# Access AI

> Access AI is now available for Veza customers. Contact your account team to enable Access AI capabilities in your environment and begin transforming how your organization approaches identity security.

## Revolutionizing Identity Security with Generative AI

Veza Access AI represents a paradigm shift in identity and access management, combining the power of Generative AI with Veza's unified Access Graph to democratize identity security across your organization. By enabling natural language interactions and intelligent automation, Access AI transforms complex access relationships into actionable insights that both technical and business teams can leverage.

<figure><img src="/files/DrAoVAsQNDVlZZq44LRG" alt="Introducing Access AI"><figcaption><p>Introducing Access AI</p></figcaption></figure>

In today's enterprise environment, understanding "who has access to what" involves navigating intricate webs of relationships across hundreds of systems. A single identity might connect to critical resources through multiple paths involving SSO providers, directory services, cloud IAM roles, and local permissions. Traditional approaches require deep technical expertise and manual analysis, creating barriers to effective security governance.

Access AI eliminates these barriers by democratizing Access Intelligence for business users, and accelerating risk discovery with AI-powered analysis for hidden access patterns and potential threats.

### Key Capabilities

* **Natural Language Queries**: Transform complex technical questions into simple conversational queries:
  * *Attribute-driven*: "Show me Okta Users who have MFA disabled and can read from AWS S3 buckets"
  * *Conditional scenarios*: "Show me Okta users who have access to AWS S3 buckets via Okta Group memberships"
  * *AND/OR conditions*: "Show me Azure AD users who are guests and who have administrator roles"
* **Intelligent Risk Detection**: AI-powered analysis identifies patterns humans might miss: dormant permissions, unusual access paths, and separation of duties violations
* **Access Review Explainability**: Natural-language summaries that explain the scope, progress, and context of active access reviews, helping reviewers, administrators, and compliance teams understand certification activities without technical expertise
* **Role Intelligence**: Tailored least privilege recommendations for Access Requests and Lifecycle Management, simulating access impact and suggesting entitlements based on existing patterns

### Understanding Access AI vs Core Veza Features

Access AI is an **enhancement layer** that makes Veza's powerful identity security capabilities more accessible through generative AI. The core Veza platform provides products and features including:

* **Access Graph**: Map of all identity relationships in your environment
* **Access Intelligence**: Insights, dashboards, and analytics using VQL
* **NHI Security**: Discovery and management of all non-human identities (service accounts, API keys, etc.)
* **Access Reviews**: Governance workflows for access certification campaigns

Access AI augments and extends core Veza services with the latest technologies:

* **Natural Language Interface**: Query complex relationships without technical expertise
* **Semantic Search**: Intent-based discovery beyond keyword matching
* **Intelligent Insights**: AI-powered risk detection and pattern recognition

> **Note**: Standard NHI discovery and management is a core Veza feature available to all customers. Access AI adds GenAI capabilities on top of these foundations. For more on NHI management with Veza, see [NHI Security](/4yItIzMvkpAvMVFAamTf/features/nhi.md).

## Core Technologies

<table data-view="cards"><thead><tr><th align="center"></th><th></th><th data-hidden data-card-target data-type="content-ref"></th></tr></thead><tbody><tr><td align="center"><strong>🎯 Generative AI Engine</strong></td><td>Advanced language models (Sonnet, Haiku, Mistral) orchestrated through LangGraph for context-aware understanding, intelligent VQL translation, and reduced hallucinations through careful prompt engineering</td><td><a href="/pages/hDia8drJdP8czdGXTJaq">/pages/hDia8drJdP8czdGXTJaq</a></td></tr><tr><td align="center"><strong>🌐 Universal Search</strong></td><td>Intuitive natural language discovery that surfaces related queries and dashboards with minimal input, understanding nuance like negations and access patterns to enhance <a href="/pages/TeTfrzqyBk1xQFbAPpJs">Query Builder</a> and <a href="/pages/tY5h9XsR1nNwfVh3UpNv">Graph</a> exploration</td><td><a href="/pages/nwJnrckzcMSnbujO3H7l">/pages/nwJnrckzcMSnbujO3H7l</a></td></tr></tbody></table>

## Architecture Overview

Access AI is built on three essential layers, each requiring specific security controls:

| Layer                    | Components                                       | Security Focus                                               |
| ------------------------ | ------------------------------------------------ | ------------------------------------------------------------ |
| **Model Layer**          | OpenAI, Azure OpenAI, AWS Bedrock, Custom Models | Access governance, usage policies, prompt security           |
| **Infrastructure Layer** | Vector databases (pgvector), Embedding storage   | Data integrity, access controls, audit trails                |
| **Application Layer**    | Custom applications, Integrations                | Identity management, permission scoping, activity monitoring |

## 📚 Technical Resources

<table data-view="cards"><thead><tr><th></th><th></th><th data-hidden data-card-target data-type="content-ref"></th></tr></thead><tbody><tr><td><strong>Applications of Gen AI for Identity Security</strong></td><td><em>17-22 minute deep dive</em> by Shanmukh Sista exploring how Veza Access AI works under the hood, including VQL design, prompt engineering, and our agentic framework</td><td><a href="/pages/hDia8drJdP8czdGXTJaq">/pages/hDia8drJdP8czdGXTJaq</a></td></tr><tr><td><strong>Universal Search Powered by AI</strong></td><td><em>4-5 minute guide</em> to semantic search capabilities that understand intent beyond keywords to surface relevant queries and insights</td><td><a href="/pages/nwJnrckzcMSnbujO3H7l">/pages/nwJnrckzcMSnbujO3H7l</a></td></tr><tr><td><strong>Model Context Protocol (MCP) Security</strong></td><td><em>10-13 minute analysis</em> by Maohua Lu, Shanmukh Sista, and Tarun Thakur on securing AI agent connections to enterprise systems</td><td><a href="/pages/9LYsIA0GYJYMfvOgollK">/pages/9LYsIA0GYJYMfvOgollK</a></td></tr><tr><td><strong>Trust as the Foundation for Agentic AI</strong></td><td><em>5-7 minute framework</em> by Dr. Maohua Lu for end-to-end security across the AI lifecycle</td><td><a href="/pages/3PLZUKYyasHscsA9u0f9">/pages/3PLZUKYyasHscsA9u0f9</a></td></tr></tbody></table>


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.veza.com/4yItIzMvkpAvMVFAamTf/features/access-ai.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.