Obsidian Security, a specialist in SaaS security, is one of the vendors that worked with the Cloud Security Alliance to establish a framework that can be used to evaluate the security of SaaS platforms, an important step in a part of the IT industry that is under increasing attack by bad actors and facing the security risks brought on by AI agents.

However, as with all standards like the SaaS Security Capability Framework (SSCF), they can be helpful only if adopted by the vendors. What’s needed is a push by customers of SaaS companies to ensure the SSCF measures are put in place. To that end, Obsidian is bringing together security leaders to create a cross-industry working group to pressure SaaS vendors to adopt the framework.

In an open letter this week to SaaS companies, Obsidian Chief Product Officer Khanh Tran is urging them to make security the default in their operations. As SaaS and cloud computing have become the norm for organizations and individual users alike, the need for stronger security measures has continued to grow, particularly given the escalating threats targeting those environments.

“The SaaS business model won,” Tran wrote. “Users, organizations, and entire industries now rely on hundreds of critical cloud applications to power everything from HR to finance to AI. But the same ecosystem that made modern business possible has created a quiet but intensifying security crisis: the lack of security standards across SaaS puts our daily operations in jeopardy.”

Playing by Their Own Rules

The problem is the SaaS vendors tend to set their own rules, he wrote, so security settings and permissions can differ from app to app – hampering risk management – posture management is hobbled by limited-security APIs that restrict visibility into their configurations, and poor logs and data telemetry make threats difficult to detect, investigate, and respond to.

“For years, SaaS security has been a one-way street,” Tran wrote. “SaaS vendors cite the shared responsibility model, while customers struggle to secure hundreds of unique applications, each with limited, inconsistent security controls and blind spots.”

Adding onto the already existing challenges is the rapid emergence of SaaS products based on agentic AI, a situation that makes the imbalance in the shared responsibility model “untenable,” he wrote.

“With no-code and low-code platforms like Glean and n8n, anyone can spin up autonomous agents that read, write, and export data across multiple SaaS environments in nanoseconds,” Tran wrote. “While these agents undeniably boost productivity, they also open the door to data exposure if not properly secured.”

SaaS is Everywhere

Global consultancy McKinsey and Co. earlier this year wrote about the ubiquity of SaaS applications and the cloud in modern life, and how the rise of generative AI has stemmed the growth. Most people likely don’t realize how central to their lives SaaS tools and the cloud are, the company wrote.

“Much of our online lives are supported by SaaS,” the report’s authors wrote. “Google Workspace tools – including Gmail, Google Docs, and more – are SaaS products, as are Microsoft Outlook, Slack, Zoom, and thousands more.”

The global SaaS market was worth about $3 trillion in 2022, after about 10 years of accelerating growth, McKinsey wrote. Its researchers at the time estimated that it could grow to as much as $10 trillion by 2030.

Then generative AI hit the scene.

“SaaS transformed the global enterprise software market, but the recent unprecedented growth of gen AI has disrupted the software industry even faster and more thoroughly than SaaS,” it wrote, adding that “gen AI will trigger software customers to switch their vendors more frequently as they race to keep up with the latest innovations.”

Salesloft a Case in Point

Obsidian’s Tran pointed to the recent breaches of hundreds of Salesforce customers due to OAuth tokens associated with a third party, Salesloft and its Drift AI chat agent, being compromised, allowing the threat actors access into both Salesforce and Google Workspace instances. The incidents illustrated the need for strong security in SaaS environments.

“The same cascading risks apply to misconfigured AI agents,” Tran wrote. “We’ve witnessed one agent download over 16 million files while every other user and app combined accounted for just one million. AI agents not only move unprecedented amounts of data, they are often overprivileged. Our data shows 90% of AI agents are over-permissioned in SaaS.”

‘Sounding the Alarm’

Given the rising threats, “SaaS customers are sounding the alarm and demanding greater visibility, guardrails and accountability from vendors to curb these risks,” he wrote. “Yet without vendor-provided telemetry, configuration APIs, and consistent controls, rogue AI agents and threat actors can freely turn SaaS supply chains into data exfiltration highways.”

SaaS companies need to address these customer concerns, Tran said, adding that such incidents as the Salesloft compromise are only the beginning.

“Trusting your data is safe because it sits inside established apps like Salesforce or Google is not enough,” he said. “Any connected app is now a doorway to your business secrets. Meaning every SaaS vendor must become a part of your security strategy.”