Veza expands platform with AI Access Agents for enterprise identity governance

Veza expanded its platform with Veza Access Agents, a set of purpose-built AI agents designed to automate complex identity and access governance tasks for enterprises. Veza also announced advancements to its AI Agent Security product, providing organizations with deeper visibility into agent risks and greater control over third-party AI agents, large language models (LLMs), AI apps, and AI infrastructure (MCP).

As enterprises adopt agentic AI to drive business efficiency, the volume and complexity of identity-based access have reached a tipping point.

“Identity is a foundational element in security, especially in the era of autonomous AI. We are on the cusp of having trillions of AI agents. And we believe that identity Security for AI Agents is an unsolved problem,” said Tarun Thakur, CEO of Veza.

“Veza’s Access Graph harnesses the power of identity and permissions data across enterprise systems, to help organizations understand who and what can access what data. This enables enterprises to visualize, govern, and manage access across humans, non-human identities, and AI agents to data. With the introduction of Veza Access Agents, we are shifting the burden of access security and access governance tasks from a manual effort to intelligent, automated reasoning – this lays the foundation to enforce deterministic policies for agents at machine speed towards our vision of Veza as the Enterprise Agent Identity Control Plane,” Thakur continued.

Introducing Veza Access Agents

Veza Access Agents leverage the power of the Veza Access Graph to enable an interactive experience for IAM teams, agentic AI programs, and identity security use cases. Built on AWS Bedrock for enterprise-grade compliance controls, Veza intelligently chooses the optimal model (Claude, Opus, Sonnet) for each task, whether you need quick responses or deeper reasoning, without compromising quality or correctness.

The first set of Veza Access Agents, currently available as early access, include:

• Veza Prompt Agent: A conversational, natural language interface that quickly surfaces insights and answers complex queries easily allowing customers to understand enterprise risks of agents, machines, and human identities.
• Veza Access Search Agent: Enables simple natural language queries to visualize permission relationships for all identities and their entitlements.
• Veza Access Review Agent: Helps customers to focus on high-risk access review items and eliminates reviewer fatigue through an accurate, context-based, AI-assisted reasoning and decision process.

Solving identity access for AI agents

Veza has deepened its capabilities for securing external AI agents and infrastructure, such as the OpenAI Agent Platform, Claude Code, and MCP servers. These improvements help organizations close the “identity blind spots” created by semi-autonomous AI entities. According to Gartner, “Through 2028, over 50% of AI initiatives will halt, becoming unmanageable, because of unresolved agentic identity challenges.”

Key enhancements to Veza AI Agent Security include:

• Expanded discovery of tools: Veza has extended its visibility beyond just discovering MCP (Model Context Protocol) servers to now identifying the granular tools such as Jira MCP server calls and the actions an agent is authorized to invoke within a connected application. This includes visualizing the end-to-end path from the agent to the specific data resources and APIs being accessed.
• Suggested owner agent: To combat “shadow AI,” Veza is introducing the Suggested Owner Agent, which automatically maps AI agents and service accounts to their human owners. This enables decentralized risk remediation and more accurate user access reviews by establishing clear accountability.
• AI blast radius visualization: Using the industry-first Access Graph, Veza is the identity authorization solution capable of quantifying the exact action-level blast radius for every AI agent, including the sensitive data and system resources impacted.
• AI security posture management (AISPM): Veza provides continuous assessment of AI infrastructure and identities, identifying misconfigurations and over-privileged bots. With this release, AISPM now maps identity risks to the NIST AI Risk Management Framework (AIRMF) enabling proactive remediation and compliance across the AI stack.
• AI Agent Security dashboard: Enterprises can now leverage Veza’s out-of-the-box dashboards to centralize the AI identity landscape, shifting from passive alerts to active remediation. Veza tracks agent sprawl, dormant identities, and access drift, allowing teams to trigger automated workflows directly in ServiceNow or Jira.