Few organizations have a better pulse on the state of AI than Anthropic. And now, they are being unusually direct about what’s on the horizon. Within six to twelve months, it expects multiple AI companies to ship models with Mythos-class cyber capabilities, and some will ship without safeguards that prevent misuse. When that happens, attackers get tools that find vulnerabilities, craft exploits, and invent new attack techniques at a speed defenders have not faced before.

That raises a hard question for anyone responsible for securing AI agents, because agent threats were already the hardest detection problem in security. A compromised or careless agent has no signature, no file hash, no IOC. Each action can look fine on its own. An agent reads customer records, summarizes them, and sends the summary to an external address. Every step is routine. Together, the behavior is exfiltration. Now imagine those attacks designed by frontier models. Static rules and pattern matching were already behind. They are about to fall much further behind.

Keeping up means defenders need access to the same class of capabilities attackers will soon have. That is why Anthropic built the Cyber Verification Program. Today, we are announcing that Noma has been selected for it.

What the Cyber Verification Program Is

Anthropic’s Cyber Verification Program gives a small group of trusted organizations access to its most advanced AI capabilities for defensive security work. These are dual-use capabilities: the same model depth that helps an attacker find and exploit weaknesses helps defenders find them first, understand them faster, and build protections around them. Anthropic reviews each organization and how it plans to use the capabilities before granting access, so the most powerful tools stay in defenders’ hands.

For Noma, verification means two things in practice:

  • Early access to Anthropic’s findings on emerging attack techniques. New prompt injection patterns, agent manipulation tactics, and data exfiltration methods that operate through model behavior, rather than through the network or the endpoint. We see these before they spread, which means our detections are ready before the attacks arrive. 
  • Verified access to Mythos-class capabilities for defensive tasks. Our detection engineering is now informed by the same depth of understanding of how these models actually behave that Anthropic brings to building them.

What This Does for AI-DR

AI-DR (AI Detection and Response) is part of Noma’s protection engine. It monitors prompts, model responses, tool calls, and tool outputs, and provides continuous protection from dangerous agent behavior. It can block, mask, alert, or monitor, with one policy set across every environment where agents run.

The hard part of protecting agents has never been seeing the events. Plenty of tools see events. The hard part is deciding whether an action is dangerous, and that decision depends on context: what the agent connects to, what it is allowed to do, and what it has already touched in the same session. An agent may be allowed to send email. Sending an email right after reading sensitive customer data is a different story, and that is the kind of call AI-DR makes continuously.

Frontier model access raises the ceiling on those calls. It lets us analyze agent decision chains, tool invocations, and context usage at a semantic level, well past what pattern matching can do, and it lets us build detections for attack techniques that have not gone public yet. In POC benchmarks, AI-DR already shows 2 to 3x better detection than native cloud guardrails. The Cyber Verification Program is how we keep widening that gap as attacks get smarter.

It also compounds work we were already doing. The Noma Labs vulnerability research team, led by Sasi Levy, has published vulnerability research including ForcedLeak, ContextCrush, Pandora’s Claw, and GeminiJack, and our security research team led by Gal Moyal published Lethal by Design, which analyzed the 200 most popular MCP servers and found 94 with destructive tools. Verified access to frontier capabilities makes that research faster and takes it deeper.

What This Means for Noma Customers

Nothing changes about how you deploy or use Noma. What changes is what the platform knows. Detection coverage gets built ahead of the threat curve instead of after the first incidents, and every improvement applies across all three environments where your agents run: homegrown AI your engineers build on AWS Bedrock, Azure AI Foundry, and Databricks; SaaS agent platforms like Microsoft Copilot Studio and Salesforce AgentForce; and endpoint AI agents like Claude Code and Cursor, along with the MCP servers around them.

Built for What Comes Next

Anthropic created this program because defenders need a structural advantage as AI models grow more capable. Noma applied because our customers’ agents are exactly what those capabilities will be aimed at. Protection has to keep pace with how agents and attacks actually work, and now it can draw on the most advanced defensive AI capabilities available.

Want to see how Noma discovers, governs, and protects AI agents across your environment? Visit noma.security to book a demo.

5 min read

Category:

Table of Contents

Share this: