Obsidian Security today announced that it has extended the reach of its platform for protecting software-as-a-service (SaaS) applications to include any integrations.

Additionally, the company is now making it possible to limit which specific end users of a SaaS application are allowed to grant and authorize new SaaS integrations by enforcing least privilege policies.

Finally, Obsidian has added the ability to customize supply chain breach notifications that identify affected tenants, downstream exposure, and suspicious activity.

Sean Roche, senior director for product marketing at Obsidian Security, said by extending the reach of the company’s platform to integrations it becomes possible to prevent breaches that impacted Salesforce applications last year when cybercriminals successfully compromised a plug-in provided by Salesloft.

The core security challenge that organizations relying on SaaS applications face is the level of complexity that is created via various protocols and interfaces, including OAuth authorizations, application programming interfaces that require keys to access, various automation frameworks and, increasingly, artificial intelligence (AI) agents. Whenever one SaaS application is compromised, that breach can easily propagate across the entire environment.

Obsidian addresses that issue by unifying the management of identity, permissions, OAuth scopes and activity data into a single coherent model, allowing organizations to not only see what an application can access but also how it behaves across users, geographies and services, said Roche. Armed with that capability and insights, it then becomes possible to restrict which users are able to grant and authorize new SaaS integrations, enforcing least privilege and limiting the introduction of risky connections, he added.

At the core of that capability is an Obsidian Knowledge Graph that is integrated with threat intelligence feeds and data drawn from proprietary research and real-world incident responses that Obsidian tracks via its platforms to create a baseline for tracking normal behavior across identities, APIs and integrations in real time.

From a cybercriminal perspective, the average SaaS application represents a tempting target. If they can gain access to the credential used to access them, they can potentially exfiltrate massive amounts of sensitive data. As the number of these applications significantly increased in the wake of the COVID-19 pandemic, it has become more challenging for cybersecurity teams to protect the data stored in them.

In theory, the providers of these applications are, for example, relying on encryption and data isolation to protect data, but once a cybercriminal gains access to a credential they typically gain access to any data the account they have compromised is authorized to access. That issue is only going to become more problematic as AI agents that inherit permissions from those end users are also inevitably compromised, noted Roche. Unlike a human, however, those AI agents may find ways to access massive amounts of data by bypassing whatever existing guardrails that might exist.

Now that it’s been shown how vulnerable SaaS application integrations are, it’s almost a given there will be more incidents. As such, cybersecurity teams would be well advised to prepare for the worst now in the hopes SaaS application security will improve sooner than later.