# AI Agent Security AI Agent Security extends Veza's authorization graph to include AI resources. It discovers AI Agents, AI Models, and AI Tools across AWS Bedrock, AWS Bedrock AgentCore, Google Cloud Vertex AI, Microsoft Copilot Studio, Azure AI Foundry, Salesforce, and ServiceNow. From there, you can trace how agents access sensitive data through IAM roles and service principals, assign ownership for governance accountability, create access reviews, and alert on risky configurations. {% hint style="info" %} **Early Access**: AI Agent Security is an early access feature. Contact Veza support to enable it for your tenant. {% endhint %} ## Requirements * AI Agent Security feature flag enabled (contact Veza support) * At least one supported cloud integration: * AWS (for Bedrock agents, models, and AgentCore runtimes) * Google Cloud (for Vertex AI agents) * Microsoft (for Copilot Studio and Azure AI Foundry agents) * Salesforce (for Agentforce agents) * ServiceNow (for AI Agent Studio agents and Now Assist assets) See [Configuration](/4yItIzMvkpAvMVFAamTf/features/ai-agent-security/configuration.md) for setup instructions per platform. ## What Veza Discovers Veza discovers three categories of AI resources: * **AI Agents** — Autonomous execution engines: Bedrock agents, Bedrock AgentCore runtimes, Vertex AI Reasoning Engines, Copilot Studio bots, Azure AI Foundry agents, Agentforce bots, and ServiceNow AI Agents * **AI Models** — Foundation models, custom models, and imported models used by agents * **AI Tools** — Knowledge bases, action groups, prompt templates, and ServiceNow AI tools that extend agent capabilities See [Supported Entities](/4yItIzMvkpAvMVFAamTf/features/ai-agent-security/supported-entities.md) for the full list of entity types per platform, including entity properties and access relationship models. ## Navigating AI Agent Security AI Agent Security is organized into three views: * **Overview** — Aggregated counts and trends for agents, models, and credentials across connected platforms * **Agents** — Filterable list of all discovered agents. Filter by platform, ownership status, or creation date. Select an agent to view its linked models and access paths in the graph. * **Keys & Secrets** — AI-related credentials such as service account keys and API tokens. See [NHI Security](/4yItIzMvkpAvMVFAamTf/features/nhi.md) for credential management capabilities. ![AI Agent Security overview page.](/files/eHEq6uc1GApDPxzk4vSC) ![AI Agent Security Agents view.](/files/KIO9nODpJ6s9LDzdE550) ## Access Path Analysis Agents access resources by assuming IAM roles or service principals. Veza traces these multi-hop paths to show the agent's effective permissions across downstream resources. {% @mermaid/diagram content="graph LR A\[Bedrock Agent] -->|CAN\_ASSUME\_ROLE| B\[IAM Role] B --> C\[S3 Bucket] B --> D\[RDS Database] ``` style A fill:#ff9900,stroke:#232f3e,stroke-width:2px,color:#fff style B fill:#ff9900,stroke:#232f3e,stroke-width:2px,color:#fff style C fill:#569a31,stroke:#232f3e,stroke-width:2px,color:#fff style D fill:#569a31,stroke:#232f3e,stroke-width:2px,color:#fff" %} ``` A Bedrock agent assumes an IAM role. Veza resolves the role's permissions and shows which downstream resources the agent can reach. This makes it possible to evaluate the full blast radius of a given agent, not just its immediate role assignment. See [Access paths and relationships](/4yItIzMvkpAvMVFAamTf/features/ai-agent-security/supported-entities.md#access-paths-and-relationships) in Supported Entities for common patterns and security considerations. ## Ownership Assign owners to AI Agents for governance accountability. Owners are notified when included in access reviews. Ownership can be assigned in bulk from the Agents view, or systematically using enrichment rules. **To assign ownership with enrichment rules:** 1. Create a saved query using [Query Builder](/4yItIzMvkpAvMVFAamTf/features/search/query-builder.md) that identifies the agents to enrich. 2. Go to **Integrations > Enrichment** and click **Add Enrichment Rule**. 3. Select **Entity Owner** as the enrichment type and choose the relevant AI Agent entity type (`BedrockAgent`, `BedrockAgentCoreRuntime`, `VertexAiReasoningEngine`, `MicrosoftCopilotStudioBot`, `SalesforceBotDefinition`, or `ServiceNowAIAgent`). 4. Select your saved query and specify owners from your integrated IdP or HRIS. 5. Save the rule and trigger a data source extraction. See [Enrichment Rules](/4yItIzMvkpAvMVFAamTf/integrations/configuration/enrichment.md) for full configuration details. ## Rules and Alerts Use [Saved Queries](/4yItIzMvkpAvMVFAamTf/features/search/saved-queries.md) to create rules that notify when AI security conditions change. Useful starting points: * Agents deployed without an assigned owner * Agents using models with `lifecycle_status = LEGACY` * Agents with write permissions to production databases Alerts can be delivered via email, Slack, webhooks, ServiceNow, or Jira. See [Rules and Alerts](/4yItIzMvkpAvMVFAamTf/features/insights/rules-and-alerts.md) for configuration. ## AI Agent Security and NHI Security AI Agent Security and [NHI Security](/4yItIzMvkpAvMVFAamTf/features/nhi.md) both surface non-human identities, but at different layers: | | NHI Security | AI Agent Security | | --------------- | --------------------------------------------------- | -------------------------------------------------------------------------------------------------------------------- | | **Discovers** | Service accounts, API keys, tokens, certificates | AI Agents, AI Models, knowledge bases, action groups | | **Platforms** | AWS, Azure, Google Cloud, and SaaS integrations | AWS Bedrock, AWS Bedrock AgentCore, Google Cloud Vertex AI, Copilot Studio, Azure AI Foundry, Salesforce, ServiceNow | | **Primary use** | Credential hygiene, key rotation, orphaned accounts | AI governance, model tracking, agent access analysis | The two work together. An agent discovered by AI Agent Security may assume an IAM role whose associated service account keys are tracked by NHI Security. ## Next Steps * [Supported Entities](/4yItIzMvkpAvMVFAamTf/features/ai-agent-security/supported-entities.md) — Entity types, properties, and access relationship models per platform * [Configuration](/4yItIzMvkpAvMVFAamTf/features/ai-agent-security/configuration.md) — Add required permissions to your cloud integrations * [Query Builder](/4yItIzMvkpAvMVFAamTf/features/search/query-builder.md) — Build and save queries for AI resources * [Access Reviews](/4yItIzMvkpAvMVFAamTf/features/access-reviews.md) — Create recurring reviews for AI Agent permissions * [Rules and Alerts](/4yItIzMvkpAvMVFAamTf/features/insights/rules-and-alerts.md) — Configure automated alerts for AI security events --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.veza.com/4yItIzMvkpAvMVFAamTf/features/ai-agent-security.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.