PRODUCT

Identify, protect, detect, and respond to SaaS threats

The AppOmni Platform

Complete SaaS and AI protection

SaaS & AI Discovery

Uncover shadow SaaS & AI

Configuration Management

Reduce misconfiguration risk

Third-Party Risk

Reduce connected apps risk

Threat Detection

SaaS threat and anomaly detection

Compliance

Audit-ready without manual work

AskOmni

GenAI assistant

Supported Applications

Protect what matters

MANAGED SERVICES

Expert SaaS security without added headcount

AppOmni Scout

SaaS and AI threat hunting service

AppOmni Guard

Expert strategic security for SaaS and AI

COMPANY

Safeguarding your SaaS

About Us

Who we are, learn our mission

Get answers on SaaS & AI security

Careers

Learn about career opportunities at AppOmni

Newsroom

AppOmni in the news

Trust Center

Protecting your data

Events

Meet us in person

Featured Resources

Request a Demo

LEADING SAAS and AI SECURITY RESEARCH

AppOmni Labs

We’re an elite team of SaaS threat researchers dedicated to uncovering and neutralizing vulnerabilities, potential SaaS misconfigurations, exposed attack vectors in SaaS and AI applications. We publish CVEs and remediation guidance to contribute to a more secure world.

The SaaS and AI threat landscape are continuously evolving.

Your security posture today is not tomorrow’s reality. AppOmni Labs is dedicated to uncovering vulnerabilities, potential misconfigurations, and exposed attack vectors in SaaS and AI applications.

Our specialties

Detect emerging threats and flag malicious TTPs

Disclose SaaS vulnerabilities and publish CVEs

Develop defensive mechanisms and tools

Share industry findings in The State of SaaS Security Report

How we do it

Our security researchers surface insights, develop defensive tools, and provide detailed remediation guidance to help organizations secure their environments against evolving and unknown threats.

How AppOmni Labs secures your most critical systems and data

An enterprise’s critical systems and data are the core of operations for customers and employees. AppOmni Labs is built with an offensive research directive to protect SaaS and AI systems, and the data for enterprises and industries.

How the AppOmni SaaS and AI Security Platform Works

AppOmni’s agentless architecture delivers continuous SaaS security monitoring with timely insights and remediation guidelines to help you prevent data breaches. The platform provides a central control point for all managed SaaS applications in your organization.

Latest Resources

Filter by

AO Labs, Blog

EvilToken and Microsoft 365: A Familiar Attack Playbook, Scaled with AI

High-value M365 user orgs targeted by an AI-powered device code phishing campaign. Here’s how the EvilToken attack happened, and what prevention controls to take.
AO Labs

Trivy supply chain breach compromises over 1,000 SaaS environments, Lapsus$ joins the extortion wave

“Repeated compromises of the same vendor in a short period suggest a persistent weakness,” said Cory Michal, CSO at AppOmni.
AO Labs, Blog

Trivy Scanner Compromise Explained and What it Means For Your SaaS and CI/CD Security

The Trivy supply chain compromise gave attackers a way to deliver malicious infostealer code. Learn how it happened and required remediation steps to audit your environment.
AO Labs, Blog

What is the Salesforce GraphQL Exploit and What You Should Do

Salesforce GraphQL exploit exposed misconfigured guest data in Experience Cloud. Learn how it happened and how to prevent exposure.
AO Labs, Blog

BodySnatcher (CVE-2025-12420): A Broken Authentication and Agentic Hijacking Vulnerability in ServiceNow

This blog deeply analyzes the interplay between Virtual Agent API and Now Assist enabled in this exploit.
AO Labs, Blog

When AI Turns on Its Team: Exploiting Agent-to-Agent Discovery via Prompt Injection

Aaron Costello uncovers how second-order prompt injection turns AI agents against their own systems. He explains how attackers exploit ServiceNow’s Now Assist and offers clear guidance on securing AI collaboration.
AO Labs, Blog

Heisenberg: How We Learned to Stop Worrying and Love the SBOM

Turn SBOMs into supply chain defense with Heisenberg, an open source tool developed by Max Feldman and Yevhen Grinman. It stops risky pull requests (PRs) before they merge.
AO Labs, Blog

Detecting ShinyHunters/UNC6040 Vishing Campaigns in Salesforce OAuth Attacks

Spot UNC6040 vishing attacks, secure OAuth apps, boost SaaS security with AppOmni’s Threat Detection.
AO Labs, Blog

Post-Incident CRM Forensics: Why Deploying AppOmni Is a Best Practice

OAuth abuse exposes SaaS data. AppOmni’s threat detection and security posture management shut it down.
AO Labs

Salesforce Industry Clouds: 0-days and Exploitable Misconfigs

AppOmni’s latest research reveals 20+ OmniStudio security flaws, including 5 CVEs affecting Salesforce industry clouds. Learn how misconfigurations expose sensitive data and how to secure your org.
AO Labs, Blog

Low-Code, High Stakes: Why Security Can’t Be an Afterthought for Customers Using Salesforce Industry Clouds

New research reveals critical security flaws in Salesforce industry clouds. Discover the risks and how to protect your organization now.
AO Labs, Blog

OAuth Tokens: The Danger Behind the Commvault Breach

Discover what went wrong in the Commvault breach: How AppOmni’s powerful SaaS security platform steps in to stop threats before they strike.