Meet Eeshan Agarwal, The Indian-Origin Engineer Building Trust Layer For AI-Era Enterprise Software

Meet Eeshan Agarwal, The Indian-Origin Engineer Building Trust Layer For AI-Era Enterprise Software

As AI and automation transform businesses, Indian-origin, San Francisco-based engineer Eeshan Agarwal is building the secure, compliant systems that keep enterprise software trusted at scale

Tasneem KanchwalaUpdated: Wednesday, July 15, 2026, 10:41 AM IST
Meet Eeshan Agarwal, The Indian-Origin Engineer Building Trust Layer For AI-Era Enterprise Software
Eeshan Agarwal | Social media handle of Eeshan Agarwal

As companies race to bolt automation onto every layer of their operations, the systems that decide who and what gets access to enterprise data have quietly become the most consequential layer of modern software. Indian-origin, San Francisco-based engineer Eeshan Agarwal has spent nearly a decade building that infrastructure, designing the systems that keep data secure, compliant and reliable for thousands of organisations worldwide as the shift from annual audits to real-time, automated trust reshapes enterprise technology.

A career built inside the foundations

Agarwal earned a Bachelor of Science in Electrical Engineering and Computer Sciences from the University of California, Berkeley, before spending four years at Box, the publicly traded enterprise content company, where he worked on database, caching and metadata infrastructure powering billions of operations a day. The work was not security focused, and Agarwal is careful to draw that distinction, but it shaped how he thinks about systems at scale. "Infrastructure problems at scale are not just about performance," he says. "They are about correctness, durability, and making systems simple enough for other engineers to use safely."

In 2021, he joined Vanta, a trust management platform now used by more than 16,000 organisations worldwide, as one of its earliest engineers. There he built several of the foundational systems the platform still runs on, including the compliance framework architecture supporting more than 35 regulatory standards, the authorisation and access control systems governing customer data, the identity infrastructure connecting the platform to large enterprise environments, and the billing rails handling complex enterprise contracts. In 2025, he moved into engineering management at the company and today leads its Identity and Access Management and Monetisation organisations.

Why annual audits stopped being enough

Agarwal's expertise sits at the intersection of compliance, identity and access governance, a discipline he says has changed fundamentally in recent years. "The old compliance model was a snapshot," he explains. "Once a year, you'd freeze the system and an auditor would tell you whether you looked secure on that day. That doesn't scale to how software actually operates today."

What has replaced it, according to Agarwal, is continuous trust, built on real-time enforcement of policies, real-time generation of evidence and the ability to demonstrate at any moment that controls are functioning correctly. He notes that the architecture needed to support this is fundamentally different from what supported point-in-time audits, since it has to produce continuous signal, integrate cleanly into how engineering teams already work, and hold up as regulatory regimes keep fragmenting. With state privacy laws, sector-specific rules in healthcare and finance, international regimes like the EU AI Act and AI-specific standards all proliferating, Agarwal argues compliance itself is becoming software. "The platforms that absorb each new standard as a configuration rather than a fresh engineering project are the ones that will scale into the next decade," he says.

Automation is turning authorisation into the hardest problem in software

That shift is colliding with another one, Agarwal says, as automated systems take on more work inside enterprise environments, reading data, triggering workflows, generating outputs, and sometimes acting autonomously. Every access decision a piece of software makes now carries more weight, and authorisation, once treated as a back-end concern, is becoming the boundary that determines what software is allowed to do. "Authentication answers whether you are who you say you are," Agarwal says. "Authorisation tells you what you are allowed to do. With automated systems acting on behalf of users at machine speed, that second question becomes the hardest problem in enterprise software."

He adds that this layer has historically drawn less attention than the products built on top of it, but that is changing. "Foundational layers that determine whether enterprise software can be trusted to handle sensitive workflows are receiving the kind of architectural investment that, until recently, was reserved for databases and distributed systems," he says.

Recognition and ties back to India

Agarwal is an IEEE Senior Member and a Charter Member of TiE, the senior tier of The Indus Entrepreneurs network. He sits on the judging panel for the SC Awards Europe 2026, evaluating innovations in identity, access and AI security, and speaks regularly at industry conferences including PlatformCon and DeveloperCon. He also advises engineering teams in India, applying the distributed systems and identity and access management expertise he developed in Silicon Valley to the scaling challenges Indian organisations are now confronting.

The long view

Agarwal believes the layer he works in will only grow more important over the next decade, both for engineers in India and across the diaspora. Companies that adapt to continuous trust will endure, he suggests, while those that do not will eventually be forced to confront it on someone else's terms. "The systems I am proudest of are the ones that make a whole category of work disappear," he has said of his approach to platform engineering. "Nobody is solving that problem anymore. They get to go solve the next one."