Breaking
ServiceNow agrees to acquire Veza in reported ~$1B+ identity-security deal Veza raises $108M Series D at an $808M valuation Access Graph now monitors 200M+ permissions across the enterprise Snowflake, Workday and Atlassian venture arms back Veza Veza ships native Access Agents for the AI-driven enterprise Named to the Fortune Cyber 60 three years running ServiceNow agrees to acquire Veza in reported ~$1B+ identity-security deal Veza raises $108M Series D at an $808M valuation Access Graph now monitors 200M+ permissions across the enterprise Snowflake, Workday and Atlassian venture arms back Veza Veza ships native Access Agents for the AI-driven enterprise Named to the Fortune Cyber 60 three years running
Veza company logo
VEZA, INC.
The identity-security company, photographed in its own colors - the Access Graph rendered as a wordmark.
Company Profile / Identity Security

Who can access what?

Veza turned that one question into a category - and a patented Access Graph that maps every permission across the modern enterprise.

Founded 2020 Los Gatos, CA ~260 employees Series D
Share LinkedIn Twitter / X Facebook Instagram
The Story

A graph for the question no one could answer

In 2020, executives kept getting stumped by a plain question: who can actually access our most sensitive data? Veza was built to answer it.

For most of the cloud era, security teams could tell you who logged in. They struggled to tell you what those people - and the machines acting on their behalf - could then do. Permissions live scattered across dozens of systems: a cloud console here, a data warehouse there, a SaaS app somewhere else, each with its own model of roles and entitlements. Veza's founders, watching enterprises pour sensitive data into the cloud, saw the gap and built a company around closing it.

The result is the Access Graph, a patented core that ingests authorization metadata from across the enterprise and maps the relationships between identities and the resources they can reach. Rather than asking an identity provider "who is this person," Veza asks the harder question: given every role, group, policy and nested permission in the way, who can take what action on what data. That nine-word phrase has survived from the company's stealth years through its acquisition, unchanged, because it is the whole product.

2020
Founded
$248M
Total funding
200M+
Permissions monitored
250+
Integrations
What It Does / Who Uses It

Least privilege, made visible

The security principle Veza serves is old and universally endorsed: least privilege - give each identity only the access it truly needs, and nothing more. The problem is that at enterprise scale, least privilege is nearly impossible to prove. A single large company can hold billions of individual permissions, most of them dormant, misconfigured, or inherited through layers of nested groups. Veza's approach is to stop guessing and instead render access as data you can query, review, and monitor.

Customers use the platform for a familiar set of hard jobs: cloud entitlements, data-system access, next-generation identity governance and administration (IGA), privileged-access monitoring, SaaS access security, and the fast-growing category of non-human identity management. The named customer roster skews toward regulated, high-stakes enterprises - Blackstone, Wynn Resorts, Expedia, Zoom, Workday, Snowflake, Choice Hotels, Barracuda and InComm Payments among them - the kind of organizations where an over-permissioned account is not a nuisance but a headline waiting to happen.

If we can democratize identity where a Snowflake owner, a Salesforce owner, an OpenAI ChatGPT owner can do least privilege, I think we have made a significant impact forward. Tarun Thakur, Co-Founder & CEO

What people can actually do with it is concrete. A security analyst can type a question in plain language and get back every identity that can read a sensitive table. A compliance team can run an access-certification campaign that surfaces risky access instead of rubber-stamping spreadsheets. An identity engineer can set access to expire automatically when someone changes roles or leaves. And increasingly, teams can point the same lens at the service accounts, API keys, and AI agents that now outnumber human users in most enterprises.

Products & Services

One platform, built on the graph

Everything Veza sells sits on top of the Access Graph. The modules turn that map into workflows a security or identity team actually runs.

2022

Access Search

Query permission relationships across hundreds of systems by natural language or REST API.

2022

Access Visibility

Surface who has access to what across cloud, SaaS, data, and infrastructure - eliminating blind spots.

2022

Access Intelligence

Flag overprivileged and dormant access and recommend right-sizing toward least privilege.

2023

Access Monitoring

Track not just who can access resources, but who actually has - so unused entitlements get trimmed.

2023

Next-Gen IGA

Automated, risk-prioritized access reviews, certifications, and self-service access requests.

2024

Lifecycle Management

Auto grant and revoke access on join/move/leave, with dry-run to catch policy violations first.

2024

Access AI

A generative-AI assistant to investigate and remediate identity risk through a chat interface.

2025

NHI Security

Discover and govern non-human identities: service accounts, secrets, keys, and workloads.

2025

AI Agent Security

An identity control plane and native Access Agents to secure and govern AI agents at scale.

How It's Different / Business Model

Not identity-provider-centric

The differentiator

Traditional identity governance tends to stay anchored to the identity provider - it knows who exists and which apps they were assigned. Veza instead reads permissions at the data and resource level, translating each system's native model into a common graph. That is why it can answer "who can delete this bucket" or "who can read this table," not just "who is in the finance group."

The business model

Veza is B2B SaaS, sold as a subscription to large enterprises through direct sales and cloud marketplaces including AWS and CrowdStrike. It runs a land-and-expand motion - start with one use case, grow across the estate - reflected in net revenue retention the company has reported near 150%.

The competitive set is crowded. Veza lines up against established governance vendors like SailPoint, Saviynt, Okta Identity Governance and CyberArk, plus a wave of newer entrants such as ConductorOne and Lumos. Its wager is that the winning position is not another connector into the identity provider, but the authoritative map of effective permissions underneath every system - the layer that makes least privilege auditable rather than aspirational.

Funding & Backers

From stealth to a premium exit

Veza operated quietly for two years, then emerged in 2022 with a $110M round and a roster of cybersecurity luminaries as angels - including Kevin Mandia of Mandiant, Enrique Salem of Symantec, and Lane Bess of Palo Alto Networks. The 2025 Series D added an unusual signal: cloud vendors Snowflake, Workday, and Atlassian invested through their venture arms while also integrating Veza to help secure access to their own platforms.

Seed / early
~$15M
Series C · 2022
$110M
Series D · 2025
$108M

The Series D was led by New Enterprise Associates and valued Veza at $808 million. Months later, in December 2025, ServiceNow - itself an early Veza investor - announced a definitive agreement to acquire the company in a reported deal north of $1 billion, aimed squarely at governing permissions for the coming wave of AI agents. The transaction was expected to close in the first half of 2026.

ServiceNow powers our horizontal business workflows, while Veza enforces least privilege and adds identity access intelligence at scale. John Stecher, CTO, Blackstone
Timeline

Five years, one thesis

2020

Founded in stealth

Tarun Thakur, Maohua Lu, and Rob Whitcher start Veza around the idea of an authorization graph for enterprise data.

2022

Emerges from stealth with $110M

Veza reveals itself publicly and positions around the power of authorization.

2023

Next-Gen IGA and CrowdStrike integration

Extends into identity governance and syncs risk scoring with CrowdStrike Falcon.

2024

Introduces Access AI

Adds a generative-AI assistant to investigate and remediate identity risk in plain language.

2025

$108M Series D and NHI Security

Raises at an $808M valuation and ships a dedicated non-human identity product.

2025

ServiceNow agrees to acquire Veza

A definitive agreement in a reported ~$1B+ deal, expected to close in 2026.

2026

Access Agents for the AI-driven enterprise

Native agents bring identity control to autonomous AI.

Expertise & Culture

Guardians, by design

Veza's depth is in a genuinely unglamorous discipline: reading and normalizing permissions from more than 250 different systems, each with its own authorization model, into a single coherent graph. That plumbing is hard to build and harder to keep current - which is precisely why it became the company's moat. The founding team paired that engineering with deep security credibility, drawing early angel backing from some of the biggest names in the field.

The company is globally distributed and organized around a values acronym it calls MIGHT: Mindset, Integrity, Guardians, Humility, and Trust. "Guardians" is customer obsession by another name - fitting for a product whose entire job is to guard other organizations' data.

Recognition

  • Fortune Cyber 60 - three years running
  • Frost Radar NHI Solutions 2025 - Leader
  • Rising in Cyber 2024 (CISO-voted)
  • CRN 2024 Top Stellar Startups
  • SOC 2 Type 2 certified
  • 100% Willingness to Recommend, Gartner Peer Insights (IGA)
identity security access governance least privilege non-human identity cloud entitlements iga ai agent security zero trust
FAQ

The short answers

What does Veza do?

Veza is an identity-security platform that maps who can take what action on what data across cloud, SaaS, data, and infrastructure systems, helping enterprises enforce least privilege and automate access governance.

Who founded Veza and when?

Veza was founded in 2020 by Tarun Thakur (CEO), Maohua Lu (CTO), and Rob Whitcher (Chief Product Officer). It operated in stealth until 2022.

How much funding has Veza raised?

Veza has raised roughly $248M in total, including a $110M Series C in 2022 and a $108M Series D in 2025 at an $808M valuation.

Is Veza being acquired?

Yes. In December 2025, ServiceNow announced a definitive agreement to acquire Veza in a reported ~$1B+ deal, expected to close in the first half of 2026.

Who are Veza's competitors?

Veza competes with identity-governance and access vendors such as SailPoint, Saviynt, Okta Identity Governance, and CyberArk, as well as newer players like ConductorOne and Lumos.

Explore More

Watch, read, and follow

Profile compiled from public sources including veza.com, ServiceNow's newsroom, BusinessWire, CNBC, SiliconANGLE, SecurityWeek, Forbes, and Gartner. Funding and valuation figures are as reported; the ServiceNow acquisition price is approximate and reported. Some figures are approximate and reflect the most recent public disclosures.