AppOmni’s Marlin AI Brings Autonomous Investigation to SaaS Security

This is not a problem unique to SaaS security. Security firms, including AppOmni, are turning to AI to improve the efficiency and effectiveness of their service. In December 2023, AppOmni introduced AskOmni, an AI-powered SSPM assistant designed to answer, in natural language, user queries on anything arising from the platform.Marlin AIOn May 26, 2026, AppOmnilaunched Marlin AI, designed to allow as much autonomy in addressing the issues discovered by the platform as possible. AskOmni and Marlin work hand-in-hand. “Marlin investigates and analyzes issues, and does a bunch of things,” explains Ruzzi. “If you have any questions about what it has done, you can just AskOmni.”Marlin examines all the different configurations used by different users across all the SaaS apps used by different companies. Marlin’s context is drawn from the years of SaaS expertise accumulated by AppOmni – so it can automatically detect potentially worrying configuration settings. “Let’s say it finds an unenabled MFA in a configuration,” comments Ruzzi. “That’s a problem in itself. But how dangerous is that problem?”Marlin looks further, because the urgency of the problem depends on other factors. “Have you been doing mass downloads from a weird IP under a weird VPN… So, now you must look into everything else that is happening across the platform.”Normally, all of this work is performed manually by a human analyst, and that takes time. Marlin does it automatically, but it goes further. Users wish to know what to do rather than just be told ‘this missing MFA could lead to a breach’ – Marlin does this; it recommends a course of remedial action.An expanding issue with all new AI solutions is does it, or could it, take the autonomy of fault detection to an autonomy of automatic fault correction. The answer for Marlin is nuanced. Actions inside the AppOmni platform can be automated. It may report a benign issue and effectively provide the user with a button. “You click the button, and ‘boom’, Marlin does everything for you,” explains Ruzzi.But it is different when the required action goes beyond the platform. “Let’s say we find a misconfiguration on your Salesforce,” she continues. “Consider the level of access Marlin would require making changes automatically. That’s a line we don’t cross, because customers are not generally happy to give a third party, us, admin rights to their data.”Could Marlin perform autonomous action? Yes. Does it? No; at least not yet. “We’d love to be able to do it, but customers aren’t ready to accept it – and I don’t see that changing. If it does change, we’re ready, and yes, we’ll do it.”What Marlin does provide, however, is a greater level of information on its investigations. It provides graphs that allow the user to take a deep dive into the data concerned.Related:Shadow AI Risk: How SaaS Apps Are Quietly Enabling Massive BreachesRelated:Reco Raises $30 Million to Enhance AI SaaS SecurityRelated:CSA Unveils SaaS Security Controls Framework to Ease ComplexityRelated:Thousands of SaaS Apps Could Still Be Susceptible to nOAuth

On May 26, 2026, AppOmnilaunched Marlin AI, designed to allow as much autonomy in addressing the issues discovered by the platform as possible. AskOmni and Marlin work hand-in-hand. “Marlin investigates and analyzes issues, and does a bunch of things,” explains Ruzzi. “If you have any questions about what it has done, you can just AskOmni.”Marlin examines all the different configurations used by different users across all the SaaS apps used by different companies. Marlin’s context is drawn from the years of SaaS expertise accumulated by AppOmni – so it can automatically detect potentially worrying configuration settings. “Let’s say it finds an unenabled MFA in a configuration,” comments Ruzzi. “That’s a problem in itself. But how dangerous is that problem?”Marlin looks further, because the urgency of the problem depends on other factors. “Have you been doing mass downloads from a weird IP under a weird VPN… So, now you must look into everything else that is happening across the platform.”Normally, all of this work is performed manually by a human analyst, and that takes time. Marlin does it automatically, but it goes further. Users wish to know what to do rather than just be told ‘this missing MFA could lead to a breach’ – Marlin does this; it recommends a course of remedial action.An expanding issue with all new AI solutions is does it, or could it, take the autonomy of fault detection to an autonomy of automatic fault correction. The answer for Marlin is nuanced. Actions inside the AppOmni platform can be automated. It may report a benign issue and effectively provide the user with a button. “You click the button, and ‘boom’, Marlin does everything for you,” explains Ruzzi.But it is different when the required action goes beyond the platform. “Let’s say we find a misconfiguration on your Salesforce,” she continues. “Consider the level of access Marlin would require making changes automatically. That’s a line we don’t cross, because customers are not generally happy to give a third party, us, admin rights to their data.”Could Marlin perform autonomous action? Yes. Does it? No; at least not yet. “We’d love to be able to do it, but customers aren’t ready to accept it – and I don’t see that changing. If it does change, we’re ready, and yes, we’ll do it.”What Marlin does provide, however, is a greater level of information on its investigations. It provides graphs that allow the user to take a deep dive into the data concerned.Related:Shadow AI Risk: How SaaS Apps Are Quietly Enabling Massive BreachesRelated:Reco Raises $30 Million to Enhance AI SaaS SecurityRelated:CSA Unveils SaaS Security Controls Framework to Ease ComplexityRelated:Thousands of SaaS Apps Could Still Be Susceptible to nOAuth

Marlin examines all the different configurations used by different users across all the SaaS apps used by different companies. Marlin’s context is drawn from the years of SaaS expertise accumulated by AppOmni – so it can automatically detect potentially worrying configuration settings. “Let’s say it finds an unenabled MFA in a configuration,” comments Ruzzi. “That’s a problem in itself. But how dangerous is that problem?”Marlin looks further, because the urgency of the problem depends on other factors. “Have you been doing mass downloads from a weird IP under a weird VPN… So, now you must look into everything else that is happening across the platform.”Normally, all of this work is performed manually by a human analyst, and that takes time. Marlin does it automatically, but it goes further. Users wish to know what to do rather than just be told ‘this missing MFA could lead to a breach’ – Marlin does this; it recommends a course of remedial action.An expanding issue with all new AI solutions is does it, or could it, take the autonomy of fault detection to an autonomy of automatic fault correction. The answer for Marlin is nuanced. Actions inside the AppOmni platform can be automated. It may report a benign issue and effectively provide the user with a button. “You click the button, and ‘boom’, Marlin does everything for you,” explains Ruzzi.But it is different when the required action goes beyond the platform. “Let’s say we find a misconfiguration on your Salesforce,” she continues. “Consider the level of access Marlin would require making changes automatically. That’s a line we don’t cross, because customers are not generally happy to give a third party, us, admin rights to their data.”Could Marlin perform autonomous action? Yes. Does it? No; at least not yet. “We’d love to be able to do it, but customers aren’t ready to accept it – and I don’t see that changing. If it does change, we’re ready, and yes, we’ll do it.”What Marlin does provide, however, is a greater level of information on its investigations. It provides graphs that allow the user to take a deep dive into the data concerned.Related:Shadow AI Risk: How SaaS Apps Are Quietly Enabling Massive BreachesRelated:Reco Raises $30 Million to Enhance AI SaaS SecurityRelated:CSA Unveils SaaS Security Controls Framework to Ease ComplexityRelated:Thousands of SaaS Apps Could Still Be Susceptible to nOAuth

Marlin looks further, because the urgency of the problem depends on other factors. “Have you been doing mass downloads from a weird IP under a weird VPN… So, now you must look into everything else that is happening across the platform.”Normally, all of this work is performed manually by a human analyst, and that takes time. Marlin does it automatically, but it goes further. Users wish to know what to do rather than just be told ‘this missing MFA could lead to a breach’ – Marlin does this; it recommends a course of remedial action.An expanding issue with all new AI solutions is does it, or could it, take the autonomy of fault detection to an autonomy of automatic fault correction. The answer for Marlin is nuanced. Actions inside the AppOmni platform can be automated. It may report a benign issue and effectively provide the user with a button. “You click the button, and ‘boom’, Marlin does everything for you,” explains Ruzzi.But it is different when the required action goes beyond the platform. “Let’s say we find a misconfiguration on your Salesforce,” she continues. “Consider the level of access Marlin would require making changes automatically. That’s a line we don’t cross, because customers are not generally happy to give a third party, us, admin rights to their data.”Could Marlin perform autonomous action? Yes. Does it? No; at least not yet. “We’d love to be able to do it, but customers aren’t ready to accept it – and I don’t see that changing. If it does change, we’re ready, and yes, we’ll do it.”What Marlin does provide, however, is a greater level of information on its investigations. It provides graphs that allow the user to take a deep dive into the data concerned.Related:Shadow AI Risk: How SaaS Apps Are Quietly Enabling Massive BreachesRelated:Reco Raises $30 Million to Enhance AI SaaS SecurityRelated:CSA Unveils SaaS Security Controls Framework to Ease ComplexityRelated:Thousands of SaaS Apps Could Still Be Susceptible to nOAuth

Normally, all of this work is performed manually by a human analyst, and that takes time. Marlin does it automatically, but it goes further. Users wish to know what to do rather than just be told ‘this missing MFA could lead to a breach’ – Marlin does this; it recommends a course of remedial action.An expanding issue with all new AI solutions is does it, or could it, take the autonomy of fault detection to an autonomy of automatic fault correction. The answer for Marlin is nuanced. Actions inside the AppOmni platform can be automated. It may report a benign issue and effectively provide the user with a button. “You click the button, and ‘boom’, Marlin does everything for you,” explains Ruzzi.But it is different when the required action goes beyond the platform. “Let’s say we find a misconfiguration on your Salesforce,” she continues. “Consider the level of access Marlin would require making changes automatically. That’s a line we don’t cross, because customers are not generally happy to give a third party, us, admin rights to their data.”Could Marlin perform autonomous action? Yes. Does it? No; at least not yet. “We’d love to be able to do it, but customers aren’t ready to accept it – and I don’t see that changing. If it does change, we’re ready, and yes, we’ll do it.”What Marlin does provide, however, is a greater level of information on its investigations. It provides graphs that allow the user to take a deep dive into the data concerned.Related:Shadow AI Risk: How SaaS Apps Are Quietly Enabling Massive BreachesRelated:Reco Raises $30 Million to Enhance AI SaaS SecurityRelated:CSA Unveils SaaS Security Controls Framework to Ease ComplexityRelated:Thousands of SaaS Apps Could Still Be Susceptible to nOAuth

An expanding issue with all new AI solutions is does it, or could it, take the autonomy of fault detection to an autonomy of automatic fault correction. The answer for Marlin is nuanced. Actions inside the AppOmni platform can be automated. It may report a benign issue and effectively provide the user with a button. “You click the button, and ‘boom’, Marlin does everything for you,” explains Ruzzi.But it is different when the required action goes beyond the platform. “Let’s say we find a misconfiguration on your Salesforce,” she continues. “Consider the level of access Marlin would require making changes automatically. That’s a line we don’t cross, because customers are not generally happy to give a third party, us, admin rights to their data.”Could Marlin perform autonomous action? Yes. Does it? No; at least not yet. “We’d love to be able to do it, but customers aren’t ready to accept it – and I don’t see that changing. If it does change, we’re ready, and yes, we’ll do it.”What Marlin does provide, however, is a greater level of information on its investigations. It provides graphs that allow the user to take a deep dive into the data concerned.Related:Shadow AI Risk: How SaaS Apps Are Quietly Enabling Massive BreachesRelated:Reco Raises $30 Million to Enhance AI SaaS SecurityRelated:CSA Unveils SaaS Security Controls Framework to Ease ComplexityRelated:Thousands of SaaS Apps Could Still Be Susceptible to nOAuth

But it is different when the required action goes beyond the platform. “Let’s say we find a misconfiguration on your Salesforce,” she continues. “Consider the level of access Marlin would require making changes automatically. That’s a line we don’t cross, because customers are not generally happy to give a third party, us, admin rights to their data.”Could Marlin perform autonomous action? Yes. Does it? No; at least not yet. “We’d love to be able to do it, but customers aren’t ready to accept it – and I don’t see that changing. If it does change, we’re ready, and yes, we’ll do it.”What Marlin does provide, however, is a greater level of information on its investigations. It provides graphs that allow the user to take a deep dive into the data concerned.Related:Shadow AI Risk: How SaaS Apps Are Quietly Enabling Massive BreachesRelated:Reco Raises $30 Million to Enhance AI SaaS SecurityRelated:CSA Unveils SaaS Security Controls Framework to Ease ComplexityRelated:Thousands of SaaS Apps Could Still Be Susceptible to nOAuth

Could Marlin perform autonomous action? Yes. Does it? No; at least not yet. “We’d love to be able to do it, but customers aren’t ready to accept it – and I don’t see that changing. If it does change, we’re ready, and yes, we’ll do it.”What Marlin does provide, however, is a greater level of information on its investigations. It provides graphs that allow the user to take a deep dive into the data concerned.Related:Shadow AI Risk: How SaaS Apps Are Quietly Enabling Massive BreachesRelated:Reco Raises $30 Million to Enhance AI SaaS SecurityRelated:CSA Unveils SaaS Security Controls Framework to Ease ComplexityRelated:Thousands of SaaS Apps Could Still Be Susceptible to nOAuth

What Marlin does provide, however, is a greater level of information on its investigations. It provides graphs that allow the user to take a deep dive into the data concerned.Related:Shadow AI Risk: How SaaS Apps Are Quietly Enabling Massive BreachesRelated:Reco Raises $30 Million to Enhance AI SaaS SecurityRelated:CSA Unveils SaaS Security Controls Framework to Ease ComplexityRelated:Thousands of SaaS Apps Could Still Be Susceptible to nOAuth

Related:Shadow AI Risk: How SaaS Apps Are Quietly Enabling Massive BreachesRelated:Reco Raises $30 Million to Enhance AI SaaS SecurityRelated:CSA Unveils SaaS Security Controls Framework to Ease ComplexityRelated:Thousands of SaaS Apps Could Still Be Susceptible to nOAuth

Source: SecurityWeek