Unauthorized SaaS Integrations Could Trigger Major Data Breaches: Obsidian Security

San Francisco: Cybersecurity firm Obsidian Security is raising alarms about escalating security risks from unauthorized SaaS-to-SaaS application integrations, warning enterprises face massive breach exposure without continuous visibility across their software ecosystems.

Joseph Gothelf, Wyndham’s Vice President of Cybersecurity, stated, “In the absence of continuous visibility into the entire SaaS ecosystem, especially unauthorized activity between SaaS applications, we are looking at a huge data breach waiting to happen.”

The warning comes as Obsidian Security demonstrated its ability to detect the recent Salesloft breach in near real-time. Company CEO Hasan Imam stated Obsidian detected breach signs “earlier than anybody else,” operating in parallel with incident response firm Mandiant, adding “None of our customers lost any data due to this breach.”

The security challenge stems from the proliferation of SaaS application integrations that operate outside traditional security perimeters. Imam emphasized, “SaaS-to-SaaS security requires a new layer in enterprise defense and focused investment,” noting it is “architecturally separated from all the things we have been thinking about,” including endpoint protection, network security, and user access controls.

Traditional enterprise security architectures fail to address unauthorized data flows between connected SaaS applications, creating exploitable blind spots. Attackers increasingly target these gaps across complex enterprise ecosystems.

Imam stated the threat requires a novel approach, as conventional tools lack visibility into application-to-application communications. AI-driven tools such as Claude Code Security aim to address these gaps by analyzing software interactions and identifying vulnerabilities.

The Salesloft breach highlighted how SaaS integrations can serve as attack vectors, with compromised applications potentially accessing data across entire connected ecosystems. Enterprises typically deploy dozens or hundreds of SaaS applications with complex integration patterns, creating extensive attack surfaces.

Obsidian Security’s platform provides continuous monitoring of SaaS application behavior, detecting anomalous integration activity and unauthorized data access patterns. The company’s early detection capability during the Salesloft incident demonstrates how real-time SaaS security monitoring can prevent data exfiltration even when breaches occur upstream.