Beatriz Albernaz

Beatriz Albernaz

Head of Growth @ Faultline security

Badges

Tastemaker
Tastemaker
Gone streaking
Gone streaking

Maker History

  • Faultline Security
    Faultline SecurityPenetration testing & AI Red Teaming for SaaS companies
    Jun 2026
  • 🎉
    Joined Product HuntApril 17th, 2026

Forums

Orphaned AI agents: the SaaS AI agent security risk nobody tests for

When a developer leaves your SaaS company, you revoke their Okta access, disable their GitHub account, and rotate API keys. But what happens to the AI agent they built last month, the one that still has standing access to your production customer database?

We've spent the past six months testing AI implementations for European B2B SaaS companies, and we keep seeing a pattern that should concern every technical founder: orphaned AI agents create persistent access paths that traditional security audits miss. This is not theoretical. We found production agents with full database access whose creators had left the company four to six months earlier.

Securing these systems takes a different approach than securing traditional software. AI agents don't just run code. They make autonomous decisions about what data to access and when.

The identity problem: AI agents don't show up in your IAM audit
Your identity and access management system knows about human users and service accounts. But does it know about the LangChain agent your backend engineer spun up to automate customer support ticket classification?

Faultline Security: We test your SaaS for security holes including your AI features

Hey PH I'm Beatriz, co-founder of Faultline Security
We do penetration testing for startups and SaaS companies. Seed to Series B, mostly B2B, mostly teams that don't have a dedicated security person yet.

The short version: we charge EUR 3,000, turn around reports in under two weeks, and the report is structured so your engineers can fix it and your auditor can sign off on it. Most pentest firms charge EUR 15,000 40,000 and take six weeks. We built for a different kind of company.

Why we started this

A founder we know lost a Series A because when the lead investor asked for a pentest report, he didn't have one. Not a security failure. A paperwork failure. He'd built something real, had paying customers, good metrics. But no report. The round didn't close.

1mo ago

What are you building? Drop your AI product below

Doing one of these because I get more from reading what others are building than from any newsletter.

I'll start.

View more