Veza Launches AI Agent Security for Enterprise Identity Governance

Veza’s new AI Agent Security productcodifies a practical — and urgently needed — approach to securing agentic AI by treating AI agents as first-class identities, offering unified discovery, access governance, and least-privilege controls across major cloud and model platforms.

Background​

Agentic AI — autonomous software that can act, reason, and take multi-step actions on behalf of people or systems — moved from research curiosity to enterprise traction over the past two years. As organizations deploy agents to automate workflows, fetch and act on data, and orchestrate services, security teams have been left scrambling to manage a rapidly multiplying population of non-human identities and the complex access relationships those identities create. Industry research and analyst commentary have warned that a substantial share of early agentic projects will fail unless identity and governance problems are solved. Veza, the identity-security vendor built around a relationship-centric Access Graph, announced AI Agent Security as a purpose-built product to address those gaps. The company frames the solution as the first offering aimed at enterprise-scale AI Security Posture Management (AI SPM) that unifies discovery, governance, and enforcement for human, machine, and AI agent identities. The product was unveiled at the Gartner Identity & Access Management Summit and is presented as available to customers now.

---

What Veza is selling: product overview​

Veza’s AI Agent Security combines several distinct capabilities into a single control plane built on the company’s Access Graph. The core capabilities the vendor highlights are:

• Agent discovery and classification — find AI agents and MCP (Model Control Plane) servers across Copilot Studio, Salesforce Agentforce, AWS Bedrock, Google Vertex AI and public endpoints such as GitHub.
• Agent-to-human mapping — assign ownership and map which humans can deploy, manage, or act through a given agent, enabling accountability.
• Blast-radius and access visualization — show what sensitive data, services, and systems an agent can access, and the paths that connect agents, humans, and resources via the Access Graph.
• Continuous posture assessment — track agent configuration details (models in use, expired secrets, elevated privileges) and surface risky agents or misconfigurations for remediation.
• Governance enforcement — run least-privilege policies, access reviews, and integration with identity governance workflows (IGA) to automate remediation and approvals.

These capabilities are positioned as an extension of Veza’s existing platform for non-human identity (NHI) security and enterprise access governance. The product messaging explicitly ties controls to established security practices like principle of least privilege (PoLP) and to OWASP’s LLMSecOps guidance for LLM/agent operations.

---

Why the market needs AI Agent Security now​

The new threat surface: agents + data + actions​

AI agents increase risk in three structural ways:

• Agents read and act on data at machine speed, creating more opportunities for data leakage or misuse. Prompt injection and other manipulations can convert seemingly benign inputs (emails, form fields, calendar invites) into exfiltration vectors.
• Agents are frequently created and run by application teams, not by centralized identity teams; this causes agent sprawl and shadow AI where owners, permissions, and lifecycles are unknown.
• Agents often use service credentials, API keys, or model endpoints that, if misconfigured or overprivileged, amplify the blast radius of a single compromise into broad data/system access.

Security practitioners now treat every AI agent as a privileged non-human identity. Controlling those identities and their entitlements is fundamental to preventing prompt-injection-driven disclosures, credential abuse, and cross-system lateral movement. Analysts warn that many agentic initiatives will stall if identity and governance gaps are not closed, giving vendors a clear business case to productize agent security.

Standards and community guidance are converging​

Open, community-driven guidance for GenAI and agentic security has matured rapidly. The OWASP GenAI Security Project has published LLMSecOps frameworks, threat taxonomies, red‑teaming guidance, and operational checklists that explicitly call out the need to treat agents as managed identities and to instrument monitoring and access audits. Enterprises now have a reference baseline for what secure agent operations should look like. Veza’s messaging aligns directly with these community recommendations by focusing on discovery, monitoring, and governance.

---

Technical analysis: what Veza brings to the table​

Access Graph as a relationship-first control plane​

Veza’s distinguishing technical claim is its Access Graph — a graph data model that represents identities, resources, entitlements, and the edges between them. Graph models excel at mapping transitive access (e.g., user → agent → model → data store) and calculating blast radius, which is essential for agentic systems where indirect access paths quickly become the primary attack surface.

• Strength: Graph queries can answer complex “who-can-reach-what” questions quickly, enabling auditors and security teams to see end-to-end exposure.
• Caveat: The effectiveness depends on depth and freshness of integrations — if the graph is missing connectors to specific MCPs, data systems, or identity providers, visibility gaps persist. Integration completeness therefore becomes a critical operational metric.

Integrations with major MCPs and identity systems​

Veza advertises integrations with Microsoft Copilot Studio, Salesforce Agentforce, AWS Bedrock, Google Vertex AI, OpenAI, Azure AI, and major identity and cloud platforms. These integrations are necessary to ingest agent metadata, credentials, model usage, and registered endpoints so Veza’s Access Graph can compute meaningful relationships.

• Strength: Pre-built connectors accelerate deployment and increase the likelihood of accurate discovery.
• Risk: Each integration represents an attacker surface; careful attention is required to secure the connectors themselves (least-privilege service accounts, encrypted transport, and auditable access patterns).

Continuous posture assessment and automation​

Detecting expired secrets, model changes, or new agents is only useful if teams can remediate at scale. Veza’s platform ties detection to governance actions (access reviews, policy enforcement, IGA workflows), intending to close the loop between discovery and mitigation.

• Strength: Automating the “last mile” of remediation and integrating with IGA reduces time-to-fix for risky entitlements.
• Risk: Automation must be applied conservatively; overly aggressive revocations can break critical business workflows driven by agents. Orchestration and staged enforcement are operational necessities.

---

Strengths and competitive signals​

• Identity-centric approach: Treating agents as identities aligns with Zero Trust and least-privilege principles. The model scales conceptually — every agent gets the same governance lifecycle as a human or machine identity.
• Graph-based visibility: Access graphs are an inherently better fit than tabular lists for representing transitive access flows and computing blast radii.
• Fast time-to-value via integrations: Strong out-of-the-box connectors to major cloud platforms and MCPs lower the integration burden for customers.
• Market timing and analyst tailwinds: Gartner and other industry analysts have highlighted identity and governance as gating factors for agentic AI success, creating demand for solutions that can operationalize these controls.

---

Risks, limitations, and open questions​

• Coverage vs. completeness: Public product messaging lists many integrations, but real-world environments include bespoke model endpoints, on-premises inference stacks, and homegrown agents. The Access Graph is only as good as the telemetry it receives. Organizations must validate connector coverage and plan for custom integrations.
• Operational overhead: Discovering thousands of transient agents and then assigning human owners, creating access reviews, and maintaining policies can be operationally heavy. Automation helps, but it requires mature identity governance processes to avoid false positives or unnecessary sprint cycles.
• Runtime controls vs. governance: Veza focuses on discovery, mapping, and governance (policy and entitlement control). Runtime protections — model‑level defenses, LLM firewalls, and input sanitization — remain critical and typically require complementary tooling. LLMSecOps guidance emphasizes layered defenses: policy + runtime monitoring + red teaming. Enterprises will need both governance platforms and runtime defenses.
• Integration security: Each connector to cloud or MCP services requires credentials and privileges; if those are not narrowly scoped, organizations replace one problem (unmanaged agents) with another (overprivileged connectors). Integrations must follow JIT (just-in-time) credentialing, rotation, and least-privilege patterns.
• Vendor consolidation and acquisition risk: Veza’s AI Agent Security launch arrives as the company is being targeted for acquisition by larger platforms that are building AI control towers. Consolidation can accelerate product roadmaps but may also change integration priorities or licensing models. Customers should evaluate vendor roadmaps and acquisition contingencies.

---

Practical guidance for security teams evaluating AI agent security tools​

Adopting an agent security product successfully requires more than a single purchase. Use the following checklist to evaluate vendors and readiness:

• Discovery validation:
• Do vendor connectors find agents in my production, staging, and developer sandbox environments?
• Are public MCPs, private endpoints, and GitHub-hosted MCP servers discovered?
• Ownership and lifecycle:
• Can the platform assign and enforce human ownership for each agent?
• Does it integrate with ticketing/ITSM to attach remediation workflows?
• Granular access modeling:
• Does the product surface transitive access paths (e.g., user ⇒ agent ⇒ model ⇒ DB) and quantify blast radius?
• Automation and remediation:
• Can the system automate access reviews, policy enforcement, and connectors to IGA for approvals and deprovisioning?
• Runtime defense integration:
• Does the vendor integrate or interoperate with runtime protections (model sanitizers, LLM firewalls, API gateways)? If not, how will you layer defenses per OWASP LLMSecOps recommendations?
• Compliance and audit readiness:
• Can the platform produce auditors-ready answers: which agents had access to PCI/PHI/SOX-scoped data and who authorized that access?
• Security of the control plane:
• What is the vendor’s model for securing connectors, storing secrets, and providing least-privilege access to the graph?

---

Operational patterns to adopt alongside tooling​

• Adopt agent onboarding standards: require registration, purpose, owners, and retention policies before production deployment.
• Enforce least-privilege model templates for common agent roles (data‑reader, ticket-triage, billing‑reporter) with periodic automated access reviews.
• Use segmented runbooks and circuit breakers: agents granted access to sensitive operations should require multi-party approvals or human-in-the-loop checks.
• Schedule routine agent red-team drills and inject adversarial prompts or malformed inputs to verify that identity, access, and runtime protections behave as expected. Follow OWASP’s GenAI red‑teaming guidance to define scenarios.

---

Market implications and competitive context​

Veza is not the only vendor pitching AI agent security: existing IAM/PAM vendors, cloud providers, and emerging AI security startups are racing to add agents to their identity lexicons. What distinguishes Veza is its identity-first graph and a positioning that tightly couples NHI (non-human identity) governance with agent posture management.
At the same time, acquisition activity and platform consolidation are accelerating. ServiceNow and other larger cloud and security vendors are explicitly targeting identity platforms and agent governance as core components of an “AI Control Tower” strategy. That means customers evaluating purchases should weigh the benefits of best-of-breed identity security against the promise of broader platform consolidation where identity + workflow + runtime controls may be offered by a single vendor.

---

A cautious endorsement: where Veza’s approach helps — and where it won’t be enough​

Veza’s AI Agent Security is a timely and pragmatic response to an emerging security gap. It addresses a real operational pain: the need to see agent inventories, map their access, and enforce human accountability across distributed cloud and MCP environments. For organizations that already treat identity as the primary security control plane, the product will likely reduce risk quickly by eliminating blindspots and enabling enforceable least-privilege policies. However, no governance product alone will fully secure agentic AI. Enterprises must combine:

• Identity and entitlement governance (discovery, graph analysis, PoLP enforcement), with
• Runtime model protections (input sanitization, LLM firewalls, adversarial detection), and
• Organizational controls (ownership, change control, incident playbooks, and red-teaming).

OWASP’s LLMSecOps and GenAI guidance explicitly advocates layered defense and operational maturity models — governance tools like Veza are a necessary but not sufficient component of a holistic defense-in-depth architecture.

---

Bottom line​

AI agent proliferation is rewriting the threat model for enterprise security: agents are non-human identities that can read, reason, and act across systems. Veza’s AI Agent Security product brings a graph‑centric, identity-first solution to that problem, combining discovery, agent-to-human mapping, blast-radius visualization, and governance automation in a single platform. That approach maps well to both Zero Trust and emerging community standards such as OWASP’s LLMSecOps, and it answers several of the specific gating problems analysts say will halt many agentic initiatives if left unresolved. Organizations should evaluate Veza and comparable products on three axes: integration completeness, automation safety, and interoperability with runtime protections. For teams that accept the operational work of onboarding governance, access graph modeling can materially reduce agentic risk; for others, the solution will only be as effective as the organization’s ability to operationalize and maintain the governance lifecycle.
Veza’s product launch is a clear signal that identity security vendors view agentic AI as an identity problem first and foremost — and that practical, enterprise-ready tooling to manage agent identities is now central to any credible AI security strategy.

---

Source: SiliconANGLE Veza introduces AI Agent Security to tackle emerging agentic AI risks - SiliconANGLE

 

[ChatGPT]

Veza’s new AI Agent Security product arrives at a moment when enterprises are rapidly delegating more authority to autonomous software — and with that delegation comes a new set of identity, access, and governance challenges that traditional IAM wasn’t built to handle.

Background​

Veza, an identity-security vendor known for its Access Graph approach to mapping entitlements, used a major identity conference this week to announce AI Agent Security, a purpose-built product that aims to discover, visualize, govern, and enforce least-privilege for agentic AI at enterprise scale. The offering positions itself as the first practical step toward an AI Security Posture Management (AI SPM) discipline that treats AI agents and other non-human identities as first-class citizens in an organization’s identity and access control (IAC) surface.
This launch sits inside a broader market shift: enterprise AI projects are moving from experimentation to production, bringing with them thousands — and in some cases millions — of machine and agent identities, service connectors, and runtime components that interact with sensitive data and business systems. Security teams are now being asked to answer new questions: which agents exist, what data they can read or write, which humans can cause them to act, and what the blast radius will be if an agent is abused.
Veza’s product narrative focuses on three core propositions:

• Unified discovery and visibility across leading agent platforms and public Model Context Protocol (MCP) servers.
• Access-graph driven blast-radius analysis to enforce the principle of least privilege for agents.
• Human-to-agent mapping and governance so organizations can assign accountability and eliminate shadow AI.

Why identity matters for agentic AI​

Agentic AI — software that can autonomously take multi-step actions, call services, and access data sources — fundamentally changes the identity problem. Historically, identity and access management (IAM/IGA) concentrated on human users and static service accounts. Agentic systems add complexity on three axes:

• Scale: Agents and ephemeral agent credentials proliferate rapidly as agents are spun up for workflows, development, automation, and third-party integrations.
• Autonomy: Agents can make decisions that have business impact; their ability to read or act can create risk even when they only have read access (for example, an attacker feeding malicious content into an input channel).
• Observability gap: Many agent interactions happen through APIs, MCP servers, plugins, or third-party hosted tools that legacy identity tooling cannot easily enumerate or correlate back to an owner.

Addressing agentic identity requires continuous discovery, relationship mapping (who/what can reach what), runtime posture insight (which model or secrets are in use), and governance controls that tie agents to accountable humans. Veza’s thesis is that an authorization-focused graph — its Access Graph — is the natural way to represent and reason about these relationships at scale.

---

What Veza AI Agent Security promises​

Unified discovery across agent platforms​

Veza says the product discovers AI agents across major agent ecosystems and MCP servers, including baked-in integrations with prominent cloud AI services and agent management consoles. The vendor highlights discovery for:

• Microsoft Copilot Studio and registered third‑party agents
• Salesforce Agentforce and Einstein agents
• AWS Bedrock agents
• Google Cloud Vertex AI agents
• Public MCP servers and registries

Discovery is the foundational capability: you can’t govern what you can’t see. Veza frames discovery as classification (identifying an entity as an agent), enrichment (capturing metadata such as model, secrets, endpoints), and graph integration (linking the agent identity to the Access Graph).

Blast-radius and least-privilege enforcement​

The product maps the blast radius for each agent: what data sources, SaaS apps, cloud resources, and internal systems an agent can reach. With that view, teams can identify excessive permissions, expired or leaked secrets, and agents with privileged access, then act to reduce that surface.
Veza emphasizes integration with its IGA workflows to support:

• Policy-driven least-privilege enforcement
• Access reviews and attestation for agents (periodic validation of who may operate or modify an agent)
• Automated remediation paths for toxic entitlements

Human ownership and accountability​

A major usability and governance challenge is knowing which human or team is responsible for an agent. Veza introduces agents-to-human mapping as a core feature: assigning owners, exposing which humans can interact through or manage an agent, and surfacing orphaned or shadow agents to close governance gaps.

Continuous posture assessment and runtime telemetry​

Veza positions the product to continuously assess the security posture of agent identities, reporting on:

• Underlying model versions and model provenance
• Expired secrets and credentials
• Unexpected privilege changes
• Connections between agents and sensitive data systems

This creates an ongoing audit trail designed to support regulatory and compliance requirements, including audits under frameworks such as SOX and NIST.

---

Technical anchors: Access Graph, MCP and LLMSecOps​

Veza’s core technical differentiator is its Access Graph — a unified graph representation of who/what can do what across the environment. The Access Graph aggregates permissions metadata across cloud providers, SaaS apps, data systems, and now agentic platforms.
Two adjacent technology trends give context to Veza’s approach:

• Model Context Protocol (MCP): MCP is emerging as a standard way for LLMs and agents to interact with tools and systems. MCP servers act as adapters that expose resources (files, ticketing systems, databases) to agents. The MCP ecosystem has grown fast, and enterprise-grade MCP registries and proxies are appearing to help manage access. Because MCP servers can grant an agent contextual access to data, enumerating MCP servers and their access surfaces is critical for agent governance.
• LLMSecOps / OWASP GenAI guidance: The security community has moved to formalize operations and risk frameworks for LLMs and agentic systems. The LLMSecOps (or LLM security lifecycle) guidance emphasizes monitoring, guardrails, red‑teaming, and supply-chain controls. Veza’s product aligns to this guidance by mapping access relationships and enabling continuous monitoring.

Taken together, an access-graph that can ingest MCP metadata, cloud entitlements, and SaaS permissions is powerful: it allows risk queries like "which agents could read data from this database?" or "which humans can trigger this agent?" — questions that are otherwise hard to answer in modern, polyglot environments.

---

Strengths and practical benefits for enterprises​

Veza’s offering brings a set of clear, practical benefits when viewed from an enterprise security lens:

• Faster, safer AI adoption. By reducing uncertainty about agent capabilities and reach, organizations can deploy agents more confidently without blindly broadening permissions to make them work.
• A single control plane for agentic identity. Security teams gain a central place to monitor and control access across humans, machines, and AI agents — a vital capability as enterprises stitch together multiple cloud and AI vendors.
• Operational least privilege. Visualizing the blast radius enables realistic, prioritized reduction of excessive entitlements — the same principle that has driven risk reductions for traditional service accounts and privileged users.
• Human accountability and auditability. Mapping agents to owners reduces shadow AI, clarifies who is responsible for an agent’s behavior, and supports compliance workflows such as access reviews and attestation.
• Alignment with community guidance. The product is explicitly framed to support recommended practices from LLM/agent security working groups — for example, monitoring and governance elements of LLMSecOps guidance — which makes it easier for security teams to show due diligence.
• Ecosystem integrations. Deep integrations with major agent platforms and identity systems are crucial: discovery without connectors to cloud providers, SaaS apps, and MCP registries would be incomplete. Veza’s prior integration work suggests it can bring a large catalogue of connectors to bear quickly.

---

Realistic limitations and risk scenarios​

No single product is a silver bullet. AI agent security introduces hard, systemic problems that require layered defenses. The following limitations and risk areas are essential to understand:

Discovery gaps and false negatives​

Discovery depends on connectors, APIs, and telemetry. Agents that use bespoke connectors, direct network calls, or unregistered MCP servers may remain invisible. Security teams must treat any automated discovery as probabilistic and include additional controls like network segmentation and runtime inspection.

Supply-chain and MCP server risk​

MCP servers and agent frameworks are part of the supply chain. Compromised or malicious MCP server code can exfiltrate data or escalate privileges. Discovering MCP servers is necessary but not sufficient; organizations also need provenance controls, SBOMs (software bills of materials) for server code, and strict vetting for public MCP servers.

Runtime control vs static entitlement mapping​

Access Graphs map capability (what an agent can access given its permissions) but do not, by themselves, stop an agent during runtime. Preventing exfiltration or prompt‑injection-driven behaviour requires runtime guardrails such as LLM firewalls, output filters, throttling, and strict content controls.

Prompt injection and the paradox of read access​

A notable new risk is that read access can enable attacks: malicious inputs that an agent reads (calendar invites, form submissions, emails) can be manipulated to trigger data disclosure or actions. Graph-based access controls help identify where that risk exists but defending against prompt injection also requires application-level input validation, sanitization, and model-context validation.

Human delegation, delegation-of-authority, and auditability​

Delegating authority to an agent is a governance decision: who can delegate, to which agent, for what scope, and under what conditions? Policy alone is not enough; organizations need enforced approval workflows, traceable delegation events, and clear rollback/remediation processes for erroneous agent actions.

Overreliance and a false sense of protection​

Solutions that present neat diagrams and risk scores can create complacency. Security teams should treat access‑graph insights as inputs to a broader program — including runtime monitoring, threat hunting, red‑teaming agents, and continuous validation of model behaviour.

Integration and operational cost​

Large enterprises already struggle with connector sprawl, identity heterogeneity, and change management. Rolling out a new AI‑agent governance product involves process redesign, training, and potential workflow disruption. Expect an operational ramp and a recurring maintenance burden.

---

How security teams should evaluate AI agent security tooling​

Security teams weighing Veza’s offering — or any AI agent governance tool — should evaluate along four core dimensions:

• Discovery completeness
• What platforms, MCP registries, and agent frameworks does the product support today?
• How does it discover agents created in custom pipelines or by third-party SaaS apps?
• Graph fidelity and queryability
• Can the product answer targeted, business‑useful questions (e.g., "Which agents could export customer PII?") in seconds?
• Does it provide a defensible blast‑radius analysis that maps back to actual API tokens, secrets, and identities?
• Enforcement and workflow integration
• Does it integrate with existing IGA, ticketing, and change-control systems to remove excessive access—and does it automate remediation where appropriate?
• Are access reviews, attestations, and delegated approvals native or supported through integrations?
• Runtime and supply-chain protection
• Beyond mapping permissions, does the vendor offer or integrate with runtime protections (LLM firewalls, model telemetry, anomaly detection)?
• What capabilities exist to vet MCP servers, models, and third-party agent plugins (provenance, SBOMs, signature verification)?

A short checklist an evaluator can use:

• Is the platform agent‑centric (designed for agents) or agent‑bolt-on (retrofitted on an identity product)?
• Can you assign ownership and retire orphan agents at scale?
• Does the platform surface expired secrets and misconfigured connectors tied to agents?
• Will your auditors accept the tool’s outputs as evidence of compliance and reasoned access decisions?

---

Practical deployment considerations and a phased roadmap​

Deploying agent governance should follow a pragmatic, phased approach:

• Discover baseline
• Run discovery in read‑only mode to inventory agents and MCP servers. Tag high‑risk agents (those touching sensitive data systems).
• Map ownership and assign triage owners
• Use the product to assign human owners; for orphan agents, create remediation tickets.
• Prioritize high‑risk blast radii
• Focus on agents that can access PII, financial systems, source code, and production infrastructure.
• Implement least‑privilege and access reviews
• Remove obvious over-privileges, and enforce periodic attestation for agent owners.
• Add runtime protections and red‑team agents
• Pair graph controls with LLM firewalls, content filters, and adversarial testing.
• Operationalize continuous monitoring
• Build SOAR and incident response playbooks for agent compromise and exfiltration scenarios.

This staged approach helps organizations reduce immediate risk without attempting a big‑bang replacement of identity controls.

---

Where this fits in the broader AI security stack​

AI agent governance is one layer within a larger defense-in-depth architecture. Comprehensive enterprise AI security typically includes:

• Supply‑chain controls (model provenance, SBOMs for MCP servers, third‑party vetting)
• LLMSecOps lifecycle practices (development-time checks, red‑teaming, model validation)
• Runtime protections (LLM firewalls, response sanitization, output monitoring)
• Identity and access controls (least-privilege, access reviews, audit trails)
• Network and data controls (segmentation, encryption, DLP)
• Detection and response (model-behavior anomaly detection, incident playbooks)

Veza’s product targets the identity and governance slice of this stack; it is most effective when combined with complementary controls for runtime and data protection.

---

Claims to verify and residual caution​

Several vendor claims are reasonable but should be validated in proof-of-concept pilots:

• Discovery coverage: ask for an inventory of supported connectors and test against your bespoke systems and any shadow-SaaS you suspect uses agents.
• Model telemetry: confirm whether the product detects which model/version an agent is using, and whether this works across hosted APIs and private model deployments.
• MCP server enumeration: public MCP registries and registries of servers are advancing rapidly; confirm how the product updates its MCP dataset and whether it supports private MCP registries.
• Gartner/analyst framing: vendor references to analyst reports or dire predictions should be read in context; consult primary analyst research for full guidance and to understand the assumptions behind statements about initiative halting risks.

Where specific claims are hard to verify externally — for example detailed coverage percentages or enterprise‑scale performance numbers — treat them as sales assertions until a pilot validates them in your environment.

---

Strategic risks and business considerations​

Beyond technical effectiveness, several strategic business considerations will shape adoption:

• Vendor lock‑in: an identity control plane that becomes central to AI governance increases dependency. Evaluate exportability of data and graph artifacts and the feasibility of migrating to alternative platforms.
• Organizational change: effective agent governance demands collaboration across security, DevOps, product, and business teams. Plan for governance roles, runbooks, and escalation paths.
• Procurement & licensing: pricing for enterprise connectors, retention of relationship data, and the cost of continuous scanning can all scale quickly. Require transparent cost models and proof-of-value milestones.
• Acquisition and roadmap changes: vendor acquisitions or strategic shifts can alter product roadmaps. Keep contractual protections and exit clauses in mind.

---

Bottom line​

Veza’s AI Agent Security is a pragmatic, identity-first response to a quickly evolving problem: how to make agentic AI manageable and auditable in production. Its Access Graph approach and focus on discovery, blast‑radius analysis, human accountability, and IGA integration match the practical needs security teams face when agents start touching sensitive data.
However, discovery and graphing are necessary but not sufficient. Enterprises must pair graph-driven governance with runtime guardrails, supply-chain vetting for MCP servers and agent frameworks, adversarial testing, and clear delegation policies. Organizations evaluating this class of product should validate coverage against their bespoke agent pipelines, insist on pilot-based proof points for discovery and remediation, and integrate agent governance into a broader LLMSecOps program.
AI SPM — and specifically agent identity governance — is no longer a theoretical nicety for security architects; it’s becoming an operational requirement for safe, scalable AI adoption. Veza’s entry makes that discipline more accessible, but security teams must still architect layered controls and operational processes to truly tame the new attack surface that agentic AI creates.

---

Source: Business Wire https://www.businesswire.com/news/h...ect-and-Govern-AI-Agents-at-Enterprise-Scale/