New Capabilities Include Complete Visibility into SaaS-to-SaaS Integrations, Proactive Prevention and Early Breach Detection in One Unified Platform
PALO ALTO, Calif.--(BUSINESS WIRE)--Obsidian Security, leader in SaaS security, today announced the industry’s first end-to-end SaaS supply chain security solution, empowering organizations to monitor, control and contain the security risk hiding inside interconnected SaaS ecosystems. Companies today depend on hundreds of SaaS applications to operate their business. The security threat posed by these interconnected SaaS applications is growing exponentially with major breaches like the Salesloft-Drift Supply Chain attack that impacted over 700 organizations last year. Obsidian Security is launching a new solution that secures the SaaS supply chain across its full lifecycle, bringing together integration risk visibility, proactive prevention, early breach detection and impact forensics, all in a single, unified platform.
“When a SaaS vendor or integration is compromised, SOC teams typically learn of these incidents through delayed vendor disclosures,” said Joseph Gothelf, VP, Cybersecurity, Wyndham Hotels and Resorts. “In the absence of continuous visibility into the entire SaaS ecosystem, especially unauthorized activity between SaaS applications, we are looking at a huge data breach waiting to happen. The new end-to-end SaaS Supply Chain security capabilities from Obsidian are a much-needed solution to an emerging risk most organizations are unprepared for.”
"In today’s interconnected environment, replying to retroactive alerts is a major risk,” said Grace Liu, SVP and CIO, Seagate Technology. “We need continuous, deep visibility into our entire SaaS ecosystem, including the known and particularly the 'shadow' integrations moving data between apps. Obsidian’s end-to-end SaaS Supply Chain security provides the proactive visibility organizations need to stay ahead of these emerging threats and help ensure our digital infrastructure remains resilient."
Modern SaaS environments are deeply interconnected through OAuth grants, API keys, automation platforms, and increasingly, autonomous AI agents embedded across business workflows. Every integration extends trust, often far beyond what security teams can easily see. When even one SaaS app, integration or AI agent is compromised, that risk can propagate across the entire environment, turning a single weak link into broad data exposure. Current security and compliance tools focus on network security, endpoint agents or identity providers and rely on point-in-time assessments that don’t account for permission drift, expanding scopes, or how integration activity changes over time. This is where Obsidian Security has been a market leader offering the unique capability to continuously discover SaaS-to-SaaS integrations unlike any of its competitors.
With today’s launch, Obsidian expands into the next phase of SaaS supply chain defence, delivering three new capabilities:
Full visibility into SaaS integration risk: Compared to endpoint or human to SaaS vendors, Obsidian unifies identity, permissions, OAuth scopes and activity data into a single coherent model, allowing organizations to not only see what an app can access but how it behaves across users, geographies and services. With this clarity, teams can quickly identify risky or inactive integrations, prioritize integrations in order of criticality, and safely take action like revoking access or blocking integrations before they are abused. Organizations can now reduce exposure at the source by identifying and restricting which users are able to grant and authorize new SaaS integrations, enforcing least privilege and limiting the introduction of risky connections before they spread.
Early detection and mitigation of SaaS supply chain compromise: Powered by the Obsidian Knowledge Graph and threat intelligence drawn from proprietary research and real-world incident response across our customer base, Obsidian extends its network effects to SaaS integrations, enriching detection with shared intelligence on the IP addresses used by integrations today and soon baselining normal versus suspicious data movement across SaaS environments. By baselining normal behavior across identities, APIs and integrations, Obsidian surfaces attacks in real time, exposing abuse that traditional tools miss.
Rapid breach containment and remediation: With today’s launch, Obsidian introduces customized supply chain breach notifications tailored to each customer’s SaaS environment. When an integration is implicated in an incident, teams receive clear impact summaries showing affected tenants, downstream exposure, and suspicious activity tied directly to their data and applications. Security teams can quickly see what was accessed, contain exposure before it spreads, and remediate with confidence, dramatically reducing time to resolution without unnecessary disruption.
"SaaS environments were never designed to operate as sprawling supply chains of automated integrations and AI agents,” said Hasan Imam, Chief Executive Officer, Obsidian Security. “What started as simple app connections have become critical business pathways and attackers are exploiting that trust. As AI agents gain autonomous access and link multiple SaaS applications together, the blast radius of a single compromised integration grows exponentially. With the new SaaS-to-SaaS security capabilities, we are deepening our commitment to help customers innovate with speed and agility without sacrificing security."
Additional Resources:
Blog: Read specific use-cases and more on the new SaaS Supply Chain security capabilities on our blog HERE.
Webinar: Join security industry leaders from Workday and S&P Global for a webinar on evolving risks and opportunities in today’s hyperconnected SaaS ecosystem by registering HERE.
About Obsidian Security
Obsidian Security is the leading SaaS security platform, trusted by global enterprises like Snowflake, T-Mobile, and S&P Global. We protect over 250 global organizations, including many of the world’s largest Fortune 1000 and Global 2000 companies, with data center availability in North America, EMEA, and APAC. Backed by top investors including Greylock, Norwest Venture Partners, and IVP, we’re closing a critical gap: securing the SaaS and AI tools that organizations rely on. Our platform reduces risk, detects and responds to threats, and prevents breaches at the source. Obsidian was built by leaders who redefined endpoint and identity security at CrowdStrike, Okta, Cylance, and Carbon Black.
For more information, visit www.obsidiansecurity.com
Contacts
