The article discusses non-human identities (NHIs) in SaaS apps—service accounts, API keys, and OAuth tokens—that often have broad access and create a visibility gap for security teams. It highlights breaches where NHIs were the weak link and describes how Dynamic SaaS Security Platforms deliver unified visibility, least-privilege enforcement, anomaly monitoring, and automatic remediation #Salesloft #Drift #Salesforce #NewYorkTimes #GitHub #Cloudflare #Atlassian #Okta
Keypoints
- Non-human identities in SaaS apps include service accounts, API keys, and OAuth tokens that often have broad access.
- The visibility gap and over-privilege of NHIs heighten risk for data breaches and unauthorized access.
- Notable breaches have exploited NHIs, such as Salesloft/Drift OAuth tokens, NYT GitHub token, and Cloudflare’s Atlassian access.
- Dynamic SaaS Security Platforms provide unified visibility, least-privilege enforcement, anomaly monitoring, and automated remediation for NHIs.
- A security checklist emphasizes discovery, classification, least privilege, monitoring, credential rotation, orphaned NHIs removal, automatic response, and real-time inventory.
Read More: https://thehackernews.com/expert-insights/2025/11/whos-really-using-your-saas-rise-of-non.html