Today marks a pivotal moment—not just for Veza, but for the entire identity security industry. I’m deeply proud to share that ServiceNow has signed a definitive agreement to acquire Veza. Together, we will accelerate the mission to secure identity across the modern enterprise as organizations transition into the era of agentic identities.
When Maohua, Rob, and I founded Veza, we did so with the strong conviction that identity would evolve to become a critical pillar of security and that the legacy players had only – and could only – scratch the surface of what needed to be done. Over the years, we’ve seen that conviction validated again and again. Today’s acquisition of Veza by ServiceNow is a bold new beginning.
By joining forces with ServiceNow – a company that shares Veza’s vision that enterprises demand a new identity-first approach to business transformation – I believe we can accelerate our mission to revolutionize identity security and allow businesses to confidently pursue their emerging agentic initiatives.
Why Now? Identity is the #1 threat and opportunity facing enterprises
In recent years, enterprise security teams have confronted a shifting truth: breaches no longer begin at the network perimeter, the endpoint, or the firewall. They begin with identity. Today attackers log in rather than hack in, and studies have shown that identity-based attacks are responsible for over 90% of breaches.
At the same time, the identity landscape has grown vastly more complex and fragmented. Today’s enterprises have both human and non-human identities (e.g., enterprise applications, service accounts, and API keys), and the coming wave of AI agents will create an ocean of identities that is orders of magnitude larger than ever before.
This change in the technology landscape has elevated identity from a component of security architecture to the front line of enterprise defense, now making up a massive $29B market opportunity. In an era shaped by automation and AI, identity has become the strategic control point where risk, trust, and business growth converge.
With the explosion of agentic AI, identity context is no longer optional and organizations can no longer rely on static access models or human-driven audits to stay safe. Identity context has become the key difference between an organization with immeasurable identity vulnerabilities and one who is prepared to securely navigate this new hyper-complex world. Real governance now depends on deeply understanding and assessing each identity’s operational scope (the identity context): its Privileged Risk Score, its PII data Blast Radius, its percentage of dormant or unused access, whether it has a responsible human owner, and even its lateral-movement risk profile and capability. These contextual signals are what allow enterprises to maintain velocity and scale without compromising security in the agentic era.
For agents themselves, efficiency must be redefined. True efficiency is not simply completing a task faster; it is executing with discipline, restraint, and precision within known and approved guardrails. Machine identities need the equivalent of “muscle memory” for security—Least privilege at machine speed. When access discipline becomes a built-in behavior rather than an after-the-fact control, every agent action becomes safer by default.
Veza pioneered a novel approach to cracking the code on least privilege
At Veza, we saw this shift early, and we knew that traditional identity governance and privileged access tools were simply not built for the scale, speed and complexity of the modern AI era. As a result, we set out to build something new: an intelligent Access Graph spanning all types of identities that makes least privilege real, measurable and manageable. Only by taking this unique approach can we truly understand permissions across disparate systems in order to answer, “who can, has, and should take what action on what data?”
At the heart of Veza is the Access Graph: a data representation of every identity (human, non-human, and agentic), every system, and every permission across an enterprise’s environment. The Access Graph is built natively in the cloud from the ground up to operate in today’s world of hundreds of systems, thousands of applications, and millions of identities. Veza ingests permissions metadata from SaaS applications, cloud platforms, data systems, and custom apps, normalizing wildly different models, and letting you ask (and answer) questions like: Who can delete records in this critical table of customer records? Which AI agents can exfiltrate sensitive data from this data warehouse? Where are the risky standing privileges that haven’t been used recently?
This isn’t theoretical.With over 30 billion access permissions under management, Veza has worked with Fortune 500 and global enterprises from day one. Now that Veza has “cracked the code,” least privilege is no longer a theoretical aspiration; it has become an operational reality.
Why ServiceNow? Identity security is a strategic imperative
The decision to join ServiceNow is rooted in a shared vision: that identity has become foundational to every AI initiative across the enterprise. ServiceNow is the business process and workflow engine that drives the modern enterprise; making these processes and workflows secure requires insight into all of the enterprise data, applications, and systems. Veza’s Access Platform is the key to delivering enterprises 24/7 AI autonomous security.
With Veza and ServiceNow, identity, access governance, workload and human permissions, and workflow automation all converge in a unified architecture, enabling visibility, control, and automation at enterprise scale. By integrating Veza’s identity security engine, identity becomes not just a point solution but a baked-in capability across the ServiceNow platform.
With over $10B in annual revenue, ServiceNow is the business enabler for thousands of organizations, powering IT, security, HR, customer service, and more. By joining forces, Veza will unlock a massive new market opportunity for ServiceNow, extending ServiceNow’s leadership to include end-to-end identity security — the next critical layer of enterprise trust and productivity.
In addition to our united mission and untapped market opportunity, Veza and ServiceNow have recognized in each other a hungry, humble, customer-obsessed culture. As any startup enthusiast knows, a good idea needs outstanding execution to become a great product. As our teams align in both strategy, mission and mindset, I am excited to see what we can further build together.
Closing thoughts
To our Veza customers: thank you for trusting us, for challenging us, and for helping to build the future of identity security.
To our Vezanites: this moment is a tribute to your hard work, your engineering excellence, and your belief in a world where identity is secure by default.
To our Board of Directors, investors, and our advisors: thank you for believing that identity security needed a fresh approach and that a new architecture was required to keep up with the pace of change.
Together, we will reshape how enterprises think about identity, how they respond to identity risk, and how they secure the always-on, hyper-connected, agentic AI world ahead.
Welcome to the next chapter in identity security.
