Vercel for Enterprise Apps and Agents

Today we are introducing, a platform that gives your entire company the ability to ship with AI safely, behind your access and security boundaries. Vercel for Enterprise Apps and AgentsOver the past year, employees across Vercel shipped hundreds of agents and internal apps. Getting to production was the easy part, because we built them with on top of the and deployed them on Vercel.

eveAgent StackThe difficult questions came after those agents were being used by our employees across the company:We built Enterprise Apps and Agents to answer these questions for ourselves. It makes ownership, access, and security the defaults your builders inherit instead of the projects your platform team queues. The first agents we built were internal tools for our employees, not our end users, and that's a common starting point for many of our customers.

Vercel is the fastest way to publish software to the web, but that previously meant "internal" was a setting someone had to configure on every project. One employee forgetting to make one deployment private risked exposing access to sensitive company systems and data. Vercel Passport puts every internal app and agent behind your identity provider by default, so you can control access with Okta, Microsoft Entra, Auth0, or any other OpenID Connect-compatible provider.

App and agent deployments are private from the moment they exist, access is authenticated against your employee identity, every entry is auditable, and admins set the policy centrally rather than relying on each builder to configure it correctly. Passport governs who can access internal agents, but just as the employees who use them do, those agents need access to your data and systems.

That business context makes them both useful and dangerous, because most agents are given long-lived credentials, sitting in environment variables, provisioned for everything the agent might need to do. consolidates OAuth, OIDC, and secret injection into one product that replaces those static keys. Instead of storing a secret, an agent requests short-lived credentials as it works. Tokens are granted per task rather than once and forever, and expire when the task is complete.

Connect provides agents with secure access to Slack, GitHub, Snowflake, Salesforce, and Linear, as well as other systems accessible via OAuth or API. Vercel ConnectWhen everyone in the company is a builder, account sprawl is a silent failure mode. Seats appear to have been provisioned by no one, access lingers after someone changes teams or leaves, and there is no single record of who did what across the entire platform.

Enterprise Managed Users gives administrators full lifecycle control over every builder using Vercel. Built on SAML SSO and Directory Sync, it provisions seats automatically through your existing directory, so an account exists the moment your identity provider says it should and off-boarding removes access the moment the directory does. Group-based access controls, deployment protection, and MFA enforcement on Vercel apply org-wide, and every action lands in a single audit trail.

The identity system your company already runs, whether it is Okta or another SAML or OIDC provider, can now govern Vercel and v0, too. Enterprise Managed Users is in Private Beta. v0 is Vercel's AI app builder. You describe what you want, and it generates a working application. v0 now, so you can let anyone safely build data apps backed by your warehouse without an engineering ticket. Access to v0 and Snowflake is controlled through your IDP, so data stays internal.

You decide who gets a seat, and apps can deploy directly to your Snowflake account. connects to SnowflakeFor large enterprise companies, the boundary question goes past private deployments. The workloads themselves have to run on infrastructure they control, inside an account the security team owns and audits. With bring your own cloud (BYOC) on AWS, your compute, build artifacts, and run data inside your own AWS account and VPC, and Vercel runs the control plane on top of it.

Your apps and agents reach private backends and internal systems the same way anything else in your AWS account does, and your source code never leaves your CI. BYOC on AWS means your engineers keep the Vercel developer experience, and your security team keeps the network controls, audit evidence, and account it already owns. Bring your own cloud is in Private Beta on AWS. Traditionally, ideas died in security review for good reason: the risk of a data breach wasn't worth the potential gain of innovation.

Vercel Enterprise Apps and Agents builds safety controls into the platform and tools themelseves, meaning everyone in your company can ship apps and agents at the speed of their ideas, without your CISO losing sleep. This is what building looks like when the safe path is the default: It is the platform for deploying, governing, and connecting the apps and agents your employees build, across the whole organization.

It brings ownership, access control, identity, and security to everything your company ships, whether someone prototyped it in v0 or an engineering team built it from the ground up. The platform includes Vercel Passport, Vercel Connect, Enterprise Managed Users, and the option to run inside your own AWS account. What is Vercel for Enterprise Apps and Agents? No. Passport, Connect, and Enterprise Managed Users govern anything you deploy to Vercel, regardless of how it was built.