ServiceNow to Acquire Veza to Strengthen Identity Security in AI Era

ServiceNow’s plan to acquire Veza signals a major step forward in how enterprises secure identities across cloud environments, applications, and a fast-growing ecosystem of AI agents. Announced in Santa Clara, the acquisition expands ServiceNow’s Security and Risk portfolios at a time when identity is at the center of most modern breaches and when AI-driven automation is redefining enterprise operations.

Identity security has become a frontline priority. Organisations today manage a mix of employees, contractors, applications, machines, devices, and now autonomous AI agents. As attackers increasingly use agentic AI to scale and coordinate intrusions, enterprises need tighter access controls, continuous visibility, and governance that adapts to dynamic roles and permissions. ServiceNow says the combination with Veza aims to address this shift by giving businesses a unified, granular view of every identity and what it can access.

According to Amit Zavery, President, Chief Operating Officer, and Chief Product Officer, ServiceNow, the rise of AI agents demands a new governance approach. “In the era of agentic AI, every identity – human, AI agent, or machine – is a force for enterprise impact. It’s only when you have continuous visibility into each identity’s permissions that you can trust it,” he said. Zavery noted that integrating Veza’s Access Graph with ServiceNow’s AI Control Tower will give customers a “single pane of glass, with control of every identity.”

Identity Security Becomes a Foundation for AI-Driven Workflows

Modern security strategies increasingly depend on how effectively organisations manage permissions. A single over-entitled identity, human or machine, can expose sensitive data or enable unauthorised actions. Veza’s AI-native platform tackles this challenge using its patented Access Graph, which maps access relationships across humans, systems, and AI agents. This mapping gives security teams a clearer understanding of permission drift, role changes, and hidden access risks that traditional systems often miss.

Veza’s foundation supports next-generation Identity Governance and Administration (IGA) capabilities. This includes access reviews, permission updates, access requests, and a centralised hub for managing identity behaviours across systems. For enterprises that run sprawling application stacks with legacy and modern infrastructure, such visibility offers a way to simplify complex decision-making.

Tarun Thakur, CEO, Veza, said the company’s mission aligns naturally with ServiceNow’s platform vision. “Veza was built to make identity security transparent, scalable, and effective for every organisation,” he said. “With ServiceNow, we will help customers embrace AI with greater confidence.”

The two companies say the integration will embed identity governance deeper into workflows, allowing enterprises to pair automation with guardrails—particularly important as more workflows run autonomously through AI agents.

The growing reliance on AI-powered workflows has intensified demand for governance frameworks that can adapt to unpredictable permission changes. For instance:

• Enterprise DevOps teams often rely on machine identities that scale up and down dynamically. A single misconfiguration can create an opportunity for misuse.

• Data engineering teams managing multi-cloud environments may unintentionally grant broad access to datasets, increasing exposure risks.

• Business units adopting agentic AI may use bots that require limited—but precise—access to systems and need a way to ensure permissions match the intended tasks.

Blackstone’s experience highlights this need. John Stecher, CTO, Blackstone, said the combined capabilities will create “more secure and scalable workflows for enterprise businesses with smarter access management, ongoing access reviews, and seamless deprovisioning.” He added that the unified platform will become “a context-rich identity governance framework that will be key in the age of agentic AI.”

These examples reflect broader enterprise challenges: making sure identities—particularly machine and AI identities—operate within controlled boundaries without slowing innovation.

Enhancing ServiceNow’s Security Operations and AI Control Tower

The acquisition gives ServiceNow a reinforced identity backbone to complement its Security Operations suite. Veza adds critical identity context to solutions such as Vulnerability Response, Incident Response, and Integrated Risk Management. This helps teams understand not just what happened during an incident, but who or what had access when the risk emerged.

With AI Control Tower, identity governance becomes even more strategic. ServiceNow aims to ensure that AI agents follow enterprise rules, adhere to governance workflows, and remain aligned with policies—particularly as businesses push toward autonomous operations.

Veza also enhances existing features on the ServiceNow AI Platform, such as the Machine Identity Console, by offering deeper insights and simplifying identity management.

As enterprises shift from manual processes to autonomous security and AI-driven workflows, identity security becomes the anchor of trust. The acquisition positions ServiceNow to offer a unified identity layer—one that governs humans, machines, and AI agents consistently across cloud environments.

With Veza’s scalable technology and ServiceNow’s workflow intelligence, enterprises gain stronger visibility, auditable access governance, and the ability to ensure AI systems move safely through organisational processes. For businesses preparing for the next phase of AI adoption, this integration could serve as a foundational control layer.

The transaction remains subject to regulatory approvals and closing conditions.