Latest news with #Veza
Forbes
07-05-2025
- Business
- Forbes
AI Agents In The Enterprise & Their Implications For Identity Security
Tarun Thakur is Cofounder and CEO of Veza. getty The rapid advancement of large language models (LLMs) and GenAI has ushered in a new era of technology. We see them embedded in every product, software product road map and industry analyst presentation. Now, the AI revolution is impacting automation, becoming an active participant in enterprise workflows. Agentic AI —AI systems that can function autonomously, make decisions, retrieve real-time data and execute complex actions across the enterprise environment—is driving this shift. While these AI agents promise tremendous productivity gains, they also introduce significant identity security challenges that organizations must address proactively. Understanding AI Agents: Key Characteristics AI agents differ from traditional LLM-based chatbots like ChatGPT in several key ways. AI agents have: • Goal-Driven Autonomy: AI agents pursue objectives independently, continuously adapting based on inputs and results at each stage. • Real-World Connectivity: These agents will integrate with multiple enterprise systems—retrieving, processing and writing real-time data. • Decision Making Capabilities: AI agents analyze data, apply logic and execute tasks without constant human oversight. • Cross-Application Orchestration: Leveraging LLMs, they operate across multiple enterprise applications, blurring traditional application and system-specific security boundaries. The Rise Of AI Agents In The Enterprise Organizations are embedding agents into both customer-facing products and internal workforce-facing operations. We expect initial use cases to include: • Software Development: Agents will generate, debug, optimize and potentially deploy code automatically. • Marketing And Content Creation: They can draft content, run A/B testing, optimize campaigns and analyze audience engagement. • Customer Support: Agentic AI will extend current chatbot capabilities with workflows to make customer account changes, order replacement parts, process refunds and upsell subscriptions. • Supply Chain Management: Besides optimizing logistics and forecasting demand, agents will place orders with suppliers, check inventory and leverage voice interfaces to enable automated connections to vendors without deep technical infrastructures. Nevertheless, initial missteps in early deployments of LLMs in the enterprise tend to remain embedded in memory. For example, Air Canada deployed a chatbot that mistakenly provided incorrect information about bereavement fares, leading to a customer dispute. The company tried to dispute the claim and avoid responsibility for the incorrect information that the chatbot provided, but it lost the case in court. While this incident highlights the potential risks of such use, perhaps more damaging would be anyone who assumes the technology isn't ready for prime time. A common truism is that AI is currently the worst it will ever be. The AI future is coming, and AI agents will be a significant part of the enterprise landscape. The Two Primary Flavors Of Enterprise AI Agents In thinking more deeply about how agents will work, we should distinguish between two "flavors." 1. Enterprise-Managed AI Agents These are typically top-down, organization-approved AI implementations that connect via APIs and service accounts to integrate seamlessly with enterprise workflows. Examples include Google Agents, which automate enterprise decision making across multiple applications, and Goldman Sachs' GS AI Assistant. 2. Employee-Managed AI Agents Employees individually adopt these agents, often without explicit organizational approval. They typically operate within a user's browser session and leverage employee credentials for access. These agents can automate with systems that require interactive MFA, typically a barrier to most API-based authentication. Examples include OpenAI Operator and Anthropic's "Computer Use" mode, which employees can download and deploy on their company or personal computer. Identity Security Challenges Agentic AI brings into focus challenges for identity security—in different ways, depending on the flavor. Challenges With Enterprise-Managed AI Agents 1. Complex Least Privilege Enforcement: Organizations will aspire and push to make agents as "general purpose" as possible rather than building up a set of fragmented tools. General-purpose AI agents will require broad permissions across systems, which makes defining "least privilege" difficult. 2. Separation Of Duties (SoD) Concerns: Similarly, when general-purpose agents have access to different roles for different purposes across applications, it can lead to potential compliance and security loopholes in SoD. 3. Dynamic Nature: The landscape and use cases for agents are changing quickly and are only expected to accelerate. As LLMs evolve and expand, defining static security policies becomes impractical and difficult to enforce. Challenges With Employee-Managed AI Agents 1. Overpermissioning Risks: Employees may grant AI assistants excessive access for convenience. It's easier to grant access to essentially everything that I have as a member of the workforce. In the world of federated authentication, granting access to only an app or two is actually harder to do than giving access to everything. 2. Goal-Driven Behavior's Unintended Consequences: Simply setting a reasonable goal for an agent could take actions outside the intended parameters. How do you specify and validate the proper set of goals for an agent? For example, if an employee asked an agent to "maximize the chance of getting me promoted," might it decide to pursue strategies around highlighting the most significant failures of other likely candidates for the higher role? 3. Persistent Data Access: To effectively execute against longer-term goals, agents tend to retain and recall information over a longer term than simple queries of a chatbot. Enterprise data would likely persist and potentially be recalled in unexpected ways, raising legitimate data security concerns. 4. Audit And Compliance Complexity: Even today, organizations struggle to differentiate between humans and non-humans accessing different systems (the "NHI security" problem). With the adoption of agents, the issue of differentiation becomes much more difficult. When an auditor asks an organization to attest to the accuracy of an audit report showing "every AI agent that has touched customer data," what will the response be? The good news is that the core issues in identity security in the world of agentic AI come back to the ones we've struggled with for years: Least privilege is the foundation. You need to understand what you have today to know where you want to go. Start small, learn quickly and iterate. Forbes Technology Council is an invitation-only community for world-class CIOs, CTOs and technology executives. Do I qualify?
Yahoo
30-04-2025
- Business
- Yahoo
Veza garners $108m in Series D round
Veza, a company specialising in identity security, has raised $108m in its Series D funding round led by New Enterprise Associates (NEA). The round also saw participation from new investors Atlassian Ventures, Workday Ventures, and Snowflake Ventures, alongside existing backers Accel, Capital One Ventures, Ballistic Ventures, Blackstone Innovations Investments, GV (Google Ventures), JP Morgan, Norwest venture partners and True Ventures,. The latest funding brings Veza's total equity raised to $235m and values the company at $808m. Veza said the funds will be used to accelerate its global go-to-market strategy and support continued product development. With this latest funding, Veza has now raised a total of $235 million in equity financing. Company co-founder and CEO Tarun Thakur said: 'Veza's industry-first approach is rooted in assembling all access permissions, authorisation data, and activity into a unified data model, enabling customers to make fast, intelligent decisions that reduce risk and enforce least privilege. 'In a space crowded with startups and big-name entrants, Veza has emerged as the leader in identity security. Our latest funding is a wake-up call to the industry: the future of security starts with identity, and Veza leads the way.' The company's Access platform is currently securing access for millions of users across enterprises, including several Fortune 1000 companies. Managing more than 20 billion permissions, Veza offers insights into the challenge of permissions and entitlements that many organisations face. The Access Platform provides a comprehensive solution, visualising, monitoring, and controlling entitlements to ensure compliance and enforce the principle of least privilege. It addresses various use cases, from privileged access monitoring to non-human identity security, and from access entitlement management to next-generation Identity Governance and Administration. Atlassian Ventures head Peter Lenke said: 'Veza gives 'out of the box' dashboards and reports that provide intelligence across the customer's data access environment, resources, and permissions. 'In addition, the inclusion of an Atlassian Jira integration with Veza's platform enables Veza customers to get real-time monitoring of access requests, access searches, and access intelligence for identities, permissions, and resources that are accessing Jira data.' Founded in 2020, Veza has received backing from investors including Accel, Bain Capital, Ballistic Ventures, GV, NEA, Norwest Venture Partners, and True Ventures. "Veza garners $108m in Series D round" was originally created and published by Verdict, a GlobalData owned brand. The information on this site has been included in good faith for general informational purposes only. It is not intended to amount to advice on which you should rely, and we give no representation, warranty or guarantee, whether express or implied as to its accuracy or completeness. You must obtain professional or specialist advice before taking, or refraining from, any action on the basis of the content on our site. Sign in to access your portfolio
CNBC
28-04-2025
- Business
- CNBC
Cloud software vendors Atlassian, Snowflake and Workday are betting on security startup Veza
Tech giants like Google, Amazon, Microsoft and Nvidia have captured headlines in recent years for their massive investments in artificial intelligence startups like OpenAI and Anthropic. But when it comes to corporate investing by tech companies, cloud software vendors are getting aggressive as well. And in some cases they're banding together. Veza, whose software helps companies manage the various internal technologies that employees can access, has just raised $108 million in a financing round that included participation from software vendors Atlassian, Snowflake and Workday. New Enterprise Associates led the round, which values Veza at just over $800 million, including the fresh capital. For two years, Snowflake's managers have used Veza to check who has read and write access, Harsha Kapre, director of the data analytics software company's venture group told CNBC. It sits alongside a host of other cloud solutions the company uses. "We have Workday, we have Salesforce — we have all these things," Kapre said. "What Veza really unlocks for us is understanding who has access and determining who should have access." Kapre said that "over-provisioning," or allowing too many people access to too much stuff, "raises the odds of an attack, because there's just a lot of stuff that no one is even paying attention to." With Veza, administrators can check which employees and automated accounts have authorization to see corporate data, while managing policies for new hires and departures. Managers can approve or reject existing permissions in the software. Veza says it has built hooks into more than 250 technologies, including Snowflake. The funding lands at a challenging time for traditional venture firms. Since inflation started soaring in late 2021 and was followed by rising interest rates, startup exits have cooled dramatically, meaning venture firms are struggling to generate returns. Wall Street was banking on a revival in the initial public offering market with President Donald Trump's return to the White House, but the president's sweeping tariff proposals led several companies to delay their offerings. That all means startup investors have to preserve their cash as well. In the first quarter, venture firms made 7,551 deals, down from more than 11,000 in the same quarter a year ago, according to a report from researcher PitchBook. Corporate venture operates differently as the capital comes from the parent company and many investments are strategic, not just about generating financial returns. Atlassian's standard agreement asks that portfolio companies disclose each quarter the percentage of a startup's customers that integrate with Atlassian. Snowflake looks at how much extra product consumption of its own technology occurs as a result of its startup investments, Kapre said, adding that the company has increased its pace of deal-making in the past year. Within the tech startup world, Veza is also in a relatively advantageous spot, because the proliferation of cyberattacks has lifted the importance of next-generation security software. On the public markets, the First Trust Nasdaq Cybersecurity ETF, which includes CrowdStrike and Palo Alto Networks, is up 3% so far this year, compared with a 10% drop in the Nasdaq. Veza's technology runs across a variety of security areas tied to identity and access. In access management, Microsoft is the leader, and Okta is the challenger. Veza isn't directly competing there, and is instead focused on visibility, an area where other players in and around the space lack technology, said Brian Guthrie, an analyst at Gartner. Tarun Thakur, Veza's co-founder and CEO, said his company's software has become a key part of the ecosystem as other security vendors have started seeing permissions and entitlements as a place to gain broad access to corporate networks. "We have woken up a sleeping industry," Thakur, who helped start the company in 2020, said in an interview. Thakur's home in Los Gatos, California, doubles as headquarters for the startup, which employs 200 people. It isn't disclosing revenue figures but says sales more than doubled in the fiscal year that ended in January. Customers include AMD, CrowdStrike and Intuit. Guthrie said enterprises started recognizing that they needed stronger visibility about two years ago. "I think it's because of the number of identities," he said. Companies realized they had an audit problem or "an account that got compromised," Guthrie said. AI agents create a new challenge. Last week Microsoft published a report that advised organizations to figure out the proper ratio of agents to humans. Veza is building enhancements to enable richer support for agent identities, Thakur said. The new funding will also help Veza expand in the U.S. government and internationally and build more integrations, he said. Peter Lenke, head of Atlassian's venture arm, said his company isn't yet a paying Veza client. "There's always potential down the road," he said. Lenke said he heard about Veza from another investor well before the new round and decided to pursue a stake when the opportunity arose. Lenke said that startups benefit from Atlassian investments because the company "has a large footprint" inside of enterprises. "I think there's a great symbiotic match there," he said.
Business Wire
25-04-2025
- Business
- Business Wire
Veza Identity Security Solutions Now Offered Through GuidePoint Security
REDWOOD SHORES, Calif.--(BUSINESS WIRE)-- Veza, the identity security platform, today announced a strategic reseller partnership with GuidePoint Security, a leading cybersecurity solutions provider that helps organizations minimize risk. Through this partnership, GuidePoint customers can now enhance their identity security strategies using Veza's cutting-edge platform—offering deep visibility and intelligence into access permissions and modern identity infrastructure across cloud and on-premises environments. Veza's identity security platform enables organizations to manage and secure access to data, applications, and systems through an industry-first approach with the Veza Access Graph. The Veza Identity Partner Program (VIPP) equips partners like GuidePoint Security with technical training, financial incentives, and go-to-market support to deliver meaningful results. By combining Veza's innovation with GuidePoint's trusted expertise, the partnership helps customers reduce identity risk and simplify compliance in today's complex IT environments. According to CrowdStrike, 80% of cyberattacks now involve identity-based attack methods—underscoring the urgent need for modern identity security. 'The identity security landscape is becoming increasingly complex as organizations manage access across SaaS, cloud, and hybrid environments,' said Mark Thornberry, SVP of Vendor Management at GuidePoint Security. 'Veza's comprehensive approach to identity security—combined with the enablement support of the Veza Identity Partner Program—empowers us to deliver impactful outcomes that help organizations strengthen their security posture, simplify compliance, and gain deeper visibility into access permissions.' 'Identity is the number one battleground in security, and businesses need trusted partners to help them navigate today's challenges,' said Tom Barsi, SVP of Ecosystems at Veza. 'We are thrilled to welcome GuidePoint Security into the Veza Identity Partner Program, where they will leverage the Veza unified identity security platform and play a key role in helping organizations address their identity security initiatives.' About Veza Veza is the leader in identity security, helping organizations secure access across the enterprise. Veza's Access Platform goes beyond identity governance and administration (IGA) tools to visualize, monitor, and control entitlements so that organizations can stay compliant, achieve least privilege, and de-risk the breach. Global enterprises like Wynn Resorts, Expedia, and Blackstone trust Veza to manage identity security use cases, including privileged access monitoring, non-human identity (NHI) security, access entitlement management, data system access, SaaS access security, IAM hygiene, identity security posture management (ISPM), and next-generation IGA. Founded in 2020, Veza is headquartered in Los Gatos, California, and is funded by Accel, Bain Capital, Ballistic Ventures, Google Ventures (GV), Norwest Venture Partners, and True Ventures. Visit us at and follow us on LinkedIn, X, and YouTube. About GuidePoint Security GuidePoint Security provides trusted cybersecurity expertise, solutions and services that help organizations make better decisions that minimize risk. Our experts act as your trusted advisor to understand your business and challenges, helping you through an evaluation of your cybersecurity posture and ecosystem to expose risks, optimize resources and implement best-fit solutions. GuidePoint's unmatched expertise has enabled more than a third of Fortune 500 companies and more than half of the U.S. government cabinet-level agencies to improve their security posture and reduce risk. Learn more at
Yahoo
31-03-2025
- Business
- Yahoo
Veza Unveils Global Identity Partner Program to Fuel Growth and Meet Growing Demand for Identity Security
PALO ALTO, Calif., March 31, 2025--(BUSINESS WIRE)--Veza, a leader in identity security, is proud to announce the launch of the Veza Identity Partner Program (VIPP), its first global program for resellers and channel partners. Designed to accelerate go-to-market success and foster strategic partnerships, VIPP focuses on empowering select partners, including Value-Added Resellers (VARs), Global System Integrators (GSIs), Cloud Service Providers (CSPs), and Strategic Alliances. Through VIPP, Veza aims to build a partner-driven ecosystem that promotes scalability, innovation, and high-margin partner services while driving the widespread adoption of identity security solutions. The VIPP program is built around five tenets: High margin partner services: Commitment to drive partner-enabled identity services. Simplicity and alignment: A transparent framework for seamless partner engagement. Partner enablement: Role-based training and certification programs to enhance expertise. Innovation and differentiation: Co-development of partner services and solutions that deliver superior customer outcomes. Seamless product integrations: Out-of-the-box product integrations for enterprise systems, including Amazon Web Services (AWS), Microsoft Azure, Oracle, Crowdstrike, Workday, Snowflake, Hashicorp, and more. "Identity is the #1 battleground in security. It requires a modern approach that bridges the gap between IT and security operations with a unified identity security platform," said Tom Barsi, SVP of channels and ecosystems at Veza. "We believe the best way to help organizations transform and modernize their identity infrastructure is by leveraging our mutual partners. That's why Veza is committed to a 100% partner-first strategy, and we are seeing amazing momentum as a result." Key Benefits for Partners in VIPP Partners in VIPP will benefit from financial incentives, access to exclusive enablement resources, and co-marketing support. They will also be part of a strategic, high-impact ecosystem with opportunities for business expansion, joint go-to-market (GTM) activities, and targeted business planning. VIPP partners will gain access to: Financial incentives: Competitive margins, deal registration discounts, and market development funds (MDF). Exclusive enablement training: Tailored sales and technical pathways, demo environments, and certifications. Co-marketing and demand generation: Joint marketing campaigns, field events, and digital marketing support. Strategic collaboration and business planning: Participation in Veza's Partner Advisory Board, quarterly business reviews, and executive briefings. The program also fosters a community collaboration where partners can participate in advisory councils, share insights, and drive joint innovations with Veza. Partner Comments on the Veza Identity Partner Program: "Identity security is foundational to modern customer security," said Rich Douros, Chief Revenue Officer from Defy Security, a strategic partner in VIPP. "As organizations continue to face increasingly complex security challenges, managing identities and access has become essential to mitigating risk and ensuring compliance. Veza's partner program equips partners to deliver the best solutions in this crucial area, helping organizations stay secure while achieving their business goals." "Identity security is the nervous system of modern cybersecurity strategies," said Chris Hibbert, VP of International Sales at Bytes. "As businesses navigate evolving security threats, managing identities and access is no longer optional—it's essential. Veza's partner program empowers us with the right tools, resources, and expertise to help our customers strengthen their security posture while driving business success." About Veza Veza is the leader in identity security, helping organizations secure access across the enterprise. Veza's Access Platform goes beyond identity governance and administration (IGA) tools to visualize, monitor, and control entitlements so that organizations can stay compliant, achieve least privilege, and de-risk the breach. Global enterprises like Wynn Resorts, Expedia, and Blackstone trust Veza to manage identity security use cases, including privileged access monitoring, non-human identity (NHI) security, access entitlement management, data system access, SaaS access security, IAM hygiene, identity security posture management (ISPM), and next-generation IGA. Founded in 2020, Veza is headquartered in Los Gatos, California, and is funded by Accel, Bain Capital, Ballistic Ventures, Google Ventures (GV), Norwest Venture Partners, and True Ventures. Visit us at and follow us on LinkedIn, X, and YouTube. View source version on Contacts Media Contact Alex DaigleVeza@ Sign in to access your portfolio
