Why we led the Series A round in Noma

Holistic application security for the new AI-development lifecycle 

By Jake Seid, Co-Founder & General Partner

Today, we’re happy to publicly introduce Noma, as they exit stealth with $32 million in funding across their Seed and Series A rounds. We were incredibly impressed with co-founders Niv Braun and Alon Tron and the team they’ve assembled as well as their vision. Noma is tackling one of the most critical and emerging challenges in cybersecurity: how we secure the AI development lifecycle while enabling these same engineering teams to move faster.    

We’ve had a deep belief in the idea of “secure-by-design,” starting with the days of Fortify, a company founded by my partners at Ballistic that pioneered many of the current categories of software development life cycle (SDLC) application security. Tremendous value has since been created in securing the SDLC, and we believe there can be an equally large opportunity in securing the AI development lifecycle.  

A new era of application security

Over the last few years, the rapid adoption of AI has transformed the role of data engineers and their impact. It has moved their impact from analytical systems to production systems that fundamentally drive the business.   

But with this shift comes a whole new range of security risks – ones that traditional AppSec tools are not equipped to handle because of the unique nature of AI and its tool chain relative to the traditional SDLC.  

With these developers now impacting production, the adversarial equivalent of Log4Shell on the AI development lifecycle is a matter of when, not if. 

This is where Noma steps in. The Noma platform is designed to secure the full Data and AI Development Lifecycle, from development to production, addressing the unique risks that come with traditional AI and machine learning that many companies use today, as well as GenAI that many enterprises are just starting to experiment with now and will further adopt in the future.  

Noma provides a holistic solution that covers everything from supply chain security to runtime protection, offering security teams unprecedented visibility and control over their AI-driven processes.

Why Noma’s approach matters

When we first met Niv Braun, Noma’s co-founder and CEO, and learned about the work they were doing, it was immediately clear that their approach to securing the Data and AI Lifecycle was not only innovative but necessary. The security risks associated with AI are fundamentally different from those of traditional software development. In the world of AI, we’re dealing with new types of open-source components, unique development workflows, and new runtime risks that the existing security industry just doesn’t cover.

For example, data scientists and machine learning engineers often work in environments like Jupyter notebooks, Databricks, and Sagemaker, and Hugging Face models which operate outside of traditional CI/CD pipelines. This creates blind spots for security teams. We also see an explosion in the use of open-source models and datasets, which offer incredible benefits but introduce significant risks. Attackers have already started exploiting these new elements, with malicious models and data becoming a new vector for supply chain attacks.

Noma’s platform provides end-to-end security coverage for these risks, from securing data pipelines and MLOps tools to protecting AI models from threats like prompt injection, adversarial attacks, and model theft. What stood out to us was Noma’s ability to consolidate multiple fragmented security use cases into one seamless platform, enabling security teams to secure the entire AI development process.

Also very significant was how Noma thought about the value they bring to the engineering teams, not just the security teams. Noma’s vision and approach enables engineering teams to work faster across a much wider set of tools while also bringing the benefits of improved security. 

That was deeply aligned with our investment thesis that the security companies-of-old forced a false choice between being more secure and letting businesses move faster. The next generation of large security companies will be about both improving security and speeding it up.

A vision of “secure by design”

Our investment in Noma deeply aligns with our thesis around “secure by design.” Over the years, we’ve invested in companies that help organizations bake security into their processes from the start, ensuring that innovation can continue to flourish without compromise. We’ve since backed other companies in the AppSec space, like ArmorCode and Oligo, but Noma represents the importance of bringing decades of AppSec learnings and innovation to the AI development lifecycle.

With AI, it’s not enough to secure models once they’re in production. That’s just too late.

The entire Data and AI Lifecycle – from data collection and model training to deployment – needs to be secured. Noma’s holistic approach ensures that security is embedded into every stage of the process, enabling organizations to move fast without sacrificing safety.

What’s ahead for Noma?

As AI continues to transform industries, securing the Data and AI Lifecycle is no longer optional – it’s essential. We believe Noma is uniquely positioned to lead the charge in this space, and we’re proud to partner with them on this journey. 

Noma is not just filling a gap in the market; they’re building the future of AI security. 

Learn more or schedule a meeting with the team at noma.security. Watch Ballistic Ventures GP Jake Seid and Noma Co-founder and CEO Niv Bruan talk more about Noma below or on YouTube here.