Data security platform company Veza Inc. today announced it has expanded its identity security platform with the launch of a dedicated nonhuman identity security product.

The new NHI Security product and capabilities offer visibility, ownership and governance to machine identities, such as service accounts, secrets, keys and workloads, across software-as-a-service, cloud, infrastructure and on-premises environments.

The new offering seeks to address the rising issue faced by enterprises as they adopt artificial intelligence: a flood of machine identities that are difficult to control. The problem arises as every model, training run and inference call spins up new credentials that access sensitive data and systems.

Veza argues that these AI workloads don’t just add scale but “introduce chaos.” Machine identities now outnumber humans 17 to 1 and most are invisible, ownerless and dangerously overprivileged.

Added to the mix is that threat actors such as Volt Typhoon are now deliberately targeting identity as their primary attack surface. With the new release, Veza says it brings order to NHI chaos by giving organizations a structured, automated way to discover, govern and lock down NHIs with the same rigor applied to humans.

Veza’s NHI Security product offers a purpose-built product for machine identities backed by deep analytics, full lifecycle insights and automation integrated with Veza’s platform.

Through the NHI Security module in Veza, users gain a unified inventory of machine identities, including Amazon Web Services Inc. EC2 instances, Microsoft Corp. Azure Virtual Machines, Google Cloud Platform clusters and service principals from platforms such as Okta Inc. and Salesforce Inc. The platform uses advanced logic to automatically classify NHIs and supports refinement via custom enrichment rules to align with organizational environments.

The new offering also introduces automated risk detection and mitigation capabilities designed to surface and address common security gaps. Prebuilt dashboards identify issues such as dormant keys, unrotated secrets, orphaned accounts and overly permissive NHIs. Users can inspect metadata, including usage history, rotation status and current activity across key infrastructure tools like AWS KMS, Azure Key Vault, HashiCorp Vault and GitHub for targeted and timely remediation.

The Veza NHI Security product additionally includes ownership controls and compliance features. The platform issues alerts when NHIs become orphaned or when associated human owners leave the organization, with access intelligence-based recommendations for reassignment. It also supports automated compliance enforcement through credential hygiene tracking, least privilege validation and visualizations via Access Graphs.

“NHI security isn’t a nice-to-have — it’s mission-critical for enterprises operating in the real world of cloud, complexity and legacy sprawl,” said co-founder and Chief Executive Tarun Thakur. “With 17 nonhuman identities for every human, this isn’t just a visibility issue, it’s an automation imperative.”

Veza is a venture capital-backed startup that has raised approximately $235 million over four rounds, including rounds of $108 million in April and $110 million in 2022. Investors in the company include New Enterprise Associates Inc., Accel Partners LP, Google Ventures, True Ventures LP, Norwest Venture Partners LP and Ballistic Ventures.

Image: Veza