From TBs to Threat Signals: Detecting Malicious Salesforce Access Before Disclosure Using Databricks

AI agents rely on non-human identities (NHIs) to operate across SaaS and cloud environments. While enabling powerful automation, they create blind spots traditional security tools struggle to detect. Enterprises generate TBs of daily data where early signals of unauthorized integrations and compromised applications can go unnoticed.

In this session we’ll share how we built a large-scale behavioral detection engine on Databricks to turn high-volume activity streams into actionable threat signals. Working with Databricks as both our data platform provider and enterprise customer, including the CIO organization, we validated architecture that surfaces anomalous patterns at scale, revealing incidents like malicious Salesforce access before public disclosure. Presented jointly by product and engineering, this talk connects architectural decisions to real-world security outcomes. Attendees will learn how to build scalable behavioral detection systems and translate data into actionable insights.