Obsidian Security, leader in SaaS security, announced the launch of SaaS AI agent defense, giving enterprises the first purpose-built solution to govern how AI agents access data in SaaS environments. With SaaS now one of the most targeted layers of the enterprise stack, Obsidian is closing the enterprise AI agent-to-SaaS blindspot, where unmanaged agentic AI integrations and excessive privileges can create cascading risk.
In the recent Salesforce attack (UNC6040), threat actors used voice phishing campaigns to obtain initial access and run bulk API queries for large-scale data theft and extortion. The Salesloft Salesforce supply chain breach (UNC6395) illustrated the fragility of SaaS-to-SaaS integrations where one compromised chatbot integration expanded into unauthorized access across Salesforce and downstream applications, including Google Workspace, Slack, Amazon S3, Microsoft Azure and other services at hundreds of enterprises. These attacks underscore the growing pattern of data exfiltration through SaaS integrations.
The rise of AI agents and its rapid pace of adoption further escalates the SaaS security challenge. Low-code and no-code platforms like Microsoft Copilot Studio, ChatGPT Enterprise, Salesforce Agentforce and n8n let any employee build and deploy agents that act inside SaaS applications, chaining tasks, querying data, and executing decisions autonomously without oversight. These agents often carry broad privileges, long-lasting tokens and move sensitive business data at machine speed. If compromised, they can rapidly leak data, escalate access and move laterally across connected SaaS applications, causing widespread damage.
Also Read: Avetta Expands AI Capabilities in Avetta One Platform for Supply Chains
“The AI agent shift is well underway, and we’re seeing the risks firsthand as we help our customers scale adoption securely,” said Hasan Imam, CEO at Obsidian. “87% of enterprises have Microsoft Copilot enabled, more than half the agents access sensitive data, 90% are over-permissioned, and move 16 times more data than humans accessing SaaS applications. These risks are not theoretical, they’re active risks inside enterprises today, often without their awareness.”
Traditional security tools lack visibility into machine-driven activity, cannot contextualize underlying privileges and are unable to enforce controls at the speed and scale of autonomous agents.
“The difference between a major intrusion and successful containment comes down to speed,” said Sunil Seshadri, EVP and CSO at HealthEquity and ex-CISO at Wells Fargo, Visa and NYSE. “Most security teams already struggle to react to incidents fast enough and AI agents raise the stakes even higher. They can trigger workflows across multiple SaaS apps in seconds, often without anyone noticing until damage is done. Obsidian flips that dynamic by detecting issues in near real-time, faster than most security tools are able to, giving teams the chance to shut them down before they spiral out of control.” As a board member of Obsidian Security, Sunil provides strategic guidance in building the industry-leading SaaS and AI Agent Security for Global 2000.
SOURCE: Yahoo