Shadow AI-Driven SaaS Apps: Uncovering the Silent Threat to Massive Data Breaches

Post Views: 5

Shadow AI Exposes Organizations to Massive Breaches

A recent report from Grip Security analyzed 23,000 SaaS application environments, revealing alarming statistics that highlight the risks associated with Shadow AI. The study found that 100% of analyzed companies operate SaaS environments with embedded AI, and there has been a 490% year-over-year spike in public SaaS attacks. Moreover, 80% of documented incidents involve personally identifiable information (PII) and/or customer data.

Surprising Findings

The report’s findings were surprising, even to the researchers.

“What really surprised me,” said Chad Holmes, product marketing consultant at Grip Security, “is that organizations have an average of 140 AI-enabled SaaS environments.”

This widespread adoption of AI-enabled SaaS apps creates a significant risk, as a breach in one app can cascade into other environments within the organization, and potentially beyond.

The 2025 Salesloft Drift Incident

The 2025 Salesloft Drift incident, also known as the “Great SaaS Breach of 2025,” is a prime example of this cascading chaos. The UNC6395 attackers compromised Salesloft’s internal systems, starting with their GitHub repositories, and then moved into the Drift AWS environment. From there, they stole active OAuth and refresh tokens used by customers to connect the Drift Chatbot to local installations of Salesforce and other apps, such as Slack. Armed with these legitimate pre-approved OAuth tokens, the attackers were able to impersonate Drift and log directly into Salesforce installations in companies that also used the Drift chatbot. This single breach ultimately affected over 700 organizations, including security firms Cloudflare, Palo Alto Networks, Zscaler, and CyberArk.

Risks and Recommendations

The report warns that the increased adoption of AI-enabled SaaS apps and the lack of visibility into these environments create a perfect storm for attackers.

“One thing we’re seeing is that, as we’ve moved outside the traditional perimeter, outside firewalls and network-level protections, identity is the new perimeter,” Holmes noted. “The focus is on identity, and if we have that identity, we can log into any environment anywhere.”

In the context of SaaS AI attacks, the key “identity” is a valid OAuth token.

The rapid inclusion of agentic AI in SaaS apps, driven by the need for speed in business, often occurs without proper oversight from IT and security departments. This “shadow AI” can be installed without the customer’s knowledge, and the customer may unwittingly grant OAuth tokens to these apps without considering the broader implications. The complexity of SaaS environments, combined with the lack of visibility into shadow AI, makes it challenging for organizations to detect and respond to these threats.

The report emphasizes that AI is not a future risk, but a present-day reality that requires immediate attention.

“AI is not just an IT problem,” the report states. “It is now one of the most influential forces shaping how modern businesses operate and take on risk.”

The report predicts that 2026 may be the worst year yet for SaaS breaches, with the increased blast radius potentially expanding further as autonomous workflows outpace existing security controls.

To mitigate these risks, the report recommends increased visibility into SaaS shadow AI, as well as more dynamic governance.

“Leaders who succeed replace static approvals with continuous oversight, discovery, and risk-based controls,” the report advises. “AI becomes a managed third-party risk, monitored continuously, aligned to business outcomes, and governed with the same rigor as any critical supplier.”