Incident Response

AppOmni’s Marlin AI Brings Autonomous Investigation to SaaS Security

Marlin AI automatically analyzes SaaS misconfigurations, investigates related activity across enterprise environments, and recommends remediation steps — while stopping short of fully autonomous corrective action.

Marlin AI automatically analyzes SaaS misconfigurations, investigates related activity across enterprise environments, and recommends remediation steps — while stopping short of fully autonomous corrective action.

Securing software-as-a-service (SaaS) apps is hard. The standard cybersecurity controls are not designed for SaaS.

The difficulty is the software doesn’t belong to the user and usually runs on somebody else’s infrastructure. Standard cybersecurity products are designed to operate on software owned by the user and housed on the users’ infrastructure.

SaaS providers attempt to maintain security inside their apps, but they cannot control how they are used. Usage varies from user to user and is fundamentally governed by how the app is configured. This configuration is the only native security available to SaaS users, and misconfiguration is the primary and most common source of insecurity.

“The legal team might be using one (or more) SaaS apps, HR, financial and engineering something else – everyone across the company is using different tools, perhaps 100 different tools,” suggests Melissa Ruzzi, senior director of AI at AppOmni. Each one will have a different configuration, generally set by the user. “That’s what makes SaaS so interesting,” she continues (probably including ‘interesting ‘ in the purported ‘Chinese sense’), “because the configuration is where all the security actually lies.”

The SaaS threat surface is already huge and constantly expanding, with more users and more company departments using more SaaS apps. If downloaded and run locally, this is not always with the knowledge of the IT and security departments, possibly creating shadow SaaS that often includes shadow AI.

AppOmni is one of the cybersecurity firms offering specialized assistance. It provides a SaaS security posture management (SSPM) platform, aiding visibility into, control over, and reduced breach risk from SaaS apps. But it simply gets harder through the growing size and complexity of the threat surface. 

Advertisement. Scroll to continue reading.

This is not a problem unique to SaaS security. Security firms, including AppOmni, are turning to AI to improve the efficiency and effectiveness of their service. In December 2023, AppOmni introduced AskOmni, an AI-powered SSPM assistant designed to answer, in natural language, user queries on anything arising from the platform.

Marlin AI

On May 26, 2026, AppOmni launched Marlin AI, designed to allow as much autonomy in addressing the issues discovered by the platform as possible. AskOmni and Marlin work hand-in-hand. “Marlin investigates and analyzes issues, and does a bunch of things,” explains Ruzzi. “If you have any questions about what it has done, you can just AskOmni.”

Marlin examines all the different configurations used by different users across all the SaaS apps used by different companies. Marlin’s context is drawn from the years of SaaS expertise accumulated by AppOmni – so it can automatically detect potentially worrying configuration settings. “Let’s say it finds an unenabled MFA in a configuration,” comments Ruzzi. “That’s a problem in itself. But how dangerous is that problem?”

Marlin looks further, because the urgency of the problem depends on other factors. “Have you been doing mass downloads from a weird IP under a weird VPN…  So, now you must look into everything else that is happening across the platform.”

Normally, all of this work is performed manually by a human analyst, and that takes time. Marlin does it automatically, but it goes further. Users wish to know what to do rather than just be told ‘this missing MFA could lead to a breach’ – Marlin does this; it recommends a course of remedial action.

An expanding issue with all new AI solutions is does it, or could it, take the autonomy of fault detection to an autonomy of automatic fault correction. The answer for Marlin is nuanced. Actions inside the AppOmni platform can be automated. It may report a benign issue and effectively provide the user with a button. “You click the button, and ‘boom’, Marlin does everything for you,” explains Ruzzi.

But it is different when the required action goes beyond the platform. “Let’s say we find a misconfiguration on your Salesforce,” she continues. “Consider the level of access Marlin would require making changes automatically. That’s a line we don’t cross, because customers are not generally happy to give a third party, us, admin rights to their data.”

Could Marlin perform autonomous action? Yes. Does it? No; at least not yet. “We’d love to be able to do it, but customers aren’t ready to accept it – and I don’t see that changing. If it does change, we’re ready, and yes, we’ll do it.”

What Marlin does provide, however, is a greater level of information on its investigations. It provides graphs that allow the user to take a deep dive into the data concerned.

Related: Shadow AI Risk: How SaaS Apps Are Quietly Enabling Massive Breaches

Related: Reco Raises $30 Million to Enhance AI SaaS Security

Related: CSA Unveils SaaS Security Controls Framework to Ease Complexity

Related: Thousands of SaaS Apps Could Still Be Susceptible to nOAuth

Related Content

Artificial Intelligence

Researchers demonstrate adversarial hallucination squatting against popular AI assistants to achieve remote code execution.

Artificial Intelligence

Two announcements on July 7, 2026, demonstrate the government’s determination to improve the level of cybersecurity within the UK.

Artificial Intelligence

Wiz has disclosed the details of a new AI coding assistant attack method it has dubbed GhostApproval.

Artificial Intelligence

The "Rogue Agent" vulnerability could have enabled attackers to silently manipulate AI conversations, exfiltrate data, and compromise every Dialogflow CX agent within the same...

Artificial Intelligence

Researchers show how attackers can use a crafted public GitHub Issue to trick AI-powered workflows into exposing data from private repositories without authentication.

Artificial Intelligence

The audits are reportedly being spearheaded by CISA’s Attack Surface Evaluation team, a specialized unit tasked with conducting digital defense assessments and simulated hacking...

Artificial Intelligence

Attack demonstrates how LLM agents can combine known exploitation techniques with real-time reasoning to automate complex, multi-stage intrusions.

Artificial Intelligence

As AI-generated code becomes commonplace, CISOs need new audit strategies to measure developer practices, govern AI tool usage, and identify software risks before they...

Copyright © 2026 SecurityWeek ®, a Wired Business Media Publication. All Rights Reserved.

Exit mobile version