ACCORDING to Grip Security, a new report analysing 23,000 SaaS application environments found that 100% of them operate SaaS environments with embedded AI, with a year-over-year 490% rise in public SaaS attacks and 80% of documented incidents involving PII or customer data. The report highlights that organizations, on average, run 140 AI-enabled SaaS environments, and risks compound when an AI-enabled app is breached, as agentic AI can be used to access data and cascade into other environments.
The piece cites the Salesloft Drift incident, dubbed the “Great SaaS Breach of 2025,” which affected more than 700 organisations, including Cloudflare, Palo Alto Networks, Zscaler and CyberArk, after attackers compromised Salesloft’s internal systems and moved from GitHub repositories into the Drift AWS environment.
Armed with legitimate OAuth tokens, the attackers could impersonate Drift and log into Salesforce installations in companies using the Drift chatbot, enabling data access across connected apps such as Slack. The article argues that identity—specifically valid OAuth tokens—has become the new perimeter as organisations extend beyond traditional perimeters.
It also warns that 2026 could be the worst year yet for SaaS breaches as autonomous workflows outpace security controls, and calls for greater visibility and continuous governance of shadow AI.