

The platform also assigns attributable identities to each autonomous agent, preventing agents from long-term use of shared credentials or loosely managed service accounts.

At the tool-level control layer, Noma further granularizes governance down to individual tools, rather than simply approving or blocking an entire Model Context Protocol server. A single server may expose tools with varying risk levels, such as read-only file queries, email sending, record deletion, and database writes. If enterprises can only authorize at the server level, permission boundaries become overly broad. Agent Access Control allows security teams to set policies by tool, agent type, user, team, or environment, and automatically enforce them at connection time. Its accompanying runtime detection capability monitors prompts, tool invocations, data access, and action chains within agent sessions to identify risks such as prompt injection, data exfiltration, and privilege escalation. For enterprises already using Microsoft Copilot Studio, Salesforce Agentforce, Claude Code, Cursor, GitHub Copilot, or custom-built agents, such platforms can consolidate disparate agent assets into a unified security view.

From an information confidentiality and data security perspective, agent access control is emerging as a new branch of identity governance in the AI era. Traditional identity and access management primarily revolves around employees, applications, devices, and service accounts. However, once agents gain proactive planning and tool invocation capabilities, permission risks dynamically evolve with tasks, prompts, external data, and tool responses. Enterprises must enable agents to call necessary systems to complete tasks while preventing them from misusing legitimate permissions under the influence of unknown inputs. Noma integrates registration, access control, runtime detection, and AI security posture management into a single lifecycle, indicating that security vendors are shifting from "protecting models" to "governing agent behavior." Key variables for enterprise deployment will center on the platform's depth of adaptation to mainstream model platforms and development environments, policy configuration costs, false positive rates, runtime performance impact, and integration capabilities with existing identity governance and security operations centers.

The emergence of such products will also impact the pace of enterprise AI application deployment. Without clear agent identities, tool permissions, and runtime audit mechanisms, industries such as finance, healthcare, manufacturing, government services, and large internet enterprises will be hesitant to let agents enter real business processes. As the Model Context Protocol and enterprise agent ecosystem continue to expand, security infrastructure will evolve from an edge patch to a prerequisite for agent application deployment. Noma's launch of Agent Access Control provides a governance model centered on "Discovery—Authorization—Enforcement—Monitoring," also signaling that enterprise AI security competition is extending toward finer-grained access control and behavioral verification.

This article is compiled by Wedoany. All AI citations must indicate the source as "Wedoany". If there is any infringement or other issues, please notify us promptly, and we will modify or delete it accordingly. Email: news@wedoany.com