Enterprise Account Executive

The bearer token problem hidden inside your AI agent strategy. PUBlished on March 11, 2026 updated on March 12, 2026 Sophie Zhu Token theft has always been a risk. But two recent breaches have made the scale of the impact much harder to ignore. In the Salesloft-Drift and Gainsight incidents, the ShinyHunters threat group leveraged stolen bearer tokens to access the Salesforce environments of more than 700 organizations, without triggering a single authentication alert. Bearer tokens function like universal keys: if you have the token, the system assumes you're authorized, no questions asked. This trust-based model has powered machine-to-machine communication across enterprise systems for years. Now, AI agents are inheriting the same design. As enterprises race to deploy autonomous agents across their environments, every new integration expands the potential blast radius of a single token compromise. The bearer-token model that made enterprise automation possible was never built for the scale of what's coming. That's why Obsidian is introducing runtime defense for SaaS supply chain token compromise, shifting security away from blind trust and towards evidence-based access. Bearer tokens: the architecture of blind trust. Bearer tokens operate on a simple principle: possession = authorization. If a valid token is presented, the receiving platform automatically authenticates the request. There's no verification of the user or system actually holding it. This design is what makes automation possible. Bearer tokens allow systems to communicate with each other, without a human in the loop. For example, a Salesforce integration syncing data to a data warehouse every hour would be impractical if it required a person to re-authenticate each interaction. Bearer tokens solve that problem elegantly. This convenient design also introduces a tradeoff. When attackers steal a bearer token, they inherit the same access as the legitimate system, creating, reading, uploading or deleting data, until the token is revoked or expires. The platform receiving these requests has no way to tell the difference. Another way to think about it: Imagine bearer tokens like a house key. Frodo gives Sam, whom he trusts, a key to his house. Sam can come and go freely. But if that key is stolen, the front door has no other verification method to tell who's holding it. No face recognition, no fingerprint scanner, no alarm. Just a key that fits the lock. This model worked reasonably well when automation was limited to a handful of integrations. But today, enterprises are deploying AI agents and automated workflows across their entire ecosystem. Each agent relies on bearer tokens to access business systems, and most are granted broad permissions within them. If a single agent or integration is compromised, the attacker may inherit access to every application connected to it. The blast radius of a single compromise has never been larger. What a bearer token breach actually looks like. The Salesloft-Drift breach is worth examining closely. Salesloft's Drift is a conversational AI chatbot that commonly integrates with Salesforce. During the initial setup, Salesforce issues bearer tokens that allow Drift to access customer data going forward. When ShinyHunters gained access to Drift's infrastructure, they were able to steal those tokens, and with them, pathways into the Salesforce environments of more than 700 organizations. For affected companies, detection wasn't straightforward. Every API request looked legitimate: it was authenticated and signed by a known integration. Teams were hearing reports of a vendor compromise, but even Salesloft-Drift itself didn't have visibility into the token usage logs, as those lived in each customer's own SaaS tenant. That left security teams facing an impossible call: combing through logs that could represent either legitimate integration activity or malicious use of stolen tokens, with no clear signal to distinguish between them. Acting too fast risked disabling a business-critical integration. Waiting too long meant attackers might still be in the environment and had full access to export data. The logs could only verify the token. They couldn't verify the system that generated the request. Some investigations took weeks to resolve. And others, for those organizations without the logs or context to trace the activity back to the original compromise, were never resolved at all, leaving teams uncertain whether the threat had passed or simply gone quiet Obsidian security's integration attestation: prove that a request is exactly what it claims to be. Integration Attestation addresses the architectural flaw that makes token theft hard to detect, by adding cryptographic proof of origin to API requests made with bearer tokens. Let's unpack what that means. Before a vendor sends an API request to access a third-party application, their system stamps the request with a unique, unforgeable signature. Think of it like a wax seal on a letter. The secret used to generate that signature is stored inside secure hardware, where it cannot be copied or extracted. Only the vendor's real systems can produce a valid signature. Obsidian continuously verifies these signatures as API requests occur. If a request arrives with a missing or invalid signature, it's immediately flagged for investigation. Security teams can now answer a question bearer tokens alone can never resolve: Did this request actually originate from the vendor's environment, or is someone impersonating them? Critically, this verification signal appears directly in the existing SaaS activity logs that organizations already use. Security teams don't need a new monitoring system to deploy, no separate logging pipeline to maintain. The proof is embedded alongside normal integration activity, giving analysts immediate, in-context visibility during investigations. What security teams can do now that they couldn't before. For the first time, teams have a reliable, real-time signal that distinguishes legitimate integration activity from stolen-token use, without waiting for behavioral anomalies to accumulate or for a vendor to issue a disclosure. That changes the mat on three things that have historically made bearer token compromise so damaging. * Detection intrusion at the moment of SaaS supply chain token compromise: Because signatures are verified continuously and appear in standard SaaS logs, suspicious activity is flagged in near-real time. The window attackers rely on, operating undetected inside a trusted integration, shortens significantly. * Operate independently of vendor disclosures: Organizations no longer have to wait for a vendor to investigate their own infrastructure before they can understand whether their environment is affected. The evidence is in their own logs, immediately accessible. * Reduce containment time for supply chain incidents to minutes: With clear proof of origin, analysts can escalate and revoke compromised tokens quickly, or confidently confirm that activity is legitimate. Either way, they have the evidence to support the decision to the rest of the business. A foundation built for the autonomous future. The enterprise automation model wasn't designed for the scale of machine activity Obsidian Security Inc. is about to see. As AI agents and autonomous workflows expand across business systems, bearer tokens will increasingly become the connective tissue holding applications together. The underlying assumption - that possession of a token equals trust - will be tested in ways the original architecture never anticipated. Integration Attestation introduces a missing layer of verification. Instead of trusting the token alone, organizations can now verify where a request actually originated. That additional signal gives security teams what they've never had: the ability to detect stolen-token activity, investigate incidents with confidence, and respond quickly before damage compounds. The bearer token era isn't over. But the era of blind trust in them is! Get started. Start in minutes and secure your critical SaaS applications with continuous monitoring and data-driven insights.

Shadow AI isn't just new tools, it's hiding in the SaaS you already trust. PUBlished on March 10, 2026 updated on March 10, 2026 Last month Obsidian Security Inc. launched a new capability to detect AI usage in SaaS applications. What Obsidian Security Inc. found was striking. In just 30 days, Obsidian Security observed 69,749 interactions between users and corporate data with SaaS embedded AI features, most of which would have gone unnoticed without in-browser detection. As organizations race to adopt the latest AI features to boost productivity, you cannot afford to play catch up. Your legal and compliance teams are now turning to security to answer a question you may not yet be able to answer: are your AI-enabled SaaS vendors accessing data outside what was authorized in data processing agreements? Without clear visibility into how shadow AI models interact with enterprise data, you risk unknowingly exposing sensitive IP and customer information to third parties, often through tools you and your users already trust. Shadow AI is being embedded across your existing SaaS stack. When you think of AI, you probably picture standalone products like ChatGPT or Glean - tools your teams deliberately chose, evaluated, and connected to business data - that automate workflows and boost productivity using built-in AI models. But these third-party tools are not the only places where AI is interacting with enterprise data and where exposure lives. Traditional SaaS platforms, from Atlassian to Twilio, Zendesk to Airtable, are rapidly and quietly embedding AI features directly into applications your teams already use every day. This shift fundamentally changes how data is accessed, processed, and retained. Yet unless you are constantly reviewing product updates and release notes, it may take months before you realize that sensitive data is being sent to an external AI model - one that wasn't part of your original vendor review. The quiet AI takeover of SaaS and what it means for your data. Because SaaS is controlled by end users, new AI features can often be enabled without triggering security reviews or approval workflows. And unlike the AI tool your teams intentionally adopted, embedded AI arrives pre-installed in applications that already passed your last security review. Consider what this looks like in practice: * A user enables Slack's built-in AI to summarize conversations, granting the model access to message history * An employee uses Zendesk AI to turn internal knowledge base content into articles * AI assistants in Airtable analyze customer data to automatically generate new project workflows Each of these scenarios represents a real, active transfer of enterprise data to an AI model that may not have been part of any risk assessment. More importantly, many of these capabilities are shipped without mature configuration controls or robust logging APIs, leaving you with limited ability to govern or monitor their use, after the fact. Real world risk. A single employee experimenting with a new AI feature could inadvertently put your organization in breach of contract, out of compliance with regulatory obligations, or in violation of customer MSAs, without anyone in your security team knowing it happened. While productivity is real with these features, so are the contractual or compliance consequences. Your organization likely has explicit policies prohibiting AI models from processing or training on certain categories of data. In some cases, these restrictions are explicitly defined in customer agreements or MSAs. These restrictions don't disappear because a vendor quietly shipped a new feature. And relying on manual reviews, vendor assurances, or user reporting is simply not fast enough to catch this activity before it becomes a compliance problem. You need stronger controls and real-time visibility into how AI features are interacting with their data. Secure shadow AI at the speed of adoption. Continuous SaaS releases are breaking point-in-time TPRM reviews. Your Third-Party Risk Management (TPRM) processes were built to enforce security and compliance policies at the time of procurement. When a new SaaS tool is adopted, it typically undergoes an extensive review. Your team evaluated the risks, decides what data the system can access, and documents the outcome to ensure it does not introduce unacceptable risk to the business. With standalone AI tools, this pattern holds. Your teams intentionally select the product, evaluate the risks, and set boundaries Embedded AI is different, and it's breaking the TPRM model. Once a SaaS application passes its initial review, those security assumptions often remain unchanged for years. But when vendors later introduce new AI capabilities, the same level of scrutiny rarely happens, even though the potential risks can be just as significant. The result: AI features gain access to sensitive data, generate outputs based on proprietary information, or perform automated actions inside platforms that you've already "approved" and stopped watching. A growing gap. The challenge isn't just knowing which SaaS applications offer AI features. You need evidence of how those features are actively being used, in real time. A static list of vendor capabilities doesn't tell you whether your employees are using them right now. Other approaches in the market attempt to spot when users deploy AI by scanning OAuth permissions, reviewing app configurations, or flagging AI tools at the network layer. These approaches can identify that an AI tool exists, but they can't tell you when an AI feature inside an already-approved application is being invoked. That level of visibility requires monitoring at the point of interaction: the browser. Shadow AI detection: monitoring AI features at the browser level. Obsidian Security helps you detect and manage these emerging risks, enabling safe and responsible use of AI across your business. By deploying the Obsidian Security Browser Extension, you gain visibility at the exact point where users engage with SaaS. The browser is where AI features are enabled, where your data is entered, and where AI outputs are generated. And it's the only place where you can observe what's actually happening, rather than infer it from logs or configurations. Monitoring these interactions with Obsidian allows you to detect when AI features are used inside popular applications, and surface that activity directly to security teams. With Obsidian, you can: * Detect when AI features are activated inside popular SaaS applications * Identify which users are interacting with AI systems * Surface that activity directly to security teams in real time Why this matters for compliance. Real-time activity monitoring isn't just a security control, it's the evidence layer legal and compliance teams need to demonstrate that AI interactions with sensitive data were authorized, understood, and governed under applicable policy. Without it, you're attesting to controls you can't actually verify. With this insight, you can govern SaaS applications that embed AI capabilities with the same rigor as net-new tool adoption. Meaning you can implement evidence-based controls for the users enabling them, the data they access, and the integrations they rely on. What's next: from shadow AI detection to AI governance. Visibility into AI feature activity is the foundation, but it's only the beginning. As your SaaS vendors continue to embed AI capabilities at an accelerating pace, your exposure will keep expanding whether or not your policies do. The organizations staying ahead of this challenge aren't just detecting AI activity after the fact. They're building the governance layer that lets them define which AI features are permitted, on which data, for which users, and enforce those policies continuously, not just at the point of procurement. Because in a world where your SaaS vendor can turn on a new AI model next Tuesday, point-in-time reviews are a policy fiction. Real governance has to be continuous. Curious what AI activity is already happening in your SaaS environment? Get started. Start in minutes and secure your critical SaaS applications with continuous monitoring and data-driven insights.