Palo Alto-based SaaS security vendor Obsidian Security has launched SaaS AI agent defense, giving enterprises the first purpose-built solution to govern how AI agents access data in SaaS environments. With SaaS now one of the most targeted layers of the enterprise stack, Obsidian is closing the enterprise AI agent-to-SaaS blindspot, where unmanaged agentic AI integrations and excessive privileges can create cascading risk. Users can now get the guardrails, intelligence and real-time defenses SaaS security needs, whether the risk comes from humans, connected apps or AI agents.
Risk has become a very real threat in the SaaS world. In the recent Salesforce attack (UNC6040), threat actors used voice phishing campaigns to obtain initial access and run bulk API queries for large-scale data theft and extortion. The Salesloft Salesforce supply chain breach (UNC6395) illustrated the fragility of SaaS-to-SaaS integrations, where one compromised chatbot integration expanded into unauthorized access across Salesforce and downstream applications, including Google Workspace, Slack, Amazon S3, Microsoft Azure and other services at hundreds of enterprises. Salesloft is of course a SaaS vendor themselves. These attacks underscore the growing pattern of data exfiltration through SaaS integrations.
The rise of AI agents and its rapid pace of adoption further escalates the SaaS security challenge. Low-code and no-code platforms like Microsoft Copilot Studio, ChatGPT Enterprise, Salesforce Agentforce and n8n let any employee build and deploy agents that act inside SaaS applications, chaining tasks, querying data, and executing decisions autonomously without oversight. These agents often carry broad privileges, long-lasting tokens and move sensitive business data at machine speed. If compromised, they can rapidly leak data, escalate access and move laterally across connected SaaS applications, causing widespread damage.
“Today, we’re launching AI Agent Security at Obsidian – the first purpose-built solution to protect SaaS apps and data from rogue agents,” said Hasan Imam, CEO at Obsidian. “The AI agent shift is well underway, and we’re seeing the risks firsthand as we help our customers scale adoption securely. 87% of enterprises have Microsoft Copilot enabled, more than half the agents access sensitive data, 90% are over-permissioned, and move 16 times more data than humans accessing SaaS applications. These risks are not theoretical, they’re active risks inside enterprises today, often without their awareness.”
Imam said that it’s hard not to be enamoured by AI agents right now.
“They feel like super-smart teammates – chaining tasks, pulling data, running workflows, but in the past few months working with customers, we’ve seen just how risky this gets when it happens at scale,” Imam stated.
Imam said that here’s what’s really going on.
“The go-to low-code/no-code AI agent platforms are Microsoft Copilot and ChatGPT Enterprise,” he said. “Companies are spinning up thousands of agents – some just experimenting, others already in production. Most agents operate inside SaaS, with little to no oversight. And the risks are big. Agents pull 16x more data from SaaS apps than human users. They’re given 10x more permissions than they actually need. Many agents are left abandoned after pilots or left publicly accessible via URL, creating lingering security risks waiting to be exploited. Agents are often spun up with superuser privileges and shared with lower-privilege users – great for productivity, but leaving a setup wide open to abuse.”
“When something that powerful is misused – or worse, compromised – the blast radius is massive,” Imam stressed. “That’s why we believe AI agent security can’t be a bolt-on. It has to be part of SaaS security itself. Traditional security tools lack visibility into machine-driven activity, cannot contextualize underlying privileges and are unable to enforce controls at the speed and scale of autonomous agents.
“The difference between a major intrusion and successful containment comes down to speed,” said Sunil Seshadri, EVP and CSO at HealthEquity and ex-CISO at Wells Fargo, Visa and NYSE. “Most security teams already struggle to react to incidents fast enough and AI agents raise the stakes even higher. They can trigger workflows across multiple SaaS apps in seconds, often without anyone noticing until damage is done. Obsidian flips that dynamic by detecting issues in near real-time, faster than most security tools are able to, giving teams the chance to shut them down before they spiral out of control.” As a board member of Obsidian Security, Sunil provides strategic guidance in building the industry-leading SaaS and AI Agent Security for Global 2000.
Obsidian is uniquely positioned to address the security risks created by autonomous AI agents in SaaS environments. At its core is what they term the industry’s most comprehensive SaaS threat dataset repository – over 500 curated real-world threat intelligence, enriched with browser-based activity capture and deep SaaS and AI integrations. This intelligence powers the Obsidian Knowledge Graph, a continuously learning model that unifies user and agent activity, identity privileges, and workflows across SaaS and SaaS managed agentic AI platforms into a single correlated view. This live map gives security teams real-time visibility and context to govern agentic AI usage and stop unauthorized agents and behavior inside SaaS environments, where risks emerge and propagate.
“In customer deployments, our continuously learning Knowledge Graph revealed that AI agents in SaaS environments were typically granted ten times more permissions than needed when mapped against real user privileges and entitlements – visibility only Obsidian can deliver,” said Khanh Tran, Chief Product Officer at Obsidian. “By connecting popular AI platforms like Microsoft Copilot Studio, n8n, Salesforce Agentforce, and ChatGPT Enterprise with the Obsidian Knowledge Graph, security teams can finally see what agents are doing in SaaS. That intel means they can stop risks before they spread and empower users to innovate faster without sacrificing security or governance.”
This product release is a major step forward in enabling enterprises securely scale AI agent development. Key capabilities in the latest release include strong visibility and access cleanup, where you can get a live inventory of every AI agent, including its privileges, SaaS connections, and actions, to eliminate excessive or risky access and enable full lifecycle oversight. Full observability and compliance, which lets you map AI agent access across SaaS and trace it to the data touched, with correlated audit trails that link entitlements directly to actions. Finally, you can prevent misuse and privilege escalation by detecting and blocking agents attempting to exploit trust chains, misuse access, or escalating privileges before damage cascades across SaaS environments.
Current integrations to AI platforms include Microsoft Copilot Studio, ChatGPT Enterprise, and Salesforce Agentforce, with more underway.
To help enterprises quickly understand and assess their exposure, Obsidian is offering a free assessment to its SaaS AI agent defense capabilities for 30 days. For more information and to sign up, visit www.obsidiansecurity.com