At Black Hat 2025, LastPass Debuts SaaS Protect to Help Small and Mid-Sized Businesses Stop Employees from Using Unapproved SaaS and AI Apps and Weak Credentials

BOSTON--(BUSINESS WIRE)--LastPass, a global leader in password and identity management trusted by over 100,000 businesses worldwide, today unveiled SaaS Protect at Black Hat 2025. Building on the company’s existing SaaS Monitoring capabilities, SaaS Protect introduces a robust set of policy enforcements that enable organizations to move from passive visibility into proactive access control. With features including customizable SaaS app policies, credential risk detection, and real-time enforcement reporting, SaaS Protect empowers IT and security teams to address Shadow IT and Shadow AI and credential misuse with speed, precision, and confidence.

Building on the company’s existing SaaS Monitoring capabilities, SaaS Protect introduces a robust set of policy enforcements that enable organizations to move from passive visibility into proactive access control.

Share

Business benefits include:

• Real-time SaaS governance: Quickly restrict access to unsanctioned or high-risk SaaS apps and guide user behavior with custom warnings.
• Audit-ready compliance: Generate governance reports with SOC 2 and other compliance frameworks in mind.
• SaaS cost optimization: Identify duplicate or over-licensed apps to help reduce spend and tech sprawl.

SaaS Protect is now available in beta to current LastPass Business and Business Max customers and will be included at no additional cost in the Business Max bundle. The feature is being showcased live at Black Hat 2025, with general availability expected in early Fall.

SaaS Sprawl is putting small and mid-sized businesses at elevated risk

According to Zylo, small and mid-sized businesses now use an average of 275 known SaaS applications, but IT teams oversee just 26% of that spend, with the rest driven by business units and individual employees. In addition, recent studies show organizations may be using 10 times more SaaS apps than they realize, with Shadow IT and Shadow AI tools pushing the actual footprint to hundreds of applications.

This mix of sanctioned and unsanctioned tools creates a sprawling, fragmented attack surface that most smaller organizations lack the resources to monitor or secure. Alarmingly, around 78% of users reuse the same password across multiple accounts, and when those reused or weak credentials tie back to unmanaged apps, credential risk can skyrocket. IT can’t protect what they don’t know exists, leaving sensitive data exposed, compliance at risk, and productivity strained by fragmented access and limited support.

“Small and mid-sized businesses are facing a perfect storm of complexity: unknown risks living within unknown apps and AI services,” said Don MacLennan, Chief Product Officer at LastPass. “We built SaaS Protect to turn that chaos into clarity. It’s designed specifically for resource-constrained businesses that need visibility, policy enforcement, and credential protection without adding operational overhead.”

Transforming visibility to action

Launched in May 2025, LastPass SaaS Monitoring gave organizations and LastPass Partners a consolidated view of application usage and credential hygiene. But visibility alone isn’t enough. With 75% of employees expected to use unauthorized tech by 2027, businesses need a way to intervene quickly and confidently.

That’s where SaaS Protect comes in. Building on the foundation of SaaS Monitoring, SaaS Protect gives businesses the ability to act on how tools are being used, spot risky behavior, and make informed decisions about which apps to allow, restrict, or retire.

All of this happens without disrupting the workforce. No device agents. No heavy deployments. The feature operates via the browser extension on employee devices, with activity data and policy enforcement results populating directly in the admin console.

Democratizing secure access experiences

SaaS Monitoring and SaaS Protect are part of the broader Secure Access Experiences approach from LastPass—an evolving framework that unifies visibility, credential hygiene, and access control into one intuitive experience. It’s built for organizations that need to move fast, stay secure, and manage access based on their own policies—not just passwords.

SaaS Protect will be generally available in late August 2025. Visit LastPass at Black Hat Las Vegas, Booth 5311, August 4–7, to learn more, or sign up for updates here. In addition, passkeys—credential-free authentication that replaces traditional passwords with biometric or device-based login—will also be available for demo at the conference and are slated for general availability in late August following an extended beta period.

About LastPass

LastPass is a leading identity and password manager, making it easier to log in to life and work. Trusted by 100,000 businesses and millions of users, LastPass combines advanced security with effortless access for individuals, families, small business owners, and enterprise professionals. Learn more at www.lastpass.com and follow us on LinkedIn, X, Instagram, and Facebook.