Obsidian’s browser extension manages shadow SaaS and AI tools

Obsidian Security has launched a new browser extension to help businesses safely use SaaS and AI apps online.

The extension automatically finds and manages shadow SaaS and AI tools, blocks advanced spear-phishing attacks targeting access tokens, and gives real-time protection right in the user’s browser. It’s fast, lightweight, and private by design, already used on over a million devices across two hundred large and mid-sized enterprise customers.

The solution leverages Obsidian’s insights from its network and threat research to keep blocking new threats as they appear.

The browser extension is especially significant for Mid-sized enterprises as they are having to do more with limited resources. Obsidian’s browser extension is easy to deploy and delivers Shadow SaaS/AI and threat prevention capabilities without resource-intensive management and configuration. Teams can eliminate web risks and unwanted costs driven by the usage of Shadow SaaS.

The extension automatically detects and tracks both known and previously unknown apps that are accessed on all popular workforce browsers, such as Chrome, Firefox, and even enterprise browsers like Island. Security teams gain real-time insight into unfederated authentication and the potential for SaaS data loss due to supply chain breaches. This allows businesses to safely adopt the latest technology, monitor usage to compare against IT’s approved app lists, and block access to high-risk AI and SaaS apps.

Phishing kits are now a major threat to SaaS because attackers use AI to quickly create fake login pages that look real, down to the pixel, and trick users into giving up their access tokens. These tokens can then be reused to access SaaS applications.

These attacks, known as Adversary-in-the-Middle (AitM), figured out how to bypass MFA measures and even two layers of email protection (seen across 90% of enterprise customers). Obsidian Security’s solution stops SaaS token theft in real time by blocking actions on fake login pages directly in their browsers.

It uses AI-powered visual and content analysis to identify and stop these threats. The system continuously adapts to prevent emerging web threats in real-time based on learnings from incident response, helping security teams stay ahead.

“Obsidian recognizes that SaaS Security is a journey, and the primary needs of mid-market enterprises differ from large enterprises. With Obsidian, growing enterprises can start with a prevention-focused solution delivered as a light-weight browser extension. When ready, they will expand to cover additional use cases spanning SaaS Security Posture Management, and Identity Threat Detection and Response, all without needing a new vendor,” said Obsidian CEO, Hasan Imam.

Obsidian Security’s Shadow SaaS, Shadow Gen AI, and Identity Threat Prevention capabilities are generally available.