Veza

Researched 2026-06-28. Primary category: identity-governance.

One-liner — Identity-security “Access Graph” that maps and controls who (or what) can do what across apps, data, cloud, and AI agents — now part of ServiceNow.

What it does

Veza’s Access Platform builds an authorization graph across systems and normalizes their disparate permission models into one answer to “who can take which action on which resource.” On that it runs access intelligence, privileged-access monitoring, access reviews/certifications, separation-of-duties, non-human-identity (NHI) security, and SaaS/data access governance. Rather than replacing the IdP or classic IGA workflow engine, it adds the deep effective-permissions visibility that those tools historically lacked.

Where it sits in the stack

The identity-governance foundation plus data-access-governance. It protects sensitive data by exposing and right-sizing effective access — directly relevant to keeping entitlement-aware-rag and AI assistants from surfacing data a user/agent shouldn’t reach. Strong on non-human/agent identity, which matters as agentic systems proliferate.

Deployment & architecture

SaaS. Connects broadly across IdPs (microsoft-entra, okta), cloud (AWS/Azure/GCP), SaaS apps, data systems (Snowflake, etc.), and infrastructure to ingest permission metadata into the Access Graph. Integrates with SIEM/ITSM workflows; now folding into ServiceNow’s Security & Risk portfolio and AI Control Tower.

Positioning & differentiators

Known for authorization visibility — the “Access Graph” of effective permissions — versus the workflow/certification heritage of sailpoint/saviynt. Positioned as AI-native identity security and a leader in NHI. Differentiator is depth of cross-system permission analysis rather than provisioning. Overlaps data-access neighbors varonis, cyera, sentra on the data side and conductorone on access reviews.

Ownership, funding & M&A

M&A verified — material change from seed. ServiceNow announced the acquisition of Veza on December 2, 2025, and the deal closed March 2, 2026 (reported ~$1B by SecurityWeek; ServiceNow did not disclose value). Founded 2020 (CEO Tarun Thakur), HQ Los Gatos, CA; had raised ~$235M, most recently a $108M Series D (Apr 2025, NEA-led, $808M valuation). Seed registry listed it as independent with no M&A flag → corrected to acquired (ServiceNow subsidiary), confidence high.

CTO / hedge-fund lens

Day-2, moving toward Day-1 for funds doing RAG or under model-risk/audit pressure, where proving and minimizing effective access is the control. Veza’s strength — answering “who can actually touch this data/model, including agents” — is exactly the question AI access governance raises. Now-under-ServiceNow: attractive if the fund already runs ServiceNow (single pane of glass, ITSM-integrated remediation); watch for product integration/roadmap churn typical post-acquisition, and pricing moving to ServiceNow’s enterprise model.

Competitors / alternatives

sailpoint, saviynt, conductorone, lumos. Data-access neighbors: varonis, cyera, sentra. Bundled option: microsoft-entra.

Open questions / to verify

  • Post-close product/branding integration into ServiceNow and impact on standalone availability and pricing.

Sources

History

  • [2026-06-28] Stub created from seed registry.
  • [2026-06-28] Researched; verified ServiceNow acquisition (announced 2025-12-02, closed 2026-03-02). Corrected ownership independent→acquired (ServiceNow), confidence high — material change not flagged in seed. Day-2, medium hedge-fund fit.