SaaS attacks surge as boards turn to AI for defence
Cyber criminals shifted their focus onto software-as-a-service platforms over the past year, driving a surge in data breaches and forcing boards to reassess the risk profile of cloud applications, according to senior executives at AppOmni.
The company, which specialises in SaaS security, reported a marked increase in attacks exploiting misconfigurations and weak integrations in widely used business applications. It said security concerns around the use of artificial intelligence in corporate systems also moved into the mainstream of boardroom discussion.
Brian Soby, Co-founder and Chief Technology Officer at AppOmni, said SaaS security and worries over the secure use of AI had moved from a niche concern into a priority issue for corporate leaders. He pointed to recent industry breach data that highlighted third-party applications and misconfigured SaaS platforms as a growing source of compromise.
"SaaS security, together with concerns around the secure use of AI moved from a niche security initiative to a boardroom imperative. The 2025 Verizon Data Breach Investigations Report (DBIR) called out a doubling of breaches involving third-party applications stemming from misconfigured SaaS platforms and unauthorized integrations, particularly those exploited by threat actors through scanning and credential stuffing," said Soby, Co-founder and Chief Technology Officer, AppOmni.
Soby said that a wave of cyber incidents during the summer underscored the scale of the problem across global enterprises.
"This summer, a wave of cyberattacks shook the foundation of enterprise operations. More than 700 businesses, including household brands and even cybersecurity companies such as Zscaler and Palo Alto Networks, became targets, not because of weaknesses in their infrastructure but because attackers found a soft spot in their most trusted business systems: SaaS," said Soby.
Law enforcement agencies have also highlighted the trend. Soby cited FBI reporting on coordinated campaigns against customer relationship management systems.
"According to the FBI, the threat group known as UNC6040, linked to the well-known ShinyHunters cybercrime network, launched coordinated attacks against Salesforce and CRM environments using a playbook that's rapidly becoming the norm: social engineering, third-party app abuse and data exfiltration, followed by extortion in some cases. Then, a separate cybercriminal group, UNC6395, used compromised OAuth tokens from the integration between Salesforce and another sales engagement platform, Salesloft Drift, to gain access to Salesforce environments. Once in, they stole confidential business data and credentials for other critical systems," said Soby.
Regulators have started to respond to the shift in attacker behaviour. Soby said government agencies had issued new directives for public sector SaaS environments as adversaries intensified activity across major platforms.
"SaaS is now one of the most actively targeted layers of the enterprise attack surface, and yet, it remains one of the least proactively defended. Adversary activity in SaaS apps prompted the government's watchdog, the Cybersecurity and Infrastructure Security Agency (CISA), to issue a Binding Directive (BOD 25-01) to public sector agencies to secure their critical SaaS environments and urge the private sector to do the same," said Soby.
He added that AppOmni's own research team had observed real-world weaknesses in widely used applications.
"At AppOmni, we see this play out every day. Our SaaS threat research team has published multiple investigations this past year alone, exposing critical misconfigurations and vulnerabilities across major SaaS platforms like Salesforce and ServiceNow. These aren't theoretical risks: they're real-world exposures impacting the biggest brands in the world," said Soby.
AI agents emerge
Alongside the changing threat landscape, security leaders are also assessing the role of AI in monitoring and responding to incidents. AppOmni said AI agents embedded in security operations centres are starting to change how teams run investigations and coordinate responses across different tools.
Melissa Ruzzi, Director of AI at AppOmni, said recent advances in security technologies that draw on AI agents were pushing the industry closer to a more automated model for operations.
"Security technologies leveraging AI agents have the potential to move the industry closer towards security operations autonomy. In fact, we're seeing innovative advancements there, especially in the development of SOC AI agents," said Ruzzi, Director of AI, AppOmni.
She highlighted the Model Context Protocol, an emerging technical standard, as a mechanism that can act as a universal adapter between AI models and external systems.
"To also support the interoperability with tools and other agents, MCP (Model Context Protocol), which acts as a universal adapter, allows AI models to communicate with a wide range of resources without the need for custom integrations. MCP servers can allow several different security tools to be integrated at the AI level, delivering a simpler, deeper and more broad contextualized experience," said Ruzzi.
Ruzzi said large organisations often operate dozens of security products, which complicates incident investigations and threat hunting.
"This is helpful when, for good security coverage, large organizations use upwards of 50+ different specialized security tools on a regular basis. Imagine if they could be integrated for holistic visibility and coordinated security decisions, such that organizations could at once get intel on an incident from all their security tools? That's the future MCP could enable," said Ruzzi.
She warned that AI agents still face challenges when they deal with large and complex data sets.
"But organizations need to look beyond the AI hype of agents to implement the technology in a way that will be truly useful for them. Handling large volumes of complex data still presents a challenge here. Agents are most useful when assigned to perform a targeted task that handles smaller volumes of simpler data," said Ruzzi.
Ruzzi said the value of AI systems depends heavily on the breadth and quality of data that feeds them.
"It's also important to remember that the outcome of AI can also only be as valuable as the comprehensiveness of the data it uses: The richer the data, the smarter the AI. To get data analytics at the full AI potential for scale and depth, organizations need applied AI with deep domain expertise," said Ruzzi.
SaaS defence gap
Looking ahead, Soby said the industry faces a structural challenge as more core business functions run on SaaS platforms that store large volumes of confidential data.
"The single most pressing challenge for the security industry right now is to protect SaaS applications, as the systems housing the majority of confidential data and forming the backbone of most IT environments," said Soby.
He said many organisations still lack basic visibility into their cloud application environments.
"The first action is to recognize that SaaS applications present unique security risks. AppOmni research has found that the majority of organizations do not monitor their SaaS platforms, and do not know they have a security problem," said Soby.
Soby advocated a structured approach that aligns SaaS protection with the familiar Identify, Protect, Detect and Respond model.
"Next, organizations must adopt a comprehensive SaaS security strategy aligned with the Identify, Protect, Detect, and Respond framework:
"Identify involves gaining visibility into all SaaS applications, users, and permissions to uncover misconfigurations and excessive access Protect requires enforcing strong identity security with phishing-resistant MFA, least-privilege access, and secure SaaS configurations to minimize the attack surface vulnerability Detect focuses on continuous monitoring of SaaS logs, behavioral analytics, and anomaly detection to identify threats like session hijacking, unauthorized OAuth grants, and privilege escalation Finally, Respond ensures rapid investigation and automated remediation of SaaS security incidents, leveraging response playbooks and integration with security operations (SOC) workflows.
"By shifting security controls closer to where SaaS attacks occur (at the identity and application layers), organizations can strengthen their defense posture and make it significantly harder for adversaries to succeed," said Soby.
AI seen as essential
Ruzzi said the rising volume and sophistication of attacks will continue to push organisations towards greater use of AI across security operations, particularly in complex SaaS estates.
"2026 will be remembered as the year that the security industry realized that AI is no longer optional; it's the only way to keep pace with the evolving threat landscape. The sheer volume and sophistication of cyber threats, especially in complex SaaS environments, make manual detection and response unsustainable. AI provides the necessary speed, scale, and intelligence to analyze vast amounts of data, identify anomalies, and predict potential attacks. When built with the right domain expertise, AI can provide better visibility and data analytics at a scale and depth that only AI can handle," said Ruzzi.
She said organisations are already looking at AI for tasks that include continuous risk discovery and policy analysis.
"Organisations can leverage the power of AI to improve their SaaS security posture in areas such as continuously uncovering risks, delivering insights on security policies, and guiding step-by-step remediation actions across the most critical SaaS applications. It can also help analyze anomalies and suspicious user behavior and reduce the time security teams spend on data engineering. But in order to gain any real value, organizations must implement AI tools with deep cybersecurity domain expertise and knowledge," said Ruzzi.
