Sean Roche, Sr. Director of Product Marketing & Value Engineering, Obsidian Security – Interview Series

Sean Roche, Senior Director of Product Marketing and Value Engineering at Obsidian Security, leads cross-functional initiatives focused on SaaS security, AI security, and go-to-market strategy. He has played a key role in developing the company’s first unified use case framework, aligning sales, marketing, and customer success around measurable business outcomes while also overseeing launches for GenAI and AI agent security solutions. Prior to Obsidian Security, Roche held leadership positions at companies including Forter, Aviatrix, and Okta, where he specialized in business value consulting, pricing strategy, customer value engineering, and executive-level ROI analysis. His background combines cybersecurity, enterprise software strategy, and financial research, giving him extensive experience translating technical capabilities into measurable business impact for enterprise customers.

Obsidian Security is a cybersecurity company focused on securing SaaS applications, AI agents, identities, and enterprise integrations across modern cloud environments. The company provides a unified platform designed to help organizations detect threats, manage SaaS security posture, govern data access, and monitor risky activity across business-critical applications such as Microsoft 365, Salesforce, Slack, and other cloud services. In recent years, Obsidian has expanded into AI agent security, helping enterprises gain visibility into how autonomous AI systems interact with SaaS platforms, data, and workflows in real time. Founded by security leaders with backgrounds at companies including CrowdStrike, Okta, Cylance, and Carbon Black, Obsidian positions itself as an end-to-end SaaS and AI security platform built to address the growing complexity of cloud and agentic AI environments.

You’ve built your career at the intersection of business value, risk strategy, and SaaS security, now leading value engineering and product marketing at Obsidian Security. What drew you to focus on securing AI-driven SaaS ecosystems, and how does Obsidian’s approach differ when it comes to emerging agentic technologies like OpenClaws?

Across my career, the biggest gap has always been what security can’t see, because that’s where breaches actually live. We’ve seen this in incidents where disconnected or unmanaged systems created exposure that traditional controls simply didn’t catch. And I’ve seen the same dynamic firsthand with the more modern bridges people use to connect into major platforms, or connections that were outside normal security visibility, and in some cases even after the IT team thought they had been disabled. Those experiences made it clear how much of the risk sits in the seams between systems, not just inside the systems we think we’ve secured.

This reality is shifting from shadow IT to now shadow AI, where new tools and agent-driven workflows can appear and spread faster than governance strategies can keep up. Many security approaches respond by trying to centralize and wrangle everything into a single control plane. But that model breaks down in distributed environments, especially when critical data and activity are happening inside third-party applications you don’t own and can’t fully control.

That’s what drew me to securing AI-driven SaaS ecosystems, and it’s also why Obsidian’s approach is so compelling. The number of SaaS breaches has risen by 300%, yet most organizations still lack the proper visibility into how these applications are being utilized. This is the gap we focus on, so you can understand what’s actually happening within the enterprise and where the exposure exists. As agentic technologies like OpenClaws mature, this approach is becoming even more important, because the risk isn’t just whether an agent has access to certain data, but what it can access and how quickly it can act.

Agentic AI systems such as OpenClaws are gaining significant attention following NVIDIA GTC. From your perspective, what fundamentally differentiates these systems from earlier AI tools in terms of security risk?

Understanding what non-human identities are and how to secure them has become critical for security teams, as 68% of IT security incidents now involve machine identities and half of enterprises surveyed have experienced a security breach due to unmanaged non-human identities. The security industry has primarily focused on SaaS security posture management and human identity governance while NHIs proliferated in the background. Now, as organizations deploy AI agents with administrative privileges at scale, the governance deficit has become critical.

Agentic systems like OpenClaws show both the promise and the risk of truly agentic AI. It’s one of the first times we’re seeing AI released into the wild with real autonomy, operating beyond a narrow, supervised workflow.

The security risk changes quickly when those capabilities become more widely accessible, lowering the barrier for non-experts to interact, and potentially exploit, these critical systems.  People are already connecting AI agents into their Saas environments and expanding the threat landscape in a number of ways including through API keys, native integrations, and third-party applications. However, every new agent-enabled workflow multiplies the number of paths for access.

The recent Vercel breach illustrates this growing threat facing security teams. When you authorize a third-party app, you’re implicitly trusting everyone who touches that app’s infrastructure, their cloud provider, their developers, their own connected services. Most organizations don’t know what they’ve actually agreed to, and this issue is magnified by the rampant use of agentic AI.

Many AI agents operate without a real harness to keep them controlled. When you don’t have access to fingerprints or have weak guardrails in place, it’s hard to know what the agent did, what it touched, and what changed until after the fact. That combination is what makes the risk profile fundamentally different from earlier AI tools.

You’ve described OpenClaws as potentially exposing new attack surfaces due to their broad permissions and autonomy. Can you walk us through a real-world scenario where this risk becomes tangible for an enterprise? 

The risks like those posed by OpenClaws become tangible the moment these agents move from isolated tasks and are installed into real production environments, which is something that’s already happening.

Most organizations are focused on making sure the right person can access an agent and that the agent behaves as expected. However, few organizations are thinking about what happens when an agent starts interacting with another agent.

That’s where the attack surface expands dramatically. Once outputs from one system, like Slack messages or Jira tickets, become triggers for actions in another. Leaders lose control of interactions and can’t maintain consistent visibility and audit trails. These agents are also simultaneously connecting across SaaS APIs, many of which still lack proper gateways or security protections.

The average enterprise is already running hundreds of agents, a number that has grown nearly 100x in the past year. When teams actually look, 38% carry medium, high, or critical risk factors, most with no documented owner, several built by accounts that no longer exist, with live connectors to production systems and zero execution history.

Closing this gap requires deep visibility inside the applications themselves to better understand what those credentials can actually do, in each system, against each dataset, for each potential invoker. Without that proper context, you’re operating with only half the picture. Leaders also need to shift strategies from detection to runtime enforcement to block actions at the moment of execution, before the action completes, rather than after the damage is already done.

Many organizations believe they already have adequate SaaS security in place. Where are these assumptions breaking down when agentic AI enters the picture?

Many organizations believe they’ve already “solved” SaaS security, but that assumption is being challenged as agentic AI adoption accelerates. SaaS security is often treated as a box to check: budget is approved, a tool is deployed, and the problem is considered handled. In practice, however, the SaaS APIs that underpin these environments were never fully brought under control, largely because there is truly limited enterprise visibility into what is happening at the API layer and what SaaS assets are talking to each other.

This creates a structural blind spot, where enterprises may secure identities and endpoints, but they often lack a clear view into how SaaS data is being accessed and acted on once APIs are in play. As a result, many organizations are still operating over the open internet directly into critical systems without fully understanding the scale or behavior of API-driven interactions happening underneath.

Agentic AI is now exposing this gap, creating challenges faster than teams can close them down, and in doing so, becoming a catalyst for the API conversation.

How should enterprises rethink governance when dealing with autonomous AI agents that can access, move, and act on data across multiple systems?  

No leader wants to slow down AI adoption right now, especially as pressures rise to move faster or show measurable output where even token consumption is being used in evaluations. In many cases, AI mandates are coming directly from the top, with CEOs reporting progress to boards or even public stakeholders, which only intensifies the pressure to adopt at speed. In that environment, where “AI at all costs” becomes the default posture, misconfigurations and over-permissioned access can’t realistically be fixed fast enough through traditional governance cycles.

The issue is that agentic systems don’t wait for remediation. They can discover systems, chain actions, and execute workflows across multiple SaaS applications in seconds, often completing ten or more steps before a human could even detect, let alone intervene.

This is why governance is no longer just about catching issues earlier in the development lifecycle, but increasingly control at the moment the agent is actually acting. Security leaders cannot effectively govern agents if control only happens after misuse.

In a world where agents are making autonomous decisions across SaaS systems, the only viable approach to protect against these agentic-AI driven threats is through Runtime Governance. This approach requires moving beyond post-execution detection, to detect and block privilege escalation, excessive data access, and policy violations before they can impact the organization. These controls must be aligned to OWASP standards and industry best practices, ensuring agents operate within explicit and enforceable boundaries – so teams can keep pace with the speed of agentic AI adoption without compromising innovation.

From a technical standpoint, what are the most overlooked vulnerabilities introduced by agentic AI within SaaS environments?

When organizations adopt a brand new SaaS tool, they increasingly find that AI functionality is being quietly added or enabled by default. The problem is that these capabilities often don’t come with the same level of configuration controls or auditability that security teams rely on for traditional SaaS features. As a result, when an action is taken, it becomes difficult to distinguish whether it was initiated by a human user or an autonomous agent. In many cases, enterprises don’t have the option to toggle AI functionality off either, as these capabilities are embedded within the SaaS application itself.

That ambiguity creates a major blind spot for security and governance. If an embedded AI feature is making decisions on behalf of a user, organizations often have no clear way to trace intent, understand decision logic, or even confirm what prompted a specific action.

The risk becomes even more pronounced when you consider the AI supply chain inside SaaS itself. These embedded AI capabilities often depend on upstream models, services, and third-party integrations. If any part of that chain is compromised, degraded, or manipulated, the AI inside the SaaS application can turn trusted business applications into active participants in an attack path.

The AI layer inside SaaS has effectively become its own supply chain, and it introduces a new class of risk that needs to be monitored and governed in its own right. Without visibility into how these embedded AI systems behave and what data they rely on, organizations are blind to a growing portion of their SaaS attack surface.

You’ve worked extensively on quantifying business value and risk. How should organizations measure the financial and reputational exposure tied to unsecured AI agents?  

If an AI agent is misused or causes a breach, the immediate impact isn’t just the incident itself, but it’s the organizational response that follows. This event will slow down the rate at which the company is willing to adopt and scale AI as leaders become more cautious. Once trust is broken, it becomes significantly harder to restart the innovation engine that drove value in the first place.

That dynamic extends beyond internal teams to external stakeholders as well. Boards, customers, and shareholders all expect responsible deployment, and any failure tied to autonomous agents quickly becomes a fiduciary and reputational issue. When security isn’t built in by design, organizations are forced into reactive conversations about control and safety, which inevitably slows decision-making across the business.

There’s also a more structural financial exposure that’s often overlooked. As the perceived blast radius of AI agents grows, companies tend to become more conservative in how they allocate capital. In some cases, that means holding back funds or delaying investment to protect against potential incidents.

In that sense, securing AI agents becomes less of a pure risk mitigation exercise and more of a revenue and growth conversation. The organizations that can deploy AI with trust, knowing agents are governed and contained, will be able to move faster, while those without that confidence will naturally slow themselves down. In 2026, that ability to pair speed with trust is becoming a superpower.

There’s clearly a tension between rapid AI adoption and responsible deployment. What does a balanced strategy look like for companies that want to innovate without increasing their risk profile?  

Right now, one of the biggest gaps between AI adoption and responsible deployment is communication. Many enterprises are actively using AI across SaaS environments, but they’re not consistently having a clear, external conversation about how it’s being used, and what safeguards are in place. That lack of transparency can actually increase risk, because it leaves customers, and partners to assume the worst case rather than understand the actual controls in place.

A more balanced approach treats responsible AI use as part of the value proposition, not just an internal compliance exercise. There’s an opportunity for enterprises to be more explicit about how AI is governed inside their environments, including what it can and cannot do and what protections exist when it interacts with sensitive systems. That kind of clarity builds trust to help scale AI safely.

Companies that can clearly articulate how AI is being used across their SaaS environments and demonstrate that it is being controlled in a structured, observable way, will be able to innovate faster without increasing perceived risk.

As more enterprises experiment with agentic AI, what immediate steps should security teams take today to avoid becoming the next headline breach?  

Agentic AI doesn’t just introduce a new class of risk, but it also accelerates the ones organizations can’t yet see. In fact, shadow AI adds an extra $670K to the average breach cost. However, the root issue is visibility. When organizations don’t know where AI is being used or how it is interacting with systems, it takes longer to detect and contain incidents, directly increasing both financial and regulatory impact.

The first immediate step is establishing visibility across the business. Security teams need a clear picture of both sanctioned and unsanctioned AI usage, not just at the application level but across workflows where AI is actively making or influencing decisions.

Once visibility exists, the focus shifts to translating it into enforceable policy and embedding it into the systems where work actually happens. That means aligning with the business on how AI should be used, then moving from documentation to technical controls that operate across endpoints, SaaS platforms, and agentic systems. The earlier those controls are introduced into the execution path, the lower the likelihood of high-cost, hard-to-contain incidents emerging from shadow AI and autonomous agents.

Looking ahead, how do you see the security landscape evolving as agentic AI systems become more deeply embedded into enterprise infrastructure?

Organizations will need AI-native security to address AI-driven threats. These systems must operate at machine speed, fundamentally reshaping security operations. Humans will remain in the loop, but shift toward strategic oversight, applying the context and judgment AI still lacks.

That shift also changes how security teams are structured. Teams may not shrink, but their scope will expand significantly, with a single security professional responsible for a much larger surface area through automation and AI-driven tooling.

Additionally, in agentic environments, monitoring and detection aren’t enough. Organizations will need to implement real enforcement mechanisms. That means building systems that act as switches: the ability to turn capabilities on or off, constrain behavior in real time, and isolate systems that are misbehaving or could compromise the broader enterprise. The supply chain risk in AI is simply too large not to have kill-switch-like controls embedded into the architecture.

Looking ahead, AI will continue to accelerate potentially beyond human speed and capability. But the conversation can’t focus on risk alone; it must also include opportunity. Like raising children, AI will grow and make mistakes, but it also has the capacity to surpass us. The winners will be the those that embrace AI at scale while building the control systems needed to deploy it safely and with trust.

Thank you for the great interview, readers who wish to learn more should visit Obsidian Security.