Obsidian Security announced end-to-end SaaS supply chain security solution, empowering organizations to monitor, control and contain the security risk hiding inside interconnected SaaS ecosystems. Companies depend on hundreds of SaaS applications to operate their business. The security threat posed by these interconnected SaaS applications is growing exponentially with major breaches like the Salesloft-Drift Supply Chain attack that impacted over 700 organizations last year.
Obsidian Security is launching a new solution that secures the SaaS supply chain across its full lifecycle, bringing together integration risk visibility, proactive prevention, early breach detection and impact forensics, all in a single, unified platform.
“When a SaaS vendor or integration is compromised, SOC teams typically learn of these incidents through delayed vendor disclosures,” said Joseph Gothelf, VP, Cybersecurity, Wyndham Hotels and Resorts. “In the absence of continuous visibility into the entire SaaS ecosystem, especially unauthorized activity between SaaS applications, we are looking at a huge data breach waiting to happen. The new end-to-end SaaS Supply Chain security capabilities from Obsidian are a much-needed solution to an emerging risk most organizations are unprepared for.”
“We need continuous, deep visibility into our entire SaaS ecosystem, including the known and particularly the ‘shadow’ integrations moving data between apps. Obsidian’s end-to-end SaaS Supply Chain security provides the proactive visibility organizations need to stay ahead of these emerging threats and help ensure our digital infrastructure remains resilient,” said Grace Liu, SVP and CIO, Seagate Technology.
SaaS environments are interconnected through OAuth grants, API keys, automation platforms, and increasingly, autonomous AI agents embedded across business workflows. Every integration extends trust, often far beyond what security teams can easily see. When even one SaaS app, integration or AI agent is compromised, that risk can propagate across the entire environment, turning a single weak link into broad data exposure.
Current security and compliance tools focus on network security, endpoint agents or identity providers and rely on point-in-time assessments that don’t account for permission drift, expanding scopes, or how integration activity changes over time. This is where Obsidian Security has been a market leader offering the unique capability to continuously discover SaaS-to-SaaS integrations unlike any of its competitors.
Obsidian expands into the next phase of SaaS supply chain defence, delivering three new capabilities:
Full visibility into SaaS integration risk: Compared to endpoint or human to SaaS vendors, Obsidian unifies identity, permissions, OAuth scopes and activity data into a single coherent model, allowing organizations to not only see what an app can access but how it behaves across users, geographies and services. With this clarity, teams can quickly identify risky or inactive integrations, prioritize integrations in order of criticality, and safely take action like revoking access or blocking integrations before they are abused. Organizations can now reduce exposure at the source by identifying and restricting which users are able to grant and authorize new SaaS integrations, enforcing least privilege and limiting the introduction of risky connections before they spread.
Early detection and mitigation of SaaS supply chain compromise: Powered by the Obsidian Knowledge Graph and threat intelligence drawn from proprietary research and real-world incident response across our customer base, Obsidian extends its network effects to SaaS integrations, enriching detection with shared intelligence on the IP addresses used by integrations today and soon baselining normal versus suspicious data movement across SaaS environments. By baselining normal behavior across identities, APIs and integrations, Obsidian surfaces attacks in real time, exposing abuse that traditional tools miss.
Rapid breach containment and remediation: Obsidian introduces customized supply chain breach notifications tailored to each customer’s SaaS environment. When an integration is implicated in an incident, teams receive clear impact summaries showing affected tenants, downstream exposure, and suspicious activity tied directly to their data and applications. Security teams can quickly see what was accessed, contain exposure before it spreads, and remediate with confidence, dramatically reducing time to resolution without unnecessary disruption.
“SaaS environments were never designed to operate as sprawling supply chains of automated integrations and AI agents,” said Hasan Imam, Chief Executive Officer, Obsidian Security. “What started as simple app connections have become critical business pathways and attackers are exploiting that trust. As AI agents gain autonomous access and link multiple SaaS applications together, the blast radius of a single compromised integration grows exponentially. With the new SaaS-to-SaaS security capabilities, we are deepening our commitment to help customers innovate with speed and agility without sacrificing security.”