Natoma Labs

122 posts

Natoma Labs

@natomalabs

Accelerate enterprise adoption of agentic AI, without compromising security.

San Francisco, CA Bergabung Ekim 2023

137 Mengikuti136 Pengikut

Tweet Disematkan

Natoma Labs@natomalabs·3d

We’re excited to share that @Snowflake has signed a definitive agreement to acquire Natoma! Natoma was founded on a simple belief: AI agents will transform how work gets done inside enterprises, but only if organizations can securely connect, govern, and control how those agents access data, use tools, and take action. Together with Snowflake, we’ll help enterprises bring together data, models, and control — enabling agentic AI that is trusted, connected, governed, and built for action. Read more from our founders: natoma.ai/blog/natoma-sn… Snowflake blog: snowflake.com/en/blog/snowfl…

English

416

Natoma Labs@natomalabs·13 May

see it in action: natoma.ai/claude

English

Natoma Labs@natomalabs·13 May

Natoma is now live on Claude. What does that mean? Imagine your AE opens Claude on Monday morning. "What should I prioritize this week?" Claude pulls their open pipeline from their CRM, surfaces risk signals from Gong calls, and drafts a Slack standup. In one prompt. That's not a demo. That's Natoma, live on Claude today! Every data source your team uses. Every access control already respected. No new logins. No copy-pasting between tabs. AND with full observability and governance! We built the layer that makes Claude enterprise-ready and we're proud to have built it alongside @AnthropicAI Big thanks to the @AnthropicAI team for partnering with us on this

English

Natoma Labs@natomalabs·4 May

200K MCP servers on public IPs. STDIO transport runs any OS command it gets. Anthropic says it's by design. 9 of 11 registries accepted a malicious test package without review. This is not a security failure. It is an inventory failure. venturebeat.com/security/mcp-s…

English

105

Natoma Labs@natomalabs·24 Nis

Full walkthrough: natoma.ai/blog/how-to-gi…

English

Natoma Labs@natomalabs·24 Nis

Your AI agent needs real tools to be useful. Giving it access to everything is a security problem. NVIDIA NemoClaw isolates compute. Natoma governs tool calls. Zero service credentials inside the sandbox.

English

Natoma Labs@natomalabs·24 Nis

Three paths to connect agents to external systems: - Direct API: agent writes HTTP in a sandbox. Fine for 1 agent <> 1 service. Breaks at scale. - CLI: agent runs shell commands. Works in local envs with a filesystem. Can't reach mobile, web, or cloud. - MCP: agent connects to a server over a standard protocol. Built for cloud-hosted production agents. Mature integrations ship all three. MCP is the one that compounds. One remote server reaches every compatible client (Claude, ChatGPT, Cursor, VS Code) across every deployment environment, and gets more capable as new protocol extensions land without you shipping anything new.

ClaudeDevs@ClaudeDevs

New blog: Building agents that reach production systems with MCP. When should agents use direct APIs vs CLIs vs MCP? Plus patterns for building MCP servers, context-efficient clients and pairing MCP with skills. claude.com/blog/building-…

English

134

Natoma Labs@natomalabs·1 Nis

Past 50 MCP tools, agent accuracy drops. By 200+, you lose 1 in 7 queries and token costs spike 10x. Our engineer @KarnikShreyas built the fix: search-then-execute with hybrid retrieval. 97.5% recall at enterprise scale. Constant context cost. Full write-up: natoma.ai/blog/the-invis…

English

314

Natoma Labs@natomalabs·31 Mar

Anthropic's Claude Code source just leaked via npm source maps. 512K lines of TypeScript. 1,900 files. 50 slash commands, 40 agent tools, 140 UI components, a multi-agent swarm coordinator, and a full IDE bridge system. This is what a production agentic CLI looks like at scale. github.com/instructkr/cla…

English

Natoma Labs@natomalabs·31 Mar

@evanplaice Sadly a human here 🤷‍♂️

English

Evan Plaice@evanplaice·31 Mar

@natomalabs Blah blah. You're an AI bot. You ARE the attack surface.

English

Natoma Labs@natomalabs·31 Mar

The code wasn't the vulnerability. A maintainer's credentials were. One compromised account. 100M+ weekly installs exposed. No code review would have caught this because the code was fine until it wasn't. Identity governance can't stop at your employees. Every maintainer in your supply chain is an attack surface.

Feross@feross

🚨 CRITICAL: Active supply chain attack on axios -- one of npm's most depended-on packages. The latest axios @1.14.1 now pulls in plain-crypto-js@4.2.1, a package that did not exist before today. This is a live compromise. This is textbook supply chain installer malware. axios has 100M+ weekly downloads. Every npm install pulling the latest version is potentially compromised right now. Socket AI analysis confirms this is malware. plain-crypto-js is an obfuscated dropper/loader that: • Deobfuscates embedded payloads and operational strings at runtime • Dynamically loads fs, os, and execSync to evade static analysis • Executes decoded shell commands • Stages and copies payload files into OS temp and Windows ProgramData directories • Deletes and renames artifacts post-execution to destroy forensic evidence If you use axios, pin your version immediately and audit your lockfiles. Do not upgrade.

English

Natoma Labs@natomalabs·27 Mar

AI agents need credentials to do real work. @1Password just launched Unified Access to govern credentials across humans, machines, and agents. Natoma is a collaborating partner. 1Password governs the credential, we govern what agents do with them.

1Password@1Password

Today we’re introducing 1Password® Unified Access. As AI agents start operating inside real production environments, organizations need visibility into how credentials and access are actually used. Unified Access helps security teams discover, secure, and audit access across humans, machines, and AI agents. 🔗 More here: bit.ly/4dq2pjO

English

5.6K

Natoma Labs@natomalabs·26 Mar

Your autonomous agent can reach Slack. Nothing governs what it does once it gets there. NemoClaw solves the compute boundary. Tool governance is a different problem. natoma.ai/blog/what-nvid…

English

Natoma Labs@natomalabs·24 Mar

If you're building with AI or agents, what skills or servers should we add next? Would love your feedback 👇

English

Natoma Labs@natomalabs·24 Mar

Free. Forever. natoma.run Find. Try. Build.

English

Natoma Labs@natomalabs·24 Mar

We just added Skills to Playground by Natoma. Skills are everywhere - buried in repos, threads, and docs. No structure, no easy way to know if something's worth using before you try it. We fixed that. 🧵

English

177

Natoma Labs@natomalabs·24 Mar

Full technical report on the LiteLLM compromise: github.com/BerriAI/litell…

English

Natoma Labs@natomalabs·24 Mar

The enterprises pulling ahead are not the ones with the most sophisticated AI. They are the ones who can answer: what AI is running in our environment, where, connected to what, doing what? That question is the foundation. Everything else comes after.

English

Natoma Labs@natomalabs·24 Mar

Your developers installed an AI package your IT team has never heard of. Today it was found stealing credentials.

English

Jelajahi

@AnthropicAI @KarnikShreyas @evanplaice @1Password @elonmusk @BarackObama @taylorswift13 @cristiano