Earlier this week, ServiceNow confirmed that it had completed its acquisition of the identity security firm Veza. The deal was first announced in December last year. While the value of the acquisition hasn’t been officially announced, it was rumored to be more than $1 billion.
If correct, this would make Veza one of the three highest-value ServiceNow acquisitions of all time. So why has the company invested so much in Veza? And why is identity-related security such a priority in 2026?
ServiceNow and Veza: The Headlines
Veza is a cybersecurity vendor that specializes in identity-based security. The company offers a range of benefits that can identify and manage digital identities. Crucially, this includes entitlements across on-premises environments, cloud infrastructure, SaaS platforms, and AI agents.
The capability that’s particularly relevant to ServiceNow is Veza’s Access Graph. This essentially offers a visual interface for IT teams to map, analyze, and understand permissions across human, AI, applications, and machine identities.
On the surface, ServiceNow’s acquisition of Veza looks consequential. But when you put it in context, the impact is even greater. That’s because the original announcement came within just a few weeks of another high-profile security acquisition, Armis, which itself had a price tag of $7.75 billion. This makes Armis and Veza the highest and (rumored) third-highest-value acquisitions in ServiceNow history. This suggests that security is a significant priority for ServiceNow as we move through 2026.
Since the announcement, ServiceNow has also invested in two additional acquisitions: Traceloop and Pyramid Analytics. However, the price tag for these acquisitions is likely much lower.
The Rise of Identity Security
“Traditional IGA tools were designed for a world in which identities meant employees, and access meant network permissions. That world is gone. Today’s enterprises need governance that spans human users, service accounts, bots, tokens, and autonomous AI agents – and that can reason across all of them in a unified way.”
John Aisien, Senior Vice President of Central Product Management, ServiceNow
Traditionally, organizations have relied on tools like privileged access management (PAM) and Identity Governance and Administration (IGA) products to manage permissions and digital accounts.
But over the past few years, identity-based security has become an increasingly important addition to the cybersecurity scene. To understand this situation in more detail, NowBen spoke to a security specialist and former cyber detective, Adam Pilton, earlier this year. He suggests that the move to remote working has been a key moment in this trend:
“[When remote working], you’re no longer in a controlled physical office. You’re no longer under controlled IP. You can work from anywhere you like. This means that when you’re sending information from your device to the internet, potentially there [are] people that can sit in between. So, it’s no longer controlled in the same way.”
Remote working has certainly been a catalyst for the rise in identity-focused security. Partly, it’s because it accelerated the trend toward organizations relying on cloud-based apps and infrastructure, which can be difficult to manage using the network-based approach of traditional cybersecurity tools.
But it’s not just about remote working: A parallel revolution has taken place over the last few years. Today, identity isn’t just about digital accounts associated with people. Organizations now increasingly rely on machine, bot, and AI systems – all of which have identities and permissions of their own.
As a result, identity has become one of the most common entry points for hackers. According to Verizon, stolen credentials were involved in 88% of the attacks on basic web applications last year.
Credential Theft in Action
So what does credential misuse look like in practice? What tactics are hackers using to gain access to digital systems?
As Adam Pilton explains, much of it relies on phishing and social engineering tactics that enable hackers to gain remote access to cloud-based systems – in exactly the same way as a standard employee would. Some tactics, like phishing, are tried-and-tested techniques. But others are more novel. For instance, hackers now often use social media to research information that they can use to convincingly pose as the person they’re trying to hack.
Pilton goes on to discuss the recent example of Scattered Spider, the organized crime group behind several high-profile cyber attacks in recent years. “[In] 2025 they went big. They took out Marks & Spencer, [and the] Co-op [in the] UK retail sector. They took out Qantas, the Australian airline. And they did it not only with clever technical skills – but by social engineering.”
Pilton described one such technique associated with Scattered Spider. Here, the hacker would call up the IT Help Desk, pose as a legitimate employee, and ask for a password reset. “Once they’ve done that, they’re straight in,” he says.
These are some of the most high-profile security breaches of the last few years. And all of them ultimately involved some level of credential-based abuse – of the kind that Veza is specifically designed to prevent.
Why Has ServiceNow Acquired Veza?
The history of cyber attacks over the last few years is littered with examples like Adam Pilton described. So, why has ServiceNow chosen Veza to help them solve these problems?
To understand this, it’s helpful to understand where Veza sits in today’s security market. ServiceNow’s John Aisien sheds more light on this in a recent blog post:
“Veza’s Access Graph maps and analyzes permissions across identities, applications, data systems, and AI artifacts in a way that most legacy identity governance and administration (IGA) and privileged access management (PAM) tools can’t approach. It doesn’t just report who has access; it identifies and continuously prioritizes risk so that you know where to start [with] remediation.”
As Aisien goes on to explain, there’s also particular potential in the combination of Veza’s Access Graph and ServiceNow’s Configuration Management Database (CMDB). This, he says, “creates a unified graph of your entire technology estate: What exists, who and what has access to it, and what’s at risk. It then connects that intelligence to the remediation workflows that can act on it automatically.”
This last sentence is perhaps the most significant. The goal isn’t just to map identities and permissions: It’s to create a fully autonomous workflow that can identify, manage, and resolve identity-related issues. ServiceNow envisions a world where common issues like overprivileged accounts can be resolved automatically. In this example, the issue would be identified through Veza’s technology and automatically resolved through a ServiceNow workflow.
Final Thoughts: What’s Ahead for ServiceNow and Veza?
In the meantime, ServiceNow is gradually beginning the process of unifying Veza’s offerings with the wider brand.
For existing Veza customers, there will be no significant changes. These organizations will continue interacting with Veza’s offerings as usual.
But ServiceNow customers can expect to see Veza functionality rolled out across the ServiceNow platform in the coming weeks and months. In the near term, this will include a new “visibility and intelligence solution”. In the longer term, ServiceNow says, customers will see Veza’s “identity governance capabilities embedded directly into your Security Operations, Integrated Risk Management, and AI Control Tower workflows”.
Whatever and whenever these tools start to arrive in the ServiceNow platform – it’s clear that Veza is playing a crucial role in the company’s strategy in 2026.