Versa expands into CSPM and AI

Cloud security tools have a fragmentation problem. One console watches posture. Another watches access. A third tries to catch runtime risk. Now AI agents are showing up and touching APIs, data, and infrastructure too. Versa’s move this week is basically an attempt to collapse those layers into one operating model inside its VersaONE Universal SASE platform. ### What did Versa actually launch? The concrete launch is Versa CSPM — Cloud Security Posture Management — announced May 12 at the company’s Versatility conference in Santa Clara. It adds continuous visibility, prioritization, and remediation for cloud misconfigurations and exposure, and Versa is positioning it as part of the same platform that already handles secure access and broader SASE functions. (networkworld.com) ### What is CSPM in plain English? CSPM is the layer that checks whether your cloud estate is configured safely. Think open storage buckets, overly broad permissions, internet-exposed assets, and settings that drift over time. The point is not just spotting a bad checkbox — it is figuring out which misconfigurations create real exposure and which ones are just noisy hygiene findings. Versa says its version is built for continuous assessment and remediation, not a one-time audit. (versa-networks.com) ### Why is Versa tying this to access security? Because posture without identity context is half a picture. A risky cloud asset matters more if the wrong users, apps, or agents can reach it. Versa’s pitch is that secure access controls and cloud posture should sit in the same operational view, so teams can correlate who can get to something with whether that thing is dangerously configured. That is the gap the company keeps hammering on — silos make it hard to see enterprise risk as one chain. (versa-networks.com) ### Which clouds does it cover? Versa says CSPM supports the big four public clouds — AWS, Microsoft Azure, Google Cloud, and Oracle Cloud Infrastructure. That matters because most large enterprises are not standardizing on one cloud anymore. They are mixing providers, SaaS apps, remote endpoints, and now AI services, which makes a single risk model much harder but also much more valuable. (networkworld.com) ### Where do orchestration and automation fit? This is the part that makes the launch more than a dashboard update. Versa is also talking about orchestration — basically, turning findings into actions across security and networking controls instead of handing analysts another queue. The idea is to move from “here is a misconfiguration” to “here is the policy change, access restriction, or remediation step that closes the loop.” That is where platform vendors think they can beat point tools. (versa-networks.com) ### Why bring AI agents into this now? Because AI agents are becoming new actors in enterprise systems. They call tools, hit APIs, retrieve data, and can trigger chains of actions with a lot of implicit trust. Versa has been building that argument for months — with AI-focused platform updates, an MCP server for integrating assistants with Versa systems, and recent writing around zero-trust controls for agentic AI. The company is clearly trying to treat agents as first-class entities in security policy, not weird extensions of human users. (networkworld.com) ### Is there evidence customers care? Versa and Network World pointed to a new survey of 525 senior IT and security decision-makers at U.S. enterprises. The headline number was that 35% said they had a breach in the past year tied to coordination gaps between networking and security teams. Vendor surveys always need a little caution, but the directional point is real — teams are tired of stitching together posture, identity, network, and AI controls by hand. (versa-networks.com) ### So what is the bigger play here? This is a control-plane land grab. SASE vendors started with networking plus secure access. Now they want cloud posture, data protection, automation, and AI governance in the same stack. If that works, security teams get fewer seams and better correlation. But the catch is execution — unification only helps if the platform is actually deep enough in each domain, not just broad on a slide. (onmine.io) ### Bottom line? Versa did not just add a CSPM checkbox. It used the launch to argue that cloud misconfigurations, identity exposure, and AI-agent actions now belong in one system. That is where enterprise security architecture is heading — and vendors know the winner may be the one that makes all those moving parts feel like one problem. (networkworld.com)