Engineering Trust At Scale: How Eeshan Agarwal Is Tackling Enterprise AI's Authorisation Challenge

Artificial intelligence is quickly becoming part of the workforce inside modern companies.

AI agents can already read documents, generate reports, answer customer queries, analyse data, and even trigger business workflows without human involvement. As organisations race to adopt these technologies, a new question is becoming impossible to ignore: how much access should these systems actually have?

That dilemma is exactly what keeps Eeshan Agarwal busy every day.

While much of the AI conversation is focused on chatbots and increasingly powerful models, Agarwal operates in a less visible corner of technology. His expertise lies in identity, authorisation, and access governance, the systems that determine who, or increasingly what, is allowed to access sensitive information. It may not attract the same attention as AI itself, but as enterprises deploy AI across their operations, it is becoming one of the industry's most important challenges.

The Invisible Engine: From Berkeley to Box

Agarwal's interest in technology was never just about building products. It was about understanding the systems underneath them.

A graduate of the University of California, Berkeley, with a B.S. in Electrical Engineering and Computer Sciences (EECS), he developed an early fascination with distributed systems and software architecture. During his student years, he helped develop a wheelchair controlled through head movements for a quadriplegic user, a project that earned recognition from former President Dr A.P.J. Abdul Kalam and reinforced a belief that engineering delivers its greatest value when it solves real-world problems.

After Berkeley, he joined Box, where he spent four years working on database, caching, and metadata infrastructure for one of the world's largest enterprise content platforms.

Importantly, this was infrastructure work rather than security work. But it taught him lessons that would later shape his approach to enterprise trust. Large-scale systems are not simply about performance. They are about reliability, correctness, and ensuring that failures do not quietly cascade through an organisation.

Joining Vanta At A Critical Stage

In June 2021, Agarwal joined Vanta as the company's fifteenth engineer, when the startup had roughly 70 employees.

It was the kind of stage where a single engineering decision could influence the company's trajectory for years.

Over the next several years, he would help architect four foundational systems that now sit at the centre of Vanta's enterprise platform: its compliance framework engine, authorisation platform, identity and access management infrastructure, and billing and entitlements systems.

Those systems would ultimately help support a company that today serves more than 16,000 organisations worldwide, helping them build trust and demonstrate compliance.

Building The Systems Behind Trust

Compliance was the first architectural problem. The platform was built around a single regulatory standard when Agarwal joined, and every new framework looked like another engineering project from the ground up. He designed the abstraction that ended that pattern. Vanta now supports more than 35 frameworks on the architecture he built, and as state privacy laws, the EU AI Act, and sector-specific rules continue to proliferate, each new standard slots in as a configuration rather than a rewrite.

(Image is AI generated)

Authorisation was the second. The model he inherited was a handful of static roles, adequate for small teams and brittle for anything more ambitious. He rebuilt the foundation. The system he designed introduces object-level permissioning, hierarchical inheritance, and fine-grained delegation, letting large organisations express their own governance structures inside Vanta. Every access decision the platform makes still runs through it.

Identity, monetisation, and the platform infrastructure beneath enterprise contracts have followed the same pattern. He built the SSO and SAML layer that lets enterprises bring Vanta inside their own identity systems, the provisioning architecture beneath customer onboarding, and the billing infrastructure that handles usage-based pricing, multi-currency invoicing, and the entitlements engine that determines what each contract permits. Foundational systems, designed early, that the company has been building on ever since.

"Building a platform from nothing is a series of bets made under uncertainty," Agarwal says. "You choose an architecture before you know your scale, and you design systems before you know every product they will have to support. The skill is making decisions fast enough to keep moving, and durable enough that they do not trap you a year later."

Why AI Is Making Authorisation Critical

For years, authorisation was often viewed as back-end infrastructure.

AI is changing that perception.

Traditional access governance was designed around human users. Humans operate at human speed. They review records individually, understand context, and generally work within predictable boundaries.

(Image is AI generated)

AI agents behave differently.

They can process thousands of records in seconds, combine information across systems, trigger workflows, generate outputs, and increasingly take actions autonomously.

That creates entirely new governance challenges.

An AI system may have permission to access individual records, but what happens when it combines those records to derive information nobody explicitly authorised it to see? What happens when an AI agent performs actions on behalf of a user? What happens when prompt injection attacks manipulate a model into taking actions that were never intended?

For Agarwal, these questions are rapidly becoming central to enterprise software.

"Authentication answers whether you are who you say you are. Authorisation answers what you are allowed to do. With AI agents acting on behalf of users at machine speed, that second question becomes the hardest problem in enterprise software."

He believes authorisation is evolving from a background security function into the control plane for enterprise AI.

The Shift From Compliance To Continuous Trust

The rise of AI is happening alongside another transformation: how organisations prove they can be trusted.

Historically, compliance revolved around periodic audits and annual reviews. Companies gathered documentation, passed assessments, and repeated the process the following year.

That model is rapidly giving way to something different.

"The old compliance model was a snapshot. Once a year, you'd freeze the system and an auditor would tell you whether you looked secure on that day. That doesn't scale to how software actually operates today."

Instead, regulators and customers increasingly expect continuous evidence that controls are functioning correctly.

For Agarwal, the bigger story is what this says about the future. Compliance is no longer just about getting through an audit. Increasingly, it is becoming the framework through which organisations demonstrate trust on a continuous basis.

Recognition Beyond Vanta

Across a decade in identity, authorisation, and access governance, Agarwal has built a reputation that extends beyond the companies he has helped build. The clearest marker is his elevation to IEEE Senior Member, the highest IEEE grade for which a member can apply, and one that requires professional maturity and significant performance in IEEE-designated fields.

He has also served on the judging panel for SC Awards Europe, one of the region’s longest-running and most prestigious cybersecurity competitions, where senior industry judges evaluate the companies, teams, products, and services shaping enterprise security. That profile is reinforced by speaking roles at PlatformCon 2026 and DeveloperCon and by Charter Membership in TiE, the senior, vetted tier of The Indus Entrepreneurs network.

Together, those recognitions point to an engineer whose judgment is sought across professional, entrepreneurial, and cybersecurity communities, not only inside the companies he has helped build.

A Different Model Of Success

For many Indian engineers, Silicon Valley success has traditionally been associated with becoming a founder, CEO, or senior executive.

Agarwal's career highlights a different path.

His influence stems from becoming deeply specialised in a problem that the technology industry increasingly depends on solving correctly.

"Influence in technology doesn't require a founder's title or a public profile. It can come from becoming a genuine authority on a problem the industry cannot afford to get wrong."

That conviction is something he carries back to India directly.

He advises engineering teams across India on distributed systems as they grow and scale, particularly in identity and access management. It is the expertise he developed in Silicon Valley, now applied to the same questions Indian engineering organisations are confronting at their own scale.

As AI becomes more deeply embedded in enterprise software, trust infrastructure is moving from the background to the centre of the conversation.

The companies that succeed in the next decade will not simply be the ones with the most capable AI models. They will be the ones that can govern those models safely, securely, and at scale.

That challenge sits at the intersection of trust, compliance, identity, and authorisation.

It is also the problem Eeshan Agarwal has spent much of his career helping solve.