2 days ago
Veza Unveils New NHI Security Product to Tackle the Fastest-Growing Risk in Identity Security in the AI Era
REDWOOD SHORES, Calif.--(BUSINESS WIRE)-- Veza, the identity security company, today announced a significant platform expansion focused on securing Non-Human Identities (NHIs). The new NHI Security product and capabilities deliver visibility, ownership, and governance to machine identities—such as service accounts, secrets, keys, and workloads—across SaaS, cloud, infrastructure, and on-premises environments.
As enterprises rush to adopt AI, they're unleashing a flood of machine identities faster than anyone can control. Every model, training run, and inference call spins up new credentials that access sensitive data and systems. These AI workloads don't just add scale, they introduce chaos. Machine identities now outnumber humans 17 to 1, and most are invisible, ownerless, and dangerously overprivileged. They're powering core business processes, yet flying completely under the radar. Worse, threat actors like Volt Typhoon are deliberately targeting identity as their primary attack surface.
Veza brings order to this chaos by giving organizations a structured, automated way to discover, govern, and lock down NHIs—with the same rigor applied to humans. From visibility to ownership to least privilege, Veza puts security back in control of the machines that now run your business. Veza's NHI adoption is surging because enterprises aren't waiting to become the next headline. The risk is real, the sprawl is unchecked, and the only way forward is to act now.
'Non-human identities in our Azure estate—service principals, managed identities, and the secrets that support our custom applications—have been a blind spot," said Lena Taylor, VP, Chief Information Security Officer at Crocs. "As we roll out Veza, we will have a single, centralized view to discover, monitor, and govern these machine identities. The ability to assign clear ownership, surface risk, and enforce least-privilege across Azure is already reshaping how we approach identity security, and we're excited to see the full impact as deployment continues.'
Now available in the Veza Access platform, Veza NHI Security product provides a purpose-built product offering for machine identities—backed by deep analytics, full lifecycle insights, and automation integrated with Veza's platform. Highlights include:
Comprehensive NHI Discovery and Visibility: Easily access the new NHI Security module in Veza to view a unified inventory of NHIs, including AWS EC2 instances, Azure VMs, GCP clusters, Entra ID service principals, Okta, Salesforce, HashiCorp, and many more. Veza automatically classifies NHIs using advanced logic and lets you refine via enrichment rules to fit your environment.
Automated Risk Detection and Mitigation: Pre-built access risk dashboards highlight critical risks such as dormant keys, unrotated secrets, orphaned accounts, and NHIs with excessive permissions. Drill down into key and secret metadata—like last used, rotation status, and active state—across systems like AWS KMS, Azure Key Vault, HashiCorp Vault, GitHub, and Salesforce.
Human to Non-Human Ownership Management: Get real-time alerts when an NHI becomes orphaned or its human owner leaves the org. Veza suggests a new owner based on access intelligence and allows you to reassign with a single click. Use Veza Enrichment Rules for advanced use cases (e.g. workload identity, ephemeral instances, non-human to non-human, etc.).
Integrated Compliance Control: Maintain compliance with automated tracking of NHI ownership, credential hygiene, and least privilege enforcement—backed by Access Graph visualizations and risk scoring for every non-human identity.
With Veza's new NHI capabilities, customers:
Improve Security: Eliminate dormant accounts, detect unknown access paths, and reduce the blast radius of potential breaches.
Reduce Risk and Compliance Gaps: Prove key rotation and least privilege enforcement for machines and workloads.
Eliminate Access Uncertainty: Understand the true scale of your NHI footprint—even when machine identities masquerade as human users.
'NHI discovery and lifecycle are mission-critical use cases for enterprises operating in the real world of cloud, identity complexity, and Agentic AI adoption,' said Tarun Thakur, CEO and Co-Founder of Veza. 'NHI Security isn't actually an identity in your directory services, the machine identities are everywhere across SaaS, databases, cloud, disconnected systems, and now AI apps. Veza is delivering the next-gen identity platform designed on the permissions and entitlements metadata to help organizations achieve least privilege at scale as the foundation to Zero Trust.'
About Veza
Veza is the leader in identity security, helping organizations secure access across the enterprise. Veza's Access Platform goes beyond identity governance and administration (IGA) tools to visualize, monitor, and control entitlements so that organizations can stay compliant and achieve least privilege. Global enterprises like Wynn Resorts, Expedia, and Blackstone trust Veza to manage identity security use cases, including privileged access monitoring, non-human identity (NHI) security, access entitlement management, data system access, SaaS access security, IAM hygiene, identity security posture management (ISPM), and next-generation IGA. Founded in 2020, Veza is headquartered in Los Gatos, California, and is funded by Accel, Bain Capital, Ballistic Ventures, Google Ventures (GV), NEA, Norwest Venture Partners, and True Ventures. Visit us at and follow us on LinkedIn, X, and YouTube.
