Introducing Veza Access Agents

With Veza Access Agents, we have combined the power of the Veza Access Graph with a set of purpose-built AI Agents to automate complex identity security and access governance tasks for organizations, at scale. Leveraging AWS Bedrock, Veza ensures enterprise-grade security and compliance for its AI agents. For specific tasks, Veza Access Agents selects the optimal model (Claude, Opus, Sonnet), and delivers quick responses or deep reasoning without compromising quality or correctness.

Currently available in early access¹, Veza Access Agents comprises three functional agents:

Veza Prompt Agent

Given the complexity of the identity infrastructure, it takes hours or even days for security and IAM teams connect the dots between identities, permissions and risks with manual queries. The Veza Prompt Agent provides a conversational, natural language interface, allowing teams to quickly surface insights and hidden risks across human, non-human and AI agent identities. The Veza Prompt Agent empowers teams to audit or gain insights into identities with hidden administrative privileges, dormant accounts that can access sensitive data, and many more. It’s as simple as asking, ‘show me all AWS IAM users’, and double-clicking with follow-up questions, ‘Who can delete S3 buckets?– drastically reducing the time to get answers, from days or weeks, to just minutes.

Veza Access Search Agent

The Veza Access Search Agent takes the natural language prompts, applies deep reasoning, and dynamically visualizes complex permission relationships and entitlements for all identities. If a security engineer wants to know which identities have the potential to delete or modify S3 buckets, the Access Search Agent searches for risky access paths and entitlements across hybrid clouds and SaaS applications, and visualizes the blast radius in Access Graph. Veza gives the flexibility to visualize the information in Access Graph or Query Builder. In short, the Access Search Agent enables your security, compliance and IAM teams to visualize risky access paths to your data with simple prompts.

Veza Access Review Agent

Manual access reviews are time consuming and result in review fatigue and risky-rubber stamping of approvals. While Veza Access Reviews automates user access certifications, with deep contextual visibility, we are taking this one step further with the Veza Access Review Agent. The Access Review Agent accelerates user access reviews by enabling reviewers to focus on high-risk items through AI-assisted reasoning and recommendations backed by detailed explanations. Reviewers can bulk-process approvals aided by faster decision making – based on precise context, while confidently detecting and isolating outliers. The Access Review Agent helps streamline compliance mandates without the heavy-lift required to manually ensure that the identities are always right-sized for access.

---

Advanced AI Agent Security: Protecting the Next-Gen Workforce

According to IDC, there could be over 1.3 billion AI agents by 2028. Veza, in its 2026 SOIA report identifies that a mere 0.01% of NHIs control 80% of cloud resources.

Released in December 2025, Veza’s AI Agent Security accelerates AI initiatives with unified visibility and data-driven insights into the scale and scope of AI agent identities. We have now expanded its capabilities with continuous innovations.

Expanded Discovery of Tools

Veza AI Agent security now provides deeper visibility, beyond just discovering MCP servers, by identifying what tools the AI agent can access and what actions can the agent execute within connected applications. For example, if the organization deploys a customer support AI agent, Veza will visually trace the agent end-to-end, ensuring it only has read access to the ticketing API and cannot execute unauthorized write/delete actions on sensitive data stores.

Suggested Owner Agent

The Veza AI Agent Security provides deep visibility into every AI agent identity and establishes robust AI-agent-to-human ownership for accountability and governance. Veza now makes it easier to combat ‘shadow AI’ by automatically mapping unmanaged AI agent identities and NHIs to responsible human owners. When a developer spins up an AI agent with broad access permissions and later moves to a different department or role, Veza flags this orphaned agent identity and suggests possible human owners that can be mapped to this agent identity, tightening AI security posture and governance.

AI Blast Radius Visualization

Using our industry-leading Access Graph, Veza remains the only identity solution capable of quantifying the exact action-level blast radius for every AI agent, including the sensitive data and system resources impacted. For example, during incident response, security teams can instantly visualize every data store, S3 bucket, GitHub repo or database table a malicious/compromised AI agent identity can reach, enabling them to quickly identify and stop the lateral movement. 

AI Security Posture Management (AISPM)

Building on the foundations of robust AI SPM, Veza now continuously assesses the AI infrastructure and maps the risks to the NIST AI Risk Management Framework (AIRMF). In addition to providing proactive remediation of AI risks, Veza also enables compliance teams to quickly provide data-driven proof to auditors that all deployed AI models adhere to the NIST AIRMF guidelines.

AI Agent Security Dashboard

Veza’s out-of-the-box dashboards centralizes the organization’s AI agent identity landscape to effectively track agent sprawl, dormant identities, and access drift to feed into downstream workflows. For example, when IAM and security teams review the dashboards and spot shadow AI agents with excessive privileges, Veza enables them to trigger automated workflows directly in ServiceNow or Jira.

1. Veza Access Agents are available now as Early Access to select customers. General Availability is at the end of Q2 2026.

---

Learn more