Obsidian governs AI agent access in SaaS environments

Obsidian Security has launched a SaaS AI agent defense, providing enterprises with a purpose-built solution to govern how AI agents access data in SaaS environments.

With SaaS now one of the most targeted layers of the enterprise stack, Obsidian is closing the enterprise AI agent-to-SaaS blindspot, where unmanaged agentic AI integrations and excessive privileges can create cascading risk.

In the recent Salesforce attack (UNC6040), threat actors used voice phishing campaigns to obtain initial access and run bulk API queries for large-scale data theft and extortion. The Salesloft Salesforce supply chain breach (UNC6395) illustrated the fragility of SaaS-to-SaaS integrations where one compromised chatbot integration expanded into unauthorized access across Salesforce and downstream applications, including Google Workspace, Slack, Amazon S3, Microsoft Azure and other services at hundreds of enterprises.

The rise of AI agents and its adoption further escalates the SaaS security challenge. Low-code and no-code platforms like Microsoft Copilot Studio, ChatGPT Enterprise, Salesforce Agentforce and n8n let any employee build and deploy agents that act inside SaaS applications, chaining tasks, querying data, and executing decisions autonomously without oversight.

These agents often carry broad privileges, long-lasting tokens and move sensitive business data at machine speed. If compromised, they can leak data, escalate access and move laterally across connected SaaS applications, causing widespread damage.

“The AI agent shift is well underway, and we’re seeing the risks firsthand as we help our customers scale adoption securely,” said Hasan Imam, CEO at Obsidian. “87% of enterprises have Microsoft Copilot enabled, more than half the agents access sensitive data, 90% are over-permissioned, and move 16 times more data than humans accessing SaaS applications. These risks are not theoretical, they’re active risks inside enterprises today, often without their awareness.”

Security tools lack visibility into machine-driven activity, cannot contextualize underlying privileges and are unable to enforce controls at the speed and scale of autonomous agents.

“The difference between a major intrusion and successful containment comes down to speed,” said Sunil Seshadri, EVP and CSO at HealthEquity. “Most security teams already struggle to react to incidents fast enough and AI agents raise the stakes even higher. They can trigger workflows across multiple SaaS apps in seconds, often without anyone noticing until damage is done. Obsidian flips that dynamic by detecting issues in near real-time, faster than most security tools are able to, giving teams the chance to shut them down before they spiral out of control.”

Protecting SaaS environments from AI agent risks

Obsidian is uniquely positioned to address the security risks created by autonomous AI agents in SaaS environments. At its core is the SaaS threat dataset repository, over 500 curated real-world threat intelligence, enriched with browser-based activity capture and deep SaaS and AI integrations.

This intelligence powers the Obsidian Knowledge Graph, a continuously learning model that unifies user and agent activity, identity privileges, and workflows across SaaS and SaaS managed agentic AI platforms into a single correlated view. This live map gives security teams real-time visibility and context to govern agentic AI usage and stop unauthorized agents and behavior inside SaaS environments, where risks emerge and propagate.

“In customer deployments, our continuously learning Knowledge Graph revealed that AI agents in SaaS environments were typically granted ten times more permissions than needed when mapped against real user privileges and entitlements, visibility only Obsidian can deliver,” said Khanh Tran, CPO at Obsidian. “By connecting popular AI platforms like Microsoft Copilot Studio, n8n, Salesforce Agentforce, and ChatGPT Enterprise with the Obsidian Knowledge Graph, security teams can finally see what agents are doing in SaaS. That intel means they can stop risks before they spread and empower users to innovate faster without sacrificing security or governance.”

This product release is enabling enterprises securely scale AI agent development. Key capabilities in the latest release include:

• Visibility and access cleanup: Get a live inventory of every AI agent, including its privileges, SaaS connections, and actions, to eliminate excessive or risky access and enable full lifecycle oversight.
• Continuous observability and compliance: Map AI agent access across SaaS and trace it to the data touched, with correlated audit trails that link entitlements directly to actions.
• Prevent misuse and privilege escalation: Detect and block agents attempting to exploit trust chains, misuse access, or escalate privileges before damage cascades across SaaS environments.