SaaS security platform Reco has decided to address the “agent sprawl” challenge from the increased adoption of AI-driven tools by enterprises. It argues that enterprises are faced with a security situation as numerous autonomous agents now traverse multiple systems, accessing sensitive data, and executing actions without direct human oversight.
To help contain this risk, the company has made a new capability, “Reco AI Agent Security,” available to its customers starting March 18. The tool is aimed at giving enterprise security teams complete visibility and control over “all AI agents” operating across their SaaS ecosystem. These include Copilot, ChatGPT, and Salesforce Agentforce integrations and automation tools like n8n and Zapier.
“Security teams have spent years getting visibility into their SaaS applications, but AI agents operate differently,” said Ofer Klein, CEO and Co-Founder of Reco. “They act autonomously, make decisions without human intervention, and often have permissions across multiple systems. Traditional SaaS security posture management (SSPM) tools weren’t built to see or control this. We’re solving a new category of risk.”
The offering is designed to solve the dual challenge of “AI sprawl” and “Agent sprawl,” folding AI agent discovery, risk analysis, and governance into Reco’s existing SaaS security platform.
Discovery beyond OAuth
The core of the launch focuses on a shift in how AI agents are identified. Reco told CSO that its approach moves past traditional OAuth-based discovery and into a multi-layered detection model that looks at how systems behave, not just how they’re connected.
“We track third-party OAuth connections and analyze API call patterns that indicate autonomous behavior, like agents making decisions and executing actions without direct user intervention,” he added. “Many AI agents operate under service accounts or shared credentials. We correlate service account activity across applications to identify agent behavior patterns.”
Klein explained that automation tools themselves leave distinct fingerprints. Platforms like n8n, Make, and Zapier exhibit recognizable workflow signatures, which Reco uses to detect and map how these automations interact across systems. “An AI agent accessing 500 Salesforce records per minute looks different from a human user,” he said. Additionally, for native agents like Microsoft Copilot or Salesforce Agentforce, Reco claims to monitor feature enablement, data access patterns, and cross-application activity that traditional SSPM tools categorize as “normal user behavior.”
The offering is positioned around real-world patterns observed by Reco, which include shadow automation with excessive permissions, misconfigured enterprise agents, and even credential exposure in AI workflows. In observed incidents, this ranged from agents with full read/write access to customer PII in Salesforce, financial data in NetSuite, source code in GitHub, to an unnamed agent exfiltrating customer data to a personal Airtable account for 8 months before discovery.
Aiming where traditional SSPM falls short
Reco positions the launch as a break from traditional SSPM, arguing that those tools were never designed for autonomous systems.
“SSPM sees connections. We see behavior,” Klein said. While a typical SSPM might flag a Zapier-Salesforce link as a third-party integration, “We identify that this specific Zapier workflow is an AI agent that runs every 15 minutes, accesses customer payment data, enriches it with external APIs, and writes results to a shared spreadsheet, all without human interventions,” he explained, emphasizing the difference in risk profiles.
Cross-system visibility is another gap cited by Reco. SSPM tools analyze each application in isolation, whereas Reco recognizes that agents span multiple systems and treats them as one autonomous system with compound risk.
These distinctions align with how SSPM tools are generally designed today. Industry definitions describe SSPM as focusing on continuously monitoring SaaS applications for misconfigurations, managing permissions, and identifying risky integrations or compliance gaps.
In practice, that means SSPM is effective at answering what is connected and who has access by inventorying applications, tracking OAuth integrations, and flagging overly permissive settings. Reco draws a line in the behavioral context, arguing SSPM tools are less equipped to analyze how an integration behaves once it is approved, and that is where most of the agent-induced risks lie.
Reco AI Agent Security is available immediately as part of the company’s existing SaaS security platform, with support for previously noted SaaS, automation, and AI tools at launch and additional integrations expected to roll out on a continuous delivery basis.