Veza Introduces AI Agent Security to Protect and Govern AI Agents at Enterprise Scale

The first purpose-built platform for AI Security Posture Management (AI SPM) which unifies discovery, governance, and access control for human and AI identities across the enterprise

Veza, the pioneer in identity security, today announced at Gartner^Ⓡ Identity & Access Management Summit 2025 that it has launched AI Agent Security, a purpose-built product to help organizations secure and govern AI agents at enterprise scale. As businesses accelerate AI adoption, Veza is defining a new foundation for AI SPM by giving security and governance teams the visibility and control they need to protect data and enforce trust across human-AI interactions.

Built on the power of Veza’s Access Graph™, AI Agent Security introduces unified visibility into AI agents across leading platforms. Security teams can now answer critical questions such as:

• What AI agents exist in our environment?
• What data and systems do those agents access?
• Which humans can control or act through AI agents?

"We’re in the foundational stages of seeing the transformation that agentic AI is driving in the enterprise through functions like security operations, software development, and customer support,” says Phil Venables, cybersecurity leader, partner at Ballistic Ventures, and former CISO, Google Cloud. “Every security leader should be taking action to better secure and govern AI agents in their organizations, because this will be a critical part of unlocking the business value of Agentic AI. Veza’s extension of their Access Graph and product capabilities of AI Agent Security is a powerful new offering to use as a key pillar for an agentic AI security program.”

A New Risk Profile for the AI Era

The productivity gains and potential with AI tools hold both security benefits and risks for the enterprise across the known attack surface. However, the rise of AI agents introduces an entirely new class of security risks, like prompt injection attacks, in which outsiders can manipulate agents into revealing confidential data or executing unauthorized actions. This type of attack depends on the AI agents having access to read data input by an attacker, commonly by sending emails, calendar invites, or website sales forms. Never before has simple “read” access to public information created this level of risk. These emerging threats demand a new approach.

Veza Accelerates AI Deployments and Value Creation for Enterprises With Trust and Security

AI Agent Security enables enterprises to move faster with their AI initiatives by strengthening identity security.

According to Gartner, "Through 2028, over 50% of AI initiatives will halt, becoming unmanageable, because of unresolved agentic identity challenges."

With full visibility and data-driven insights into the scale and scope of AI agents, Veza enables enterprises to confidently eliminate uncertainty and ensure complete governance and control of their AI environments. Veza helps enterprises to:

• Eliminate AI blindspots: You can’t govern what you can’t see. AI Agent Security discovers and classifies agent identities across the enterprise and provides a single platform to visualize how the AI agents are connected with data resources and LLM models, aligning with OWASP’s LLMSecOps requirements for monitoring and governance.
• Enforce the principle of least privilege (PoLP): AI agents are autonomous, and it’s critical to limit their access to critical data. AI Agent Security lays out the full blast radius of agents, highlighting what sensitive data and system resources they can access, enabling enterprises to remove excessive permissions and significantly reduce the impact of a breach.
• Establish robust AI governance: In multi-platform environments, it’s difficult to keep track of agents and who is responsible for them. Veza AI Agent Security provides the complete agents-to-human identity mapping, allowing enterprises to confidently govern which users and groups can deploy, manage, and interact with AI agents, ensuring human accountability and eliminating shadow AI activities.
• Ensure continuous compliance: In line with OWASP recommendations on user/machine access audits, Veza provides instant answers to what the agents have access to, enabling auditors and enterprises to meet their SOX, NIST, and other regulatory requirements.

Unified Visibility, Governance, and Control

As AI is woven into core business processes, organizations need a single control plane for identity and access across humans, machines, and AI. Veza AI Agent Security provides that foundation. Through deep integrations with major AI and identity ecosystems, the product enables organizations to:

• Discover AI agents and MCP Servers in their environment across top agentic platforms like:
  • Microsoft Copilot Studio and third-party registered agents
  • Salesforce Agentforce and Einstein agents
  • AWS Bedrock agents
  • Google Cloud Vertex AI agents
  • Over 2,000 public MCP servers (like GitHub)
• Assign Human Ownership to AI agents, enabling clear lines of responsibility for ongoing security and compliance
• Visualize, manage, govern, and control access to AI agent services and resources across:
  • OpenAI
  • Azure AI
  • Azure OpenAI

For Microsoft, Salesforce, and AWS agents, organizations can additionally:

• Visualize AI access paths between AI agents, humans, and data systems using Veza’s Access Graph, exposing risky relationships and excessive permissions.
• Continuously assess AI agent security posture, including which underlying model is being used, which humans have access to which agents, expired secrets, and agents erroneously provided with privileged access.
• Enforce AI Agent Access Governance with least-privilege policies and access reviews integrated into Veza’s existing identity governance and administration (IGA) product and workflows.

“It’s the wild west with agentic AI right now,” said Tarun Thakur, CEO and co-founder of Veza. “CISOs and CIOs are racing to deploy AI, but few have visibility or control over what these agents can actually do. Veza AI Agent Security brings order to that chaos by unifying discovery, governance, and control for AI systems. In the end, all roads lead to identity: understanding who or what has access, and why.”

Defining the Discipline of AI SPM on a Unified Identity Security Platform

Veza AI Agent Security helps establish AI SPM as a new standard for enterprise AI protection by extending access governance and security assessment into the world of agentic AI. By combining identity, configuration, and access intelligence, Veza enables CISOs to operationalize security visibility, governance, and compliance for AI, humans, and Non-Human Identities (NHIs) in a single, unified platform.

Availability

Veza AI Agent Security is available to customers now.

To learn more, visit Veza’s AI Agent Security product page.

Attending Gartner Identity & Access Management Summit 2025?

• Visit Veza’s booth #527
• Attend the session “Veza: Powering Cloud IAM & Non-Human Identity Security at Capital One” on December 8 at 3:15 - 3:45 p.m. CT

Gartner, Tech FutureSight: Enterprise AI Scaling Requires Solving Agentic Identity Challenges,

Alfredo Ramirez IV, October 2025

GARTNER is a trademark of Gartner, Inc. and/or its affiliates.

About Veza

Veza is the leader in identity security, helping organizations secure access across the enterprise. Veza’s Access Platform goes beyond identity governance and administration (IGA) tools to visualize, monitor, and control entitlements so that organizations can stay compliant and achieve least privilege. Global enterprises like Wynn Resorts, Expedia, and Blackstone trust Veza to manage identity security use cases, including privileged access monitoring, non-human identity (NHI) security, access entitlement management, data system access, SaaS access security, identity security posture management (ISPM), next-generation IGA, and Agentic AI identity security. Veza has earned recognition from GigaOm’s ISPM Radar. Founded in 2020, Veza is headquartered in Los Gatos, California, and is funded by Accel, Bain Capital, Ballistic Ventures, Google Ventures (GV), New Enterprise Associates (NEA), Norwest Venture Partners, and True Ventures. Visit us at www.veza.com and follow us on LinkedIn, X, and YouTube.

View source version on businesswire.com: https://www.businesswire.com/news/home/20251208552284/en/