By NHI Mgmt Group Editorial TeamPublished 2025-11-12Domain: Agentic AI & NHIsSource: WorkOS

TL;DR: Obsidian Security’s AI agent monitoring adds behavioural visibility to SaaS environments, but its own framing shows that observability after authentication cannot replace the identity controls agents need in production, according to WorkOS. The real issue is the gap between access granting and access governance, where AI agents inherit SaaS permissions before security teams can meaningfully constrain or verify them.

At a glance

What this is: This is an independent analysis of Obsidian Security’s AI agent monitoring approach and the key finding that post-authentication observability does not solve the authentication boundary for production agents.

Why it matters: IAM, NHI, and agentic AI programmes all need to separate access control from detection, because visibility without authoritative identity infrastructure leaves agent permissions, auditability, and containment unresolved.

By the numbers:

  • Obsidian protects over 200 organizations globally and was named a Forrester Strong Performer in the SSPM Wave (2023) with the highest adoption scores in their category.
  • The platform's free plan supports up to 1,000 users and the advanced plan requires a custom quote.
  • WorkOS offers a 99.99% uptime SLA, dedicated support channels, and white-glove onboarding.

👉 Read WorkOS's analysis of Obsidian Security and AI agent identity risk

Context

AI agent monitoring is the practice of observing what an agent does after it has already been authenticated and authorised. That distinction matters because many enterprises are adding detection layers before they have clean control of the identity boundary, which leaves access decisions, permissions, and accountability split across different tools.

Obsidian Security’s article makes that split visible by comparing SaaS observability with authentication infrastructure. For agentic AI programmes, the governance question is not whether anomalous behaviour can be detected. It is whether the organisation can issue, scope, and revoke agent access cleanly enough that detection is a secondary control rather than the main line of defence.

Key questions

Q: How should security teams govern AI agent access in SaaS environments?

A: They should treat AI agents as non-human identities with explicit ownership, narrow permissions, and lifecycle control. Monitoring can detect misuse, but it cannot replace the identity boundary. The safer model is authoritative provisioning, scoped OAuth grants, audit logs, and fast revocation tied to the agent’s business purpose.

Q: Why do AI agents change the identity risk model for SaaS applications?

A: AI agents can access data and invoke actions at machine speed, which makes delayed review cycles less effective. The risk is not just compromise, but over-broad access granted before anyone can observe behaviour. That is why identity governance must define scope before runtime and not rely on alerts alone.

Q: What do teams get wrong about AI agent monitoring?

A: They often confuse visibility with control. A monitoring platform can show suspicious behaviour, but it does not decide who gets access, what the agent may do, or when access ends. If those decisions sit outside the identity programme, the organisation is still exposed even with strong detection.

Q: What is the difference between authentication infrastructure and agent observability?

A: Authentication infrastructure establishes identity, sessions, and permissions. Agent observability records and analyses what happens after access is already in place. For production AI systems, observability is useful for detection, but authentication infrastructure is the control that determines whether the agent should have had access at all.

Technical breakdown

Post-authentication observability in AI agent security

Obsidian’s model is an observability layer: it correlates identity, activity, and threat signals after a session already exists. That means it can detect unusual downloads, new SaaS targets, or suspicious OAuth use, but it does not define the original entitlement boundary. In identity terms, it sits above authentication and authorisation, not inside them. For AI agents, that distinction is critical because the security problem is often not only what the agent does, but what it was allowed to do before anyone had behavioural evidence.

Practical implication: use monitoring to detect misuse, but do not treat it as a substitute for issuing and revoking agent access through authoritative identity controls.

Knowledge graph correlation and SaaS risk signals

A knowledge graph in this context is a correlation layer that links identities, permissions, applications, and behaviours into a single model. The value is contextual detection: if an agent normally reads one dataset and suddenly begins pulling files from multiple SaaS systems, the graph can surface the change as suspicious. The limitation is that correlation depends on data already flowing from connected SaaS tools, so it is strongest at detection and weakest at prevention. It improves narrative visibility across SaaS estates, but it does not change who owns the identity lifecycle.

Practical implication: feed correlation engines with complete audit data, then map every high-risk agent to a lifecycle owner and revocation path.

Why authentication infrastructure still comes first

Authentication infrastructure decides how an agent proves identity, how access is provisioned, and how sessions are terminated. Without that layer, behavioural monitoring is always downstream of the decision that matters most. This is where AI agent governance differs from generic SaaS security: agents can act at machine speed, so the initial grant and the entitlement boundary need to be explicit, auditable, and revocable before runtime. Detection can narrow blast radius, but only if the access model already exists.

Practical implication: establish SSO, SCIM, audit logs, and session control before adding agent monitoring as a secondary control.

Read our 52 NHI Breaches Analysis report for a comprehensive view of breaches impacting Non-Human Identities including AI Agents.

NHI Mgmt Group analysis

Observability after authentication is not identity governance. Obsidian Security’s model is built to watch behaviour once access already exists, which is useful but structurally incomplete for agent security. The central governance issue is that access can be granted too broadly before monitoring ever starts. For agentic programmes, this means the control plane must be owned by identity teams, not just by security telemetry teams.

AI agent monitoring exposes the boundary between detection and control. A platform can correlate identity, activity, and anomalies across SaaS applications, but it cannot retroactively make an access decision safer. That boundary matters because many organisations are trying to solve agent risk with a visibility stack when the actual weakness is entitlement issuance. Practitioners should treat monitoring as evidence, not as authorisation.

Identity after the fact creates governance debt. When teams add agent observability without authoritative provisioning and revocation, they accumulate unresolved questions about who approved the access, who owns the account, and how quickly it can be withdrawn. This is a lifecycle problem as much as a security problem. The implication is that NHI and agent programmes need a single source of truth for account creation, scope, and offboarding.

Machine-speed access changes the control model for SaaS identities. AI agents can move faster than human review cycles, so the old assumption that suspicious activity will be caught before damage compounds is increasingly weak. That does not make monitoring irrelevant. It means the programme has to assume that behavioural detection arrives after at least some access has already been exercised.

Agent governance will converge on authoritative identity boundaries, not broader telemetry. The market is moving toward tools that can tell you what happened, but enterprise trust still depends on controls that tell you what should have happened in the first place. That is why identity infrastructure, lifecycle governance, and auditability will remain the deciding factors for production AI deployments. Practitioners should evaluate any agent security stack against the quality of its access boundary.

From our research:

  • Only 52% of companies can track and audit the data their AI agents access, leaving 48% with a complete blind spot for compliance and breach investigation, according to AI Agents: The New Attack Surface report.
  • 92% agree governing AI agents is critical to enterprise security, yet only 44% have implemented any policies to do so.
  • For a broader control lens, compare that blind spot with the OWASP Agentic AI Top 10.

What this signals

Agent security will increasingly split into control-plane and visibility-plane responsibilities. Teams that already have SSO, SCIM, and audit logs can layer monitoring intelligently, but organisations still relying on observability to define access will keep accumulating governance debt. The access boundary remains the decisive control, and monitoring should be measured against how much it shortens detection and revocation time rather than whether it creates more alerts.

With 80% of organisations reporting AI agents acting beyond intended scope in SailPoint’s research, the governance gap is no longer theoretical. The practical signal is whether your programme can assign ownership, review access, and revoke privileges without manual chasing across multiple SaaS systems. That is where an authoritative lifecycle model, not a visibility-only stack, will separate manageable deployments from shadow AI sprawl.

For practitioners

Key takeaways

  • AI agent monitoring helps detect misuse, but it does not replace the identity boundary that grants and withdraws access.
  • The core risk is governance debt at the point of entitlement, where access can be too broad before behavioural evidence exists.
  • Practitioners should treat observability as a secondary control and make authoritative provisioning, auditability, and revocation the primary controls.

Key terms

  • Post-authentication observability: A security approach that watches what an identity does after access has already been granted. It can surface anomalous behaviour, but it does not decide whether the identity should have been authorised in the first place. For AI agents, it is a downstream control, not the control boundary.
  • Identity boundary: The point where an identity is created, proven, scoped, and allowed to act. In agentic environments, this boundary includes provisioning, permissions, session rules, and revocation. If that boundary is weak, every monitoring layer above it inherits the same exposure.
  • Knowledge graph correlation: A method of linking identities, permissions, applications, and activities into a connected model so anomalies can be interpreted in context. It improves detection quality by showing relationships, but it depends on complete telemetry and does not replace authoritative identity governance.
  • Agent lifecycle governance: The discipline of owning an AI agent from creation through approval, scope assignment, monitoring, rotation, and offboarding. It applies the same governance logic used for other non-human identities, but with tighter expectations around machine-speed access and runtime behaviour.

Deepen your knowledge

AI agent access governance and SaaS identity boundaries are core topics in our NHI Foundation Level course, the industry's only accredited NHI security programme. If you are building controls for production agents in a SaaS-heavy environment, it is worth exploring.

This post draws on content published by WorkOS: Obsidian Security for AI Agent Security: Features, Pricing, and Alternatives. Read the original.

NHIMG Editorial Note
Published by the NHIMG editorial team on 2025-11-12.
NHI Mgmt Group — the independent authority on Non-Human Identity, IAM, and Agentic AI security. nhimg.org