Obsidian Security's SaaS Pre-Exfiltration Threat Detection is a solution focused on identifying and stopping threats within SaaS environments before data exfiltration occurs. The platform detects attack vectors such as Self-Service Password Reset (SSPR) abuse, SIM swapping, and helpdesk social engineering. It uses ML-based algorithms to identify anomalous user behavior and provides out-of-the-box detection rules mapped to the MITRE ATT&CK framework, informed by incident response engagements. Detection rules are customizable to accommodate specific organizational environments. Alerts include contextual details such as user role, privilege level, location, and behavioral patterns to support rapid triage. The platform baselines user behavior trends to assist analysts in distinguishing normal from suspicious activity. Investigation is supported through searchable SaaS logs, and remediation guidance is provided with each alert. The solution integrates with SIEM and SOAR platforms to support automated incident response workflows. Ongoing threat detection improvements are derived from insights gathered across hundreds of IR engagements and deployments. The platform also provides visibility into high-risk users and applications across the SaaS environment. Related use cases offered by Obsidian Security include SaaS token compromise detection (focused on Adversary-in-The-Middle attacks) and SaaS spear phishing prevention.