Modern organizations are adopting SaaS applications at an unprecedented pace. This acceleration also expands the attack surface faster than any one security team can keep up. With close to 39,000 SaaS options available on the market, the abundance of choice challenges security teams to safeguard every new and niche SaaS app.
Leaving even one app unprotected can trigger a cascade of malicious activity via your SaaS supply chain. These SaaS-to-SaaS connections via OAuth integrations or access tokens are the newest pathways attackers exploit to move laterally across environments. An example is the recent Salesloft-Drift attacks, where more than 700 organizations were breached through a single compromised SaaS application with weak permissions and tokens for persistent, cascading access.
The security challenge is compounded by the lack of industry-wide standards for consistent security and monitoring. With an estimated 40 million unique SaaS permissions in use today, internal security teams struggle to keep pace and close visibility gaps. Securing every application individually is a task no single vendor can accomplish alone, and true SaaS protection requires more than simply deploying superficial connectors.
Deep insights and integrations into SaaS are needed to cover both posture and threat. Surface-level visibility, like checking configuration settings or user access, is no longer enough. In order to run a proactive security defense, security teams must have rich context into how data moves, how users and integrations interact, and how risk propagates across connected applications. Without visibility into every application, security teams can’t see what activity is occurring within their SaaS environment.
The rapid rise of AI agents shows why depth is so necessary: controlling an army of autonomous agents operating with high privileges across multiple SaaS platforms requires observability and context beyond simple settings and controls like ‘is MFA enabled’ or similar rules. Combined across thousands of users, apps, and integrations, these critical blind spots require urgent attention. But when every app is different and no team has the resources to tackle them all, how can we make progress?
We’re taking the first step to address these gaps with a twofold strategy: launching Community SDKs to empower open collaboration and forming a working group to drive stronger, standardized security commitments across the SaaS ecosystem.
Let’s dive in.
Introducing the New Obsidian Community SDK and Connectors
To help you keep pace with accelerated SaaS adoption, Obsidian is launching the Community Software Development Kit (SDK), a first-of-its-kind way to extend protection to every SaaS app that matters to your business.
With Community SDK, you can quickly build or customize connectors for any SaaS application — with no long development cycles or complex setup required. Pull any activity data exposed through the API and tailor each integration to capture exactly what your team needs. This flexibility ensures you get the right data and insights to strengthen defenses, improve posture, and adapt to your unique use cases.
But we’re not stopping there. Our combined strength lies within our collaboration, which is why every connector you build can be shared with the broader Obsidian community. The more connectors our community creates and shares, the more apps get protected and the faster we close coverage gaps across the SaaS landscape. And because these connectors are hosted and managed by Obsidian, teams don’t need to dedicate extra resources to maintenance and instead can focus on securing what matters most.
It’s a new way of thinking about SaaS security: One that grows and improves through collaboration.
Community Connectors: Security That Scales Through Collaboration
Community Connectors expand security coverage through a shared, community-driven approach. Certified partners and customers contribute high-quality, peer-built integrations that are tested and verified by Obsidian. In just one quarter, Obsidian customers and partners have already built 40 new integrations, proving how quickly SaaS security can evolve with an open, collaborative model.
With ready-to-use integrations that deliver deep insights from day one, teams can monitor, investigate, and secure critical apps with one click. Obsidian’s team supports every step of the process: validating connections, resolving errors, and organizing updates into clear, versioned releases, ensuring every app in your environment is covered with the same quality as Obsidian-native built integrations.
Community SDK: Tailored Protection for Any SaaS App
Need to add a custom rule or setting? The open-source connector repository makes it easy to download, modify, and resubmit connectors, enabling a growing library of community-built security solutions. And for niche or emerging SaaS applications not yet supported, Obsidian’s Community SDK makes building new connections simple.
Teams can create integrations in days instead of months, with full flexibility to define rules, map data, and turn deep posture and activity visibility into actionable threat insights.
Building the Future of SaaS and AI Security
While the Community SDK and Connectors are a big step forward in closing the coverage gap, the inconsistency of the data published by SaaS vendors remains a challenge. To combat this fragmentation, Obsidian Security joined the Cloud Security Alliance as a lead author of the SaaS Security Capability Framework (SSCF), defining 41 essential security controls across 6 domains. This framework is designed to become the universal benchmark by which SaaS platforms are evaluated.
Frameworks like the SSCF are helpful, but lasting change requires your help. A united voice from SaaS customers is more likely to solicit stronger security commitments from vendors. That’s why we’re assembling a cross-industry working group of security leaders dedicated to pushing vendors to adopt these baseline expectations.
Read this article to learn more about this initiative. And visit this link to submit your information and receive an invitation to join the group.
Join the Obsidian Community
It’s not your strongest controls that define your SaaS security; it’s the weakest connections that do. The only way forward is to close the coverage gaps and secure the links that chain them together.
By being an Obsidian customer or partner, you can tap into the strength and breadth of the thousands of other trusted security experts using Obsidian. Every integration built through the Community SDK feeds precise, high-quality data back into the Obsidian Knowledge Graph, enriching our threat intelligence. This deep context sharpens detection accuracy, accelerates investigation, and helps contain the blast radius of advanced threats, especially those introduced by autonomous AI agents. Plus, Obsidian users can more easily deploy their Community-built connectors to accelerate application coverage.
The more we all build and share, the more secure we become. By closing visibility gaps and eliminating blind spots, Obsidian is helping organizations build a security posture that’s comprehensive today and ready for the autonomous era ahead.
Don’t build alone. Join the growing Obsidian community today and take the first step toward future-proofing your defenses in the age of AI agents.
