Veza’s 2026 State of Identity and Access Report found that in a typical enterprise, an average worker holds 96,000 entitlements, 38% of IdP accounts are dormant and only 55% of permissions are safe and compliant. The volume and complexity of identity-based attacks is exacerbated by the explosion of AI agents and non-human identities (NHIs). In fact, only 26% of organizations report having comprehensive AI security governance policies in place.
Today, with the introduction of Veza Access Agents and expanded capabilities for Veza AI Agent Security, we are reinforcing our vision of Veza as the Enterprise Agent Identity Control Plane.
Introducing Veza Access Agents
With Veza Access Agents, we combine the power of the Veza Access Graph with a set of purpose-built AI Agents to automate complex identity security and access governance tasks. Leveraging AWS Bedrock, Veza ensures enterprise-grade performance, security, and compliance for its AI agents. Currently available in early access, Veza Access Agents include:
The Veza Prompt Agent that provides a conversational, natural language interface, allowing teams to quickly surface insights and hidden risks across human, non-human and AI agent identities.
The Veza Access Search Agent that takes the natural language prompts, applies deep reasoning, and dynamically visualizes complex permission relationships and entitlements for all identities.
The Veza Access Review Agent that accelerates user access reviews by enabling reviewers to focus on high-risk items through AI-assisted reasoning and recommendations backed by detailed explanations.
Advancing Veza AI Agent Security
Autonomous AI agents are accelerating the identity blind spots for organizations. We are building on our December release by expanding our AI Agent Security product to grant deeper visibility and control over third-party AI agents, LLMs, and AI infrastructure. Key capabilities now include:
Expanded Discovery of Tools: Veza now identifies granular tools and actions an AI agent is authorized to invoke within connected applications, extending beyond basic MCP server discovery.
Suggested Owner Agent: To combat “Shadow AI,” this agent automatically maps unmanaged AI agents and service accounts to responsible human owners.
AI Blast Radius Visualization: Veza quantifies the exact action-level blast radius for every AI agent, detailing the specific sensitive data and system resources that could be impacted.
AI Security Posture Management (AISPM): Veza continuously assesses AI infrastructure and maps identity risks directly to the NIST AI Risk Management Framework (AIRMF).
AI Agent Security Dashboard: Provides out-of-the-box dashboards, allowing teams to track agent sprawl and trigger automated remediation workflows in Jira or ServiceNow.
Transformational Journey that IAM needs to take for Agentic AI
To support agentic AI, organizations must treat NHIs and AI agents as first-class identities. This requires a systematic maturity of IAM strategies:
- Trustworthy Human Layer: Ensure reliable lifecycle processes and strict MFA.
- Structured NHI Governance: Define lifecycles, clear ownership, and right-sized access for every bot and API key.
- Contextual Access: Shift from standing permissions to time-bound, task-scoped privileges.
By integrating identity as the core enforcement mechanism, enterprises can secure their modern stack, from SaaS and cloud to data platform, at machine speed.
Ultimately, by defining explicit identity controls for agents, building robust monitoring and governance, and integrating identity as the core enforcement mechanism across all model control planes and data platforms, enterprises can secure access at machine speed – with Veza acting as their central Enterprise Agent Identity Control Plane.
