Veza, the pioneer in identity security, today announced a landmark expansion of the Veza Platform with the introduction of Veza Access Agents – a set of purpose-built AI Agents designed to automate complex identity and access governance tasks for enterprises. Veza also announced advancements to its AI Agent Security product, providing organizations with deeper visibility, agent risks, and control over third-party AI agents, large language models (LLMs), AI apps, and AI infrastructure (MCP).

As enterprises rapidly adopt agentic AI to drive business efficiency, the volume and complexity of identity-based access have reached a tipping point. “Identity security for AI agents is one of the most urgent and unsolved challenges in cybersecurity today," says Phil Venables, cybersecurity leader, partner at Ballistic Ventures, and former CISO, Google Cloud. "As organizations move toward a future where AI agents may outnumber humans by 80 to 1 or more, the question of permissions and authorization becomes mission-critical. Without clear governance, visibility, and control, AI agents introduce a new layer of risk at machine scale. Veza Access Agents addresses this head-on, bringing the same rigor, policy intelligence, and authorization discipline we expect for human identities to the rapidly expanding ecosystem of AI agents.”

Introducing Veza Access Agents: Identity Automation at the Speed of Business

Veza Access Agents leverage the power of the Veza Access Graph to enable an interactive experience for IAM teams, Agentic AI programs, and identity security use cases. Built on AWS Bedrock for enterprise-grade compliance controls, Veza intelligently chooses the optimal model (Claude, Opus, Sonnet) for each task—whether you need quick responses or deeper reasoning—without compromising quality or correctness. The first set of Veza Access Agents, currently available as early access, include:

• Veza Prompt Agent: A conversational, natural language interface that quickly surfaces insights and answers complex queries easily allowing customers to understand enterprise risks of agents, machines, and human identities.
• Veza Access Search Agent: Enables simple natural language queries to visualize permission relationships for all identities and their entitlements.
• Veza Access Review Agent: Helps customers to focus on high-risk access review items and eliminates reviewer fatigue through an accurate, context-based, AI-assisted reasoning and decision process.

“Identity is a foundational element in security, especially in the era of autonomous AI. We are on the cusp of having trillions of AI agents. And we believe that identity Security for AI Agents is an unsolved problem,” said Tarun Thakur, Co-Founder and CEO of Veza. “Veza’s Access Graph harnesses the power of identity and permissions data across enterprise systems, to help organizations understand who and what can access what data. This enables enterprises to visualize, govern, and manage access across humans, non-human identities, and AI agents to data. With the introduction of Veza Access Agents, we are shifting the burden of access security and access governance tasks from a manual effort to intelligent, automated reasoning – this lays the foundation to enforce deterministic policies for agents at machine speed towards our vision of Veza as the Enterprise Agent Identity Control Plane.”

Advanced AI Agent Security: Solving Identity Access for AI Agents

Veza has deepened its capabilities for securing external AI agents and infrastructure, such as the OpenAI Agent Platform, Claude Code, and MCP servers. These improvements help organizations close the "identity blind spots" created by semi-autonomous AI entities. According to Gartner^*, "Through 2028, over 50% of AI initiatives will halt, becoming unmanageable, because of unresolved agentic identity challenges."

Key enhancements to Veza AI Agent Security include:

• Expanded Discovery of Tools: Veza has extended its visibility beyond just discovering MCP (Model Context Protocol) servers to now identifying the granular tools such as Jira MCP server calls and the actions an agent is authorized to invoke within a connected application. This includes visualizing the end-to-end path from the agent to the specific data resources and APIs being accessed.
• Suggested Owner Agent: To combat "Shadow AI," Veza is introducing the Suggested Owner Agent, which automatically maps AI agents and service accounts to their human owners. This enables decentralized risk remediation and more accurate user access reviews by establishing clear accountability.
• AI Blast Radius Visualization: Using the industry-first Access Graph, Veza is the identity authorization solution capable of quantifying the exact action-level blast radius for every AI agent, including the sensitive data and system resources impacted.
• AI Security Posture Management (AISPM): Veza provides continuous assessment of AI infrastructure and identities, identifying misconfigurations and over-privileged bots. With this release, AISPM now maps identity risks to the NIST AI Risk Management Framework (AIRMF) enabling proactive remediation and compliance across the AI stack.
• AI Agent Security Dashboard: Enterprises can now leverage Veza’s out-of-the-box dashboards to centralize the AI identity landscape, shifting from passive alerts to active remediation. Veza tracks agent sprawl, dormant identities, and access drift, allowing teams to trigger automated workflows directly in ServiceNow or Jira.

Enterprise Readiness and Compliance

By leveraging AWS Bedrock, Veza ensures its AI capabilities meet the highest industry standards for security and privacy. The platform’s hybrid architecture works seamlessly across Veza SaaS deployment and Veza Secure SaaS deployment (dedicated tenant), allowing global enterprises to adopt AI with confidence while maintaining a continuous audit of all authorizations. To further provide transparency, Veza Access Agents document and share with administrators what tools and/or APIs were used to derive the provided information presented by the agent.

Availability

Veza Access Agents are available now as Early Access to select customers. General Availability is the end of Q2 2026.

Learn More

Veza Access Agents product page
Veza AI Governance overview page
Veza Access Agents datasheet
Veza AI Agent Security product page

*Source: Gartner Report, Tech FutureSight: Enterprise AI Scaling Requires Solving Agentic Identity Challenges, By Alfredo Ramirez IV, October 2025. Gartner is a trademark of Gartner, Inc. and/or its affiliates.

About Veza

Veza is the leader in identity security, helping organizations secure access to data across the enterprise. Veza’s Enterprise Agent Identity Access Platform goes beyond IAM and identity governance and administration (IGA) tools to visualize, monitor, and control entitlements so that organizations can stay compliant and achieve least privilege. Global enterprises like Wynn Resorts, Expedia, and Blackstone trust Veza to manage identity security use cases, including privileged access monitoring, non-human identity (NHI) security, access entitlement management, data system access, SaaS access security, identity security posture management (ISPM), next-generation IGA, and Agentic AI identity security. Veza has earned recognition from GigaOm’s ISPM Radar. Founded in 2020, Veza is headquartered in Los Gatos, California, and is funded by Accel, Bain Capital, Ballistic Ventures, Google Ventures (GV), New Enterprise Associates (NEA), Norwest Venture Partners, and True Ventures. Visit us at www.veza.com and follow us on LinkedIn, X, and YouTube.

View source version on businesswire.com: https://www.businesswire.com/news/home/20260225220347/en/