Veza
Researched 2026-06-28. Primary category: identity-governance.
One-liner — Identity-security “Access Graph” that maps and controls who (or what) can do what across apps, data, cloud, and AI agents — now part of ServiceNow.
What it does
Veza’s Access Platform builds an authorization graph across systems and normalizes their disparate permission models into one answer to “who can take which action on which resource.” On that it runs access intelligence, privileged-access monitoring, access reviews/certifications, separation-of-duties, non-human-identity (NHI) security, and SaaS/data access governance. Rather than replacing the IdP or classic IGA workflow engine, it adds the deep effective-permissions visibility that those tools historically lacked.
Where it sits in the stack
The identity-governance foundation plus data-access-governance. It protects sensitive data by exposing and right-sizing effective access — directly relevant to keeping entitlement-aware-rag and AI assistants from surfacing data a user/agent shouldn’t reach. Strong on non-human/agent identity, which matters as agentic systems proliferate.
Deployment & architecture
SaaS. Connects broadly across IdPs (microsoft-entra, okta), cloud (AWS/Azure/GCP), SaaS apps, data systems (Snowflake, etc.), and infrastructure to ingest permission metadata into the Access Graph. Integrates with SIEM/ITSM workflows; now folding into ServiceNow’s Security & Risk portfolio and AI Control Tower.
Positioning & differentiators
Known for authorization visibility — the “Access Graph” of effective permissions — versus the workflow/certification heritage of sailpoint/saviynt. Positioned as AI-native identity security and a leader in NHI. Differentiator is depth of cross-system permission analysis rather than provisioning. Overlaps data-access neighbors varonis, cyera, sentra on the data side and conductorone on access reviews.
Ownership, funding & M&A
M&A verified — material change from seed. ServiceNow announced the acquisition of Veza on December 2, 2025, and the deal closed March 2, 2026 (reported ~$1B by SecurityWeek; ServiceNow did not disclose value). Founded 2020 (CEO Tarun Thakur), HQ Los Gatos, CA; had raised ~$235M, most recently a $108M Series D (Apr 2025, NEA-led, $808M valuation). Seed registry listed it as independent with no M&A flag → corrected to acquired (ServiceNow subsidiary), confidence high.
CTO / hedge-fund lens
Day-2, moving toward Day-1 for funds doing RAG or under model-risk/audit pressure, where proving and minimizing effective access is the control. Veza’s strength — answering “who can actually touch this data/model, including agents” — is exactly the question AI access governance raises. Now-under-ServiceNow: attractive if the fund already runs ServiceNow (single pane of glass, ITSM-integrated remediation); watch for product integration/roadmap churn typical post-acquisition, and pricing moving to ServiceNow’s enterprise model.
Competitors / alternatives
sailpoint, saviynt, conductorone, lumos. Data-access neighbors: varonis, cyera, sentra. Bundled option: microsoft-entra.
Open questions / to verify
- Post-close product/branding integration into ServiceNow and impact on standalone availability and pricing.
Sources
- ServiceNow to Acquire Veza — ServiceNow Newsroom — fetched 2026-06-28 — supports: ServiceNow acquisition, announced 2025-12-02 / closed 2026-03-02; confidence: high
- Veza Raises $108M Series D — Veza press room — fetched 2026-06-28 — supports: founding 2020, HQ, $108M Series D at $808M (Apr 2025), ~$235M total; confidence: high
History
- [2026-06-28] Stub created from seed registry.
- [2026-06-28] Researched; verified ServiceNow acquisition (announced 2025-12-02, closed 2026-03-02). Corrected ownership independent→acquired (ServiceNow), confidence high — material change not flagged in seed. Day-2, medium hedge-fund fit.