ServiceNow announced its intent to acquire Veza. The acquisition will extend the capabilities of ServiceNow’s Security and Risk portfolios into one of cybersecurity’s most important areas that is at the forefront of every breach today – Identity Security. This will enable organisations to understand and control who and what has access to their critical data, applications, systems, and AI artifacts. As businesses take advantage of autonomous capabilities made possible through agentic AI, Veza and ServiceNow will enable end-to-end identity security rooted in the principle of least privilege that significantly reduces enterprise risk.
Modern enterprises must manage a diverse array of identities, including employees, partners, systems, applications, devices, and increasingly, autonomous AI agents. As threat actors adopt agentic AI to orchestrate ever more sophisticated attacks, enterprises need strong identity and access controls and governance to ensure permissions remain tightly aligned with evolving roles, regulatory requirements, and advancing technologies. Veza’s modern, unified, AI-native approach is powered by its patented Access Graph, which maps and analyses access relationships across human, machine, and AI identities, providing an end-to-end access visibility and risk control platform for all types of identity. This foundation embeds governance into every layer of identity and access management, giving security teams granular visibility and control to manage complexity with confidence and to put AI to work securely across every corner of their business.
“In the era of agentic AI, every identity — human, AI agent, or machine — is a force for enterprise impact. It’s only when you have continuous visibility into each identity’s permissions that you can trust it,” said Amit Zavery, president, chief operating officer, and chief product officer at ServiceNow. “By combining Veza’s industry-first Access Graph with ServiceNow’s AI Control Tower and agentic workflows, we can give customers a true single pane of glass, with control of every identity in their organisation. Together, we’ll empower CISOs and security teams to make safer access decisions that protect their businesses, and to defend their high-value data assets from AI-powered attacks.”
“Veza was built to make identity security transparent, scalable, and effective for every organisation,” said Tarun Thakur, CEO of Veza. “With ServiceNow, we will help customers embrace AI with greater confidence. Together, we can turn identity governance and identity security into a strategic advantage by giving organisations clear, integrated control over every type of identity — whether it belongs to a person, a machine, or an AI agent.”
Strengthening identity security across the enterprise
Veza’s Access Graph brings an AI-native approach to identity security, giving organisations a single dashboard to quickly spot and remedy overly broad permissions across both human and machine identities, including AI agents. Its scalable platform supports full next-generation IGA capabilities, including access reviews, access requests, and an access hub, along with permission updates and end-to-end visibility that legacy solutions can’t match.
“ServiceNow powers our horizontal business workflows, while Veza enforces least privilege and adds identity access intelligence at scale,” said John Stecher, chief technology officer at Blackstone. “Together, they’ll enable more secure and scalable workflows for enterprise businesses with smarter access management, ongoing access reviews, and seamless deprovisioning. The combined platform will provide a context-rich identity governance framework that will be key in the age of agentic AI.”
By integrating with ServiceNow’s strength in workflows, knowledge graphs, and AI, Veza also enhances the ServiceNow AI Control Tower by governing what AI agents can access and do across enterprises. Veza also adds critical identity context to existing ServiceNow Security and Risk products, including Vulnerability Response, Incident Response, and Integrated Risk Management, giving customers a clearer view of who and what is associated with an exposure, incident, or risk event. As identity security becomes a core pillar of ServiceNow’s Security Operations, Veza strengthens exposure management, incident response, and integrated risk management capabilities.
Minimising customers’ exposure and cyber risk with integrated identity security
Veza will strengthen ServiceNow’s identity security services with deep cross-platform visibility into who and what has access, enabling consistent and auditable access governance across connected applications. That shared foundation is critical for agentic AI, helping ensure autonomous actions stay aligned with enterprise policies. This gives ServiceNow the trusted identity layer agents need to act safely at scale, which is essential to winning in an agentic AI world. With richer identity visibility, enterprises can centrally govern, monitor, and enforce AI access and actions across their entire ecosystem. Veza also complements existing identity features on the ServiceNow AI Platform, like Machine Identity Console, by offering better visibility and simpler management as businesses scale with AI.