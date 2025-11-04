Obsidian Closes the SaaS Security Coverage and Intelligence Gap Amid Expanding Attack Surface

Obsidian Security, leader in SaaS security, today announced a major expansion of its platform to secure the next frontier of SaaS and AI. The release brings together community-built integrations, deep data context, and AI-driven intelligence to help organizations secure their expanding SaaS environment at enterprise scale.

SaaS has become the backbone of the modern enterprise and attackers are moving faster than most security teams can respond. SaaS breaches have surged 300% in the past year as adversaries target SaaS supply chains and AI agents by exploiting service accounts, exposed tokens, over-privileged integrations, and unsupervised AI agents to move laterally and exfiltrate data.

With more than 30,000 SaaS applications in the market, the challenge isn’t just scale, it’s fragmentation. Every enterprise runs on a unique mix of apps with thousands of custom integrations and very little overlap, making it impossible for a single vendor to deliver complete SaaS security fast enough. As SaaS adoption accelerates, each new app and integration compounds the problem, expanding interconnect risk and multiplying the attack surface.

The only way to keep up is to rethink how SaaS security coverage is built. Instead of relying on a single vendor to integrate every app, security needs to scale the way SaaS itself does, through open, shared and certified development.

With the launch of the Community SDK, Obsidian is addressing this gap head-on, enabling customers, partners, and vendors to build, share, and standardize security integrations that extend protection across the full SaaS and AI landscape. This community-driven approach breaks the capacity bottleneck, accelerating the speed of reliable protection and ensuring no app, integration or agent goes unseen. Together with Obsidian’s next-gen Knowledge Graph and AI Assistant, these innovations deliver the visibility, context and intelligence security teams need to zero in on SaaS threats before they become breaches.

“SaaS is now the new enterprise operating system, and its attack surface is expanding faster than most teams can defend it,” said Khanh Tran, Chief Product Officer at Obsidian Security. “With the latest additions to our platform, we’re giving organizations what they’ve been missing: a way to secure SaaS at enterprise scale. From our new community SDK and connectors to enhanced Knowledge Graph and AI Assistant, we’re turning SaaS security from a patchwork of blind spots into a connected, intelligent defense system built for the age of AI.”

Full SaaS Coverage with the New Obsidian Community SDK and Connectors

Security teams can’t protect what they can’t connect. With thousands of SaaS apps and integrations in every enterprise, the biggest gap in SaaS security today is coverage. Without full connector coverage, teams can’t see how data moves or what actions take place inside the SaaS supply chain, yet no single vendor can keep up with that speed and scale.

Obsidian’s new community SDK and connectors democratize integration development, giving security teams the power to build, reuse and scale SaaS visibility on demand, ensuring nothing in the SaaS chain goes unprotected. In just 30 days, Obsidian customers and partners have already built 40 new integrations, proving how quickly SaaS security can evolve with an open, collaborative model.

Key advantages include:

Instant coverage: Access enterprise-grade connectors that provide deep visibility into critical SaaS apps, capturing deep telemetry needed to monitor, investigate, and secure them from day one.

Access enterprise-grade connectors that provide deep visibility into critical SaaS apps, capturing deep telemetry needed to monitor, investigate, and secure them from day one. Custom at scale: Build or adapt connectors for any niche, custom, or emerging SaaS app in days, aligning with your unique security and compliance frameworks.

Build or adapt connectors for any niche, custom, or emerging SaaS app in days, aligning with your unique security and compliance frameworks. Ecosystem-powered expansion: A community-driven connector ecosystem built with customers, partners and SaaS vendors, that’s verified, hosted, and fully supported by Obsidian, accelerating coverage, ensuring reliability, and expanding visibility across the SaaS and AI landscape.

Next-gen Knowledge Graph Connecting Every Identity, Account, Agent and Action

Most security graphs were built for endpoints and networks, not SaaS. In SaaS environments, shadow apps, unmonitored integrations, overprivileged access, and AI agent activity quietly expand the attack surface beyond traditional visibility. Even when identities are mapped, what’s missing is context on how they behave, what data they touch and how they interact across environments.

The Obsidian Knowledge Graph, purpose-built for SaaS, creates a dynamic, stateful model of how access and data move across applications. It connects people, accounts, and activity with the context of roles, tokens, and integrations to reveal where risks emerge and accumulate through the SaaS mesh. The latest release strengthens this even further, mapping the full chain from account to identity to activity mapping across every SaaS tenant and application. Key advantages include:

Unified, time-aware SaaS risk model: Brings together identities, accounts, roles, permissions, tokens, integrations, scopes, resources, and activity into a single, living graph, keeping both history and current status so everything is traceable.

Brings together identities, accounts, roles, permissions, tokens, integrations, scopes, resources, and activity into a single, living graph, keeping both history and current status so everything is traceable. Rapid graph traversal for exposure insight: Follows consent chains and token-to-scope-to-resource paths in seconds to reveal blast radius, shadow integrations, risky data flows, privilege drift, and anomalous AI agent behavior across tenants.

Follows consent chains and token-to-scope-to-resource paths in seconds to reveal blast radius, shadow integrations, risky data flows, privilege drift, and anomalous AI agent behavior across tenants. Actionable outcomes at scale: Powers detections, risk-based prioritization, and faster remediation, such as rapid revocation of stale tokens, quarantining toxic permissions, and more, accelerating investigations and enforcing least privilege with verifiable evidence.

“You can’t protect what you don’t understand, and until now, SaaS has been a black box,” Khanh continued. “The new Obsidian Knowledge Graph changes that. It maps every human and AI identity, account, and action into one living model of behavior, showing not just where access exists, but how risk spreads inside these applications. It’s the clarity that’s been missing from SaaS defense up until now.”

From Data Overload to Decisive Action with Obsidian AI Assistant

Security teams are buried in alerts, posture rules, and SaaS sprawl. Every new app, integration, or AI agent adds more noise, manual work, and risk for human error, while existing tools flood teams with data and alerts instead of clarity.

Obsidian AI Assistant changes that. It brings intelligence and explainability to SaaS defense, translating complex policies into plain language, prioritizing what matters most and guiding analysts to investigate and protect with speed and confidence.

Powered by a governed multi-agent system, AI Assistant connects specialized agents for posture management, threat detection and investigation and SaaS and AI integrations, delivering trusted, explainable answers in seconds through natural language interaction.

Key advantages include:

Faster investigations: Reduces false positives, identifies root causes faster and cuts mean time to resolution, all while maintaining traceable, explainable reasoning for every decision.

Reduces false positives, identifies root causes faster and cuts mean time to resolution, all while maintaining traceable, explainable reasoning for every decision. Expertise democratized: Provides clear context and guidance in every security analyst’s hands, regardless of experience level, to operate with consistency and confidence.

Provides clear context and guidance in every security analyst’s hands, regardless of experience level, to operate with consistency and confidence. Efficient operations: Enables small teams to operate like large ones, scaling expertise, not just effort, and ensuring every action aligns with governance and compliance requirements.

