We’ve got our A-Eye on you: LastPass targets employees’ unauthorized AI tool use

LastPass is expanding beyond password management into SaaS application monitoring, directly targeting the growing challenge of shadow IT and unauthorized AI tool usage in small and mid-sized businesses. By leveraging its existing browser extension infrastructure, LastPass aims to democratize SaaS monitoring technology previously available only to large enterprises with substantial security budgets. This move represents a strategic pivot to help organizations gain visibility into which cloud services their employees are using—particularly as AI adoption accelerates in workplace settings.

The big picture: LastPass has announced a new SaaS monitoring capability specifically designed for small to midsize enterprises struggling to track employee usage of unauthorized cloud applications and AI tools.

• The solution targets “shadow SaaS”—an umbrella term that encompasses both traditional shadow IT and the newer phenomenon of shadow AI, where employees adopt AI tools without company approval.
• By repurposing its browser extension that’s already well-positioned to observe web traffic, LastPass is entering the SaaS Identity and Access Management (IAM) market with a solution tailored for companies that can’t afford enterprise-grade alternatives.

Pricing details: The new capability comes as part of LastPass’s Business Max tier, priced at $9 per user per month—a $2 premium over its standard Business Edition tier.

• The price point positions LastPass as an affordable alternative to more complex SaaS monitoring solutions typically marketed to larger enterprises.

What they’re saying: LastPass chief product officer Don MacLennan acknowledges that SaaS monitoring technology itself isn’t new, but argues it has previously been inaccessible to mid-market companies.

• “Detecting which employees are accessing which applications is actually a solved problem,” MacLennan told ZDNET. “Except that it’s solved by really expensive and really complex technologies that a large enterprise would use, but that a mid-size enterprise can’t afford.”

Market positioning: LastPass is targeting organizations with employee counts ranging from 20 to several thousand—companies large enough to need SaaS management but too small to implement enterprise-scale solutions.

• According to MacLennan, the proliferation of SaaS applications across these organizations is precisely why they need robust password management and now, SaaS monitoring capabilities.