Obsidian Security Inc. today released a new suite of capabilities aimed at securing the software-as-a-service supply chain, offering what the company calls the first end-to-end protection for integrations between cloud-based applications.

The release comes as businesses increasingly rely on interconnected SaaS environments and autonomous artificial intelligence agents embedded in workflows. The company said such integrations, while valuable for automation and efficiency, have become a growing target for attackers exploiting blind spots in traditional security tools.

Obsidian pointed to last summer’s breach of Salesloft Inc.’s cloud sales platform as one of the largest and most recent examples of vulnerabilities created by SaaS integrations. Attackers reused stolen OAuth tokens to move laterally between applications, affecting more than 700 organizations.

“Every integration extends trust, often far beyond what security teams can easily see,” Khanh Tran, chief product officer at Obsidian Security, said in a statement. “As AI agents gain autonomous access and link multiple SaaS applications together, the blast radius of a single compromised integration grows exponentially.”

Real-time detection and response

The new capabilities focus on three areas: visibility into SaaS-to-SaaS integration risks, early breach detection and rapid incident containment. Obsidian leverages a knowledge graph of usage patterns gathered from hundreds of customers to normalize identity and activity data across human and nonhuman users in various SaaS environments.

“We correlate and normalize identity across all SaaS applications,” said Chief Executive Hasan Imam (pictured). “If you understand that the Hasan in Salesforce is the same as the Hasan in Workday, you can baseline Hasan across platforms.”

The company claims its system can detect breaches in near-real-time by identifying anomalies in OAuth scopes, application programming interface behavior and user activity patterns. Alerts can be fed into an organization’s existing operations platforms, such as security information and event management and security orchestration, automation, and response.

Obsidian said the new capabilities also address “shadow integrations,” which are unauthorized connections between SaaS applications created without information technology department oversight. “It’s an integration that an enterprise never allowed, never approved, and that didn’t go through a governance process,” Imam said. “We discover that for them.” He estimated that between 50% and 60% of integrations aren’t used.

Obsidian said AI agents, which interact autonomously across applications, further increase the attack surface. Agents typically use the same APIs and OAuth tokens as traditional SaaS integrations, making them difficult to distinguish and secure. Though human access controls are relatively easy to enforce because humans move slowly, AI agents can cause significantly more damage in a short time period.

Early endorsements

Obsidian provided endorsements from early customers Wyndham Hotel Group LLC and Seagate Technology Holdings PLC, which said the new capabilities address a pressing need.

“In the absence of continuous visibility into the entire SaaS ecosystem, especially unauthorized activity between SaaS applications, we are looking at a huge data breach waiting to happen,” Joseph Gothelf, Wyndham’s vice president of cybersecurity, said in a statement.

Imam said Obsidian was able to detect signs of the Salesloft breach “earlier than anybody else,” in near real-time and in parallel with incident response firm Mandiant Corp. “We were able to get ahead of this,” he said. “None of our customers lost any data due to this breach.”

He said SaaS-to-SaaS security requires a new layer in enterprise defense and focused investment. “Architecturally, it’s separated from all the things we have been thinking about,” Imam said, citing endpoint, network and user access controls. “It requires a novel approach and focus to truly solve this problem.”

Photo: Obsidian Security