Latest news with #TarunThakur
Forbes
07-05-2025
- Business
- Forbes
AI Agents In The Enterprise & Their Implications For Identity Security
Tarun Thakur is Cofounder and CEO of Veza. getty The rapid advancement of large language models (LLMs) and GenAI has ushered in a new era of technology. We see them embedded in every product, software product road map and industry analyst presentation. Now, the AI revolution is impacting automation, becoming an active participant in enterprise workflows. Agentic AI —AI systems that can function autonomously, make decisions, retrieve real-time data and execute complex actions across the enterprise environment—is driving this shift. While these AI agents promise tremendous productivity gains, they also introduce significant identity security challenges that organizations must address proactively. Understanding AI Agents: Key Characteristics AI agents differ from traditional LLM-based chatbots like ChatGPT in several key ways. AI agents have: • Goal-Driven Autonomy: AI agents pursue objectives independently, continuously adapting based on inputs and results at each stage. • Real-World Connectivity: These agents will integrate with multiple enterprise systems—retrieving, processing and writing real-time data. • Decision Making Capabilities: AI agents analyze data, apply logic and execute tasks without constant human oversight. • Cross-Application Orchestration: Leveraging LLMs, they operate across multiple enterprise applications, blurring traditional application and system-specific security boundaries. The Rise Of AI Agents In The Enterprise Organizations are embedding agents into both customer-facing products and internal workforce-facing operations. We expect initial use cases to include: • Software Development: Agents will generate, debug, optimize and potentially deploy code automatically. • Marketing And Content Creation: They can draft content, run A/B testing, optimize campaigns and analyze audience engagement. • Customer Support: Agentic AI will extend current chatbot capabilities with workflows to make customer account changes, order replacement parts, process refunds and upsell subscriptions. • Supply Chain Management: Besides optimizing logistics and forecasting demand, agents will place orders with suppliers, check inventory and leverage voice interfaces to enable automated connections to vendors without deep technical infrastructures. Nevertheless, initial missteps in early deployments of LLMs in the enterprise tend to remain embedded in memory. For example, Air Canada deployed a chatbot that mistakenly provided incorrect information about bereavement fares, leading to a customer dispute. The company tried to dispute the claim and avoid responsibility for the incorrect information that the chatbot provided, but it lost the case in court. While this incident highlights the potential risks of such use, perhaps more damaging would be anyone who assumes the technology isn't ready for prime time. A common truism is that AI is currently the worst it will ever be. The AI future is coming, and AI agents will be a significant part of the enterprise landscape. The Two Primary Flavors Of Enterprise AI Agents In thinking more deeply about how agents will work, we should distinguish between two "flavors." 1. Enterprise-Managed AI Agents These are typically top-down, organization-approved AI implementations that connect via APIs and service accounts to integrate seamlessly with enterprise workflows. Examples include Google Agents, which automate enterprise decision making across multiple applications, and Goldman Sachs' GS AI Assistant. 2. Employee-Managed AI Agents Employees individually adopt these agents, often without explicit organizational approval. They typically operate within a user's browser session and leverage employee credentials for access. These agents can automate with systems that require interactive MFA, typically a barrier to most API-based authentication. Examples include OpenAI Operator and Anthropic's "Computer Use" mode, which employees can download and deploy on their company or personal computer. Identity Security Challenges Agentic AI brings into focus challenges for identity security—in different ways, depending on the flavor. Challenges With Enterprise-Managed AI Agents 1. Complex Least Privilege Enforcement: Organizations will aspire and push to make agents as "general purpose" as possible rather than building up a set of fragmented tools. General-purpose AI agents will require broad permissions across systems, which makes defining "least privilege" difficult. 2. Separation Of Duties (SoD) Concerns: Similarly, when general-purpose agents have access to different roles for different purposes across applications, it can lead to potential compliance and security loopholes in SoD. 3. Dynamic Nature: The landscape and use cases for agents are changing quickly and are only expected to accelerate. As LLMs evolve and expand, defining static security policies becomes impractical and difficult to enforce. Challenges With Employee-Managed AI Agents 1. Overpermissioning Risks: Employees may grant AI assistants excessive access for convenience. It's easier to grant access to essentially everything that I have as a member of the workforce. In the world of federated authentication, granting access to only an app or two is actually harder to do than giving access to everything. 2. Goal-Driven Behavior's Unintended Consequences: Simply setting a reasonable goal for an agent could take actions outside the intended parameters. How do you specify and validate the proper set of goals for an agent? For example, if an employee asked an agent to "maximize the chance of getting me promoted," might it decide to pursue strategies around highlighting the most significant failures of other likely candidates for the higher role? 3. Persistent Data Access: To effectively execute against longer-term goals, agents tend to retain and recall information over a longer term than simple queries of a chatbot. Enterprise data would likely persist and potentially be recalled in unexpected ways, raising legitimate data security concerns. 4. Audit And Compliance Complexity: Even today, organizations struggle to differentiate between humans and non-humans accessing different systems (the "NHI security" problem). With the adoption of agents, the issue of differentiation becomes much more difficult. When an auditor asks an organization to attest to the accuracy of an audit report showing "every AI agent that has touched customer data," what will the response be? The good news is that the core issues in identity security in the world of agentic AI come back to the ones we've struggled with for years: Least privilege is the foundation. You need to understand what you have today to know where you want to go. Start small, learn quickly and iterate. Forbes Technology Council is an invitation-only community for world-class CIOs, CTOs and technology executives. Do I qualify?
Yahoo
30-04-2025
- Business
- Yahoo
Veza garners $108m in Series D round
Veza, a company specialising in identity security, has raised $108m in its Series D funding round led by New Enterprise Associates (NEA). The round also saw participation from new investors Atlassian Ventures, Workday Ventures, and Snowflake Ventures, alongside existing backers Accel, Capital One Ventures, Ballistic Ventures, Blackstone Innovations Investments, GV (Google Ventures), JP Morgan, Norwest venture partners and True Ventures,. The latest funding brings Veza's total equity raised to $235m and values the company at $808m. Veza said the funds will be used to accelerate its global go-to-market strategy and support continued product development. With this latest funding, Veza has now raised a total of $235 million in equity financing. Company co-founder and CEO Tarun Thakur said: 'Veza's industry-first approach is rooted in assembling all access permissions, authorisation data, and activity into a unified data model, enabling customers to make fast, intelligent decisions that reduce risk and enforce least privilege. 'In a space crowded with startups and big-name entrants, Veza has emerged as the leader in identity security. Our latest funding is a wake-up call to the industry: the future of security starts with identity, and Veza leads the way.' The company's Access platform is currently securing access for millions of users across enterprises, including several Fortune 1000 companies. Managing more than 20 billion permissions, Veza offers insights into the challenge of permissions and entitlements that many organisations face. The Access Platform provides a comprehensive solution, visualising, monitoring, and controlling entitlements to ensure compliance and enforce the principle of least privilege. It addresses various use cases, from privileged access monitoring to non-human identity security, and from access entitlement management to next-generation Identity Governance and Administration. Atlassian Ventures head Peter Lenke said: 'Veza gives 'out of the box' dashboards and reports that provide intelligence across the customer's data access environment, resources, and permissions. 'In addition, the inclusion of an Atlassian Jira integration with Veza's platform enables Veza customers to get real-time monitoring of access requests, access searches, and access intelligence for identities, permissions, and resources that are accessing Jira data.' Founded in 2020, Veza has received backing from investors including Accel, Bain Capital, Ballistic Ventures, GV, NEA, Norwest Venture Partners, and True Ventures. "Veza garners $108m in Series D round" was originally created and published by Verdict, a GlobalData owned brand. The information on this site has been included in good faith for general informational purposes only. It is not intended to amount to advice on which you should rely, and we give no representation, warranty or guarantee, whether express or implied as to its accuracy or completeness. You must obtain professional or specialist advice before taking, or refraining from, any action on the basis of the content on our site. Sign in to access your portfolio
