What happened
On 2 June 2026 Noma released Agentic Access Control, adding to its existing AI security platform a continuously-updated enterprise registry of all AI agents, MCP servers, and connected tools; per-agent attributable identities replacing shared service accounts; a three-state governance model (Approved / Requires Review / Blocked) applied per-tool rather than per-server; and integration with Noma's AI Detection and Response (AI-DR) runtime monitoring for behavioural anomaly detection, prompt-injection signals, and data-exfiltration alerts correlated against the access baseline.
Why it matters
Agentic access control represents a genuine new product category: IAM adapted for autonomous agents rather than human users. The combination of registry, identity, and runtime monitoring in a single product directly addresses the 'shadow AI' problem where agents proliferate faster than governance frameworks, and positions MCP access governance as a peer concern to traditional application IAM.
Applicability
Organisations deploying agents on AWS Bedrock, Azure AI Foundry, Databricks, Microsoft Copilot Studio, or Salesforce Agentforce should evaluate Noma's registry and policy model against their own agent inventory; security architects should use this as a reference design even if not adopting the vendor product.