Obsidian Security
Primary category: sspm.
One-liner — A SaaS security platform that pairs posture management (SSPM) with identity threat detection and response — i.e. it both hardens SaaS configurations and watches for active account compromise and privilege abuse inside apps like M365, Salesforce, Workday, and ServiceNow.
Categories — sspm
What it does
Obsidian connects via API to an organization’s SaaS apps and builds a model of users, privileges, OAuth integrations, and configuration state. Beyond static posture (SSPM), its differentiator is detection: it baselines normal SaaS activity and alerts on threats — compromised accounts, session hijacking, privilege escalation, suspicious third-party/AI app behavior — bringing a SOC/threat-detection lens to the SaaS layer. It also covers data-exposure reduction and excessive-privilege cleanup. More recently it markets AI threat/risk management (governing AI app and agent usage touching SaaS).
Where it sits in the stack
Sits in sspm (foundation layer), straddling SSPM and identity threat detection & response (ITDR). Its main risk role is protecting sensitive data (limiting exposure and catching data-theft via compromised SaaS accounts). The detection/ITDR angle makes it more of a runtime-aware SaaS control than pure config hygiene.
Deployment & architecture
SaaS-delivered; integrates with target apps via their APIs/OAuth (not an inline proxy or endpoint agent for core function). Streams detections to SIEM/SOC and integrates with IdP for identity context. Designed to feed a security operations workflow, not just a posture dashboard.
Positioning & differentiators
Best known for bringing threat detection (its founders came from Carbon Black and Cylance) to SaaS, not just posture scoring — that ITDR emphasis is the main thing separating it from config-first SSPM peers. Nearest neighbors: appomni (posture/data-access depth, enterprise SSPM), valence-security (remediation + AI security), adaptive-shield (CrowdStrike), grip-security (SaaS/identity discovery), wing-security, reco, nudge-security, docontrol.
Ownership, funding & M&A
Independent, venture-backed. Founded 2017 by Glenn Chisholm, Ben Johnson, and Matt Wolff (alumni of Carbon Black and Cylance); HQ in Newport Beach, California. Raised a $90M Series C led by Menlo Ventures with Norwest Venture Partners and IVP (announced 2022-04-14), bringing vendor-cited total to ~$119.5M. No acquisition of Obsidian found as of 2026-06-28 — ownership_confidence: high that it remains independent.
CTO / hedge-fund lens
Day-2. Relevant once a fund has a SOC function (in-house or MSSP) that can act on SaaS detections — Obsidian’s value is as much in the alerting/response as in posture. Fit is medium: a small fund without security-operations capacity may not exploit the ITDR strength and could get baseline posture more cheaply elsewhere; a larger, SaaS-heavy, regulated shop wanting active detection of SaaS account compromise gets more from it than from a config-only SSPM. Supports access-review and incident-evidence needs; not directly an SR 11-7 model-risk control.
Competitors / alternatives
appomni, valence-security, adaptive-shield, grip-security, wing-security, reco, nudge-security, docontrol
Open questions / to verify
- Whether any funding round has closed since the 2022 Series C; current total.
- Depth/maturity of the newer AI threat/risk-management features vs. peers.
Sources
- Obsidian Security Raises $90 Million Series C Round (vendor press release) — fetched 2026-06-28 — supports: Series C $90M, Menlo/Norwest/IVP leads, ~$119.5M total, founded 2017, founders, SSPM + identity threat detection scope; confidence: high (primary, vendor tone).
History
- [2026-06-28] Stub created from seed registry.
- [2026-06-28] Researched; confirmed independent (no acquisition), founded 2017 by Chisholm/Johnson/Wolff, Newport Beach HQ, $90M Series C led by Menlo Ventures (2022), ~$119.5M total; established SSPM + identity-threat-detection positioning. Set ownership_confidence high, status researched.