Traffic patterns are shifting, agent deployments are multiplying, and cloud environments keep expanding. The point tools enterprises use to manage each layer are not keeping pace. Versa Networks is addressing those challenges with three coordinated updates to its VersaONE Universal SASE Platform. The first is a Cloud Security Posture Management (CSPM) capability that brings cloud risk visibility into the same view as access security. The second is a significant update of its Concerto orchestration platform. The third is an AI agent trust and verification framework due later this month.

New research backs the strategic rationale. Versa’s inaugural State of SASE + AI Report, a survey of 525 senior IT and security decision-makers at U.S. enterprises, found that 35% of organizations suffered a breach in the past year tied to coordination gaps between networking and security teams. Nearly three quarters (73%) say technical integration complexity has delayed or derailed a critical project. Some 99% have named convergence a strategic priority, yet only 30% have done it.

“AI and digital sovereignty are fundamentally changing what customers have to do and what needs to happen,” Kelly Ahuja, CEO of Versa Networks, told Network World.

What the research found

Versa’s report covers organizations across financial services, retail, energy, manufacturing, healthcare, technology and government. Key findings include 35% reported a security breach in the past year linked to coordination gaps between networking and security teams; 53% report higher operational costs from managing redundant tools; 73% say technical integration complexity has delayed or derailed a critical project; 99% have named convergence a strategic priority, but only 30% have implemented shared ownership of SASE strategy; 95% say AI is forcing networking and security teams to collaborate more closely; and 58% cite strengthening security posture as the top driver for convergence, compared to 19% who cited lowering total cost of ownership.

Organizations running 50 or more vendors are nearly twice as likely to report delayed application rollouts as those with leaner stacks (61% vs. 34%) and more likely to report inconsistent policy enforcement (57% vs. 40%).

The report also surfaces a shadow AI problem. More than 80% of organizations say AI is in use somewhere in their environment, yet fewer than 20% said they knew what it was being used for. This lack of visibility is a critical risk as AI agents become more autonomous and capable of making configuration changes.

Improving orchestration with Concerto update

The complexity findings in the research point directly at an orchestration problem, and it is one Versa says it has been spending significant engineering resources to solve. “This is where we’ve been spending a lot of engineering cycles on the management and simplifying the complexity, because what we heard from most users is, ‘hey, I’ve got different islands of policy,'” Ahuja said. Concerto 13.1.1 is the response. The release redesigns the SD-WAN configuration experience and unifies security and authentication profiles across SD-WAN and SSE, collapsing those islands into a single construct.

“When you set a policy for a user, whether it’s a site or a cloud, it doesn’t matter where the user is, you actually do it once, and you do it in a consistent way,” he said. The release also adds hierarchical policy templates, letting organizations define a master policy and extend subsets to different user groups and departments without rebuilding from scratch. The target is enterprise-grade SD-WAN without the staffing overhead that has traditionally come with it.

“Getting that scale, supporting that scale, but also simplifying how they kind of configure it is absolutely crucial,” Ahuja said. The orchestration update is a direct response to the fragmentation that plagues many enterprises, where networking and security teams operate in silos with separate tools and policies. By unifying policy creation and management, Versa aims to reduce the operational burden and the risk of misconfiguration.

Closing the two-portal problem: CSPM joins VersaONE

Policy configuration is one layer of fragmentation. Cloud risk visibility is another. Cloud Security Posture Management (CSPM) continuously monitors cloud infrastructure for misconfigurations, compliance gaps and security risks. Google’s $32 billion acquisition of Wiz earlier this year underscored how contested that space has become. Versa says its CSPM plans predate the deal. “We were listening to customers, looking at what they’re doing, as opposed to seeing what else is out there in the market,” Ahuja said. “It was already on our plans. We were just kind of working our way through it.”

Most enterprises run ZTNA or a secure internet gateway for user and device posture and a separate CSPM tool for cloud configuration risk, managed by separate teams with no shared context. Versa is adding CSPM directly to VersaONE, extending access security into continuous cloud risk visibility across AWS, Azure, GCP and OCI, with telemetry feeding into Concerto alongside access risk data. “While the industry has been talking about unifying risk intelligence for years, everyone still kind of relies on two different portals, one for doing your ZTNA or secure internet, and then second for cloud,” Ahuja said. “And there’s no way to really kind of share that context and really kind of pull it together. This is what we’re actually solving for.”

The CSPM integration allows security teams to see cloud misconfigurations and access risks in a single dashboard, enabling faster correlation and remediation. For example, a misconfigured S3 bucket that is publicly accessible can be immediately flagged alongside the user identities that have access to it, providing a holistic view of risk that was previously unavailable. This unified approach is particularly valuable as enterprises adopt multi-cloud strategies, where each cloud provider has its own native tools and interfaces, leading to fragmented visibility.

AI agents are the next enforcement problem

CSPM extends the platform’s visibility into cloud infrastructure. The next challenge is what happens when AI agents start changing that infrastructure. “One single user prompt can actually trigger many agents coming up, and then they can actually start to make changes inside your environment to policies and configuration, and many of them are invisible to the operator,” Ahuja said. Versa’s response, due around May 21, is a trust and verification framework that applies policy-based access controls to agents the same way they apply to users and devices, functioning as a verification gateway inside the management and orchestration layer.

Putting a human in the review path is not a viable answer at this scale. “Putting a human in the loop will only slow things down, because all of a sudden, you’ve got lots of things that you’re trying to do, but somebody has to observe them and do them,” Ahuja said. For the framework itself, Versa is drawing on what it has already built for user and device access. “We’re looking at all the things that have been done for user and device, sort of secure access from those and seeing which one of those can be applied to agentic stuff as well,” Ahuja said.

The AI agent trust framework is designed to handle the dynamic and ephemeral nature of AI agents, which can be spun up by a single prompt and then make changes to infrastructure without human oversight. By integrating agent access controls into the same policy engine that governs users and devices, Versa aims to prevent unauthorized configuration changes and reduce the attack surface. This proactive approach is essential as more organizations deploy AI agents for automation, data analysis, and network management, often with minimal visibility into their actions.

In addition to these three updates, the broader context of the SASE market is important. Secure Access Service Edge (SASE) combines networking and security functions into a cloud-delivered service, reducing complexity and improving performance. Versa’s Universal SASE platform is designed to provide a single console for managing SD-WAN, security, and now cloud risk. The company competes with other major vendors like Palo Alto Networks, Fortinet, and Cisco, each offering their own SASE solutions. However, Versa differentiates itself by focusing on deep integration and unified policy management, which is increasingly critical as enterprises struggle with tool sprawl.

The survey data revealing that 35% of organizations suffered a breach due to coordination gaps between networking and security teams underscores the urgency of convergence. The traditional model of separate teams managing separate domains leads to inconsistent policies and blind spots. Versa’s updates aim to break down those silos by providing a single platform for networking, security, and cloud posture management. The addition of CSPM brings cloud infrastructure risk into the same context as access security, allowing teams to see the full picture without switching tools.

The Concerto orchestration update is equally significant. SD-WAN deployments often require complex configurations that vary by site, user, and application. The hierarchical policy templates simplify this by allowing a master policy to be defined and then extended to different groups, reducing the chance of human error. This is especially important for enterprises with distributed branch offices, where IT staff may not have deep networking expertise. By automating policy application and enforcement, Versa reduces the operational overhead and accelerates deployment.

The AI agent trust framework addresses a rapidly emerging threat. As generative AI tools become more integrated into enterprise workflows, the ability of AI agents to autonomously modify configurations or access sensitive data becomes a major security concern. Without proper controls, a single compromised prompt could lead to widespread changes across cloud and network infrastructure. Versa’s approach applies the same least-privilege principles used for user access to AI agents, ensuring that any action an agent takes is logged, verified, and constrained by policy. This is a forward-looking feature that positions Versa to handle the next wave of security challenges.

Overall, these three coordinated updates represent a significant step toward solving the fragmentation problem that has plagued enterprise security for years. By unifying risk visibility, simplifying policy management, and extending controls to AI agents, Versa is delivering on the promise of SASE as a truly converged platform. The company’s research highlights the urgency: 73% of organizations have had projects delayed by integration complexity, and 99% consider convergence a priority. With these updates, Versa is providing a practical path to achieving that convergence without requiring organizations to rip and replace existing tools. Instead, they can extend their existing VersaONE deployment with new capabilities that integrate seamlessly, reducing operational costs and strengthening security posture.

Source: Network World News