Grip Security, the leader in SaaS identity risk management, today released its research report, “2025 SaaS Security Risks.” The report reveals that traditional security measures are no longer sufficient to address the growing risks from unmanaged SaaS applications and user accounts. Alarmingly, 90% of SaaS applications and 91% of AI tools within organizations remain unmanaged, underscoring a widespread vulnerability that continues to grow.
Also Read: CIO Influence Interview with Amer Deeba, CEO and Co-founder of Normalyze
As SaaS reliance expands, Grip’s research highlights the limitations of traditional security strategies in combating the “SaaS risk creep” – the gradual increase of vulnerabilities from unmanaged applications and their associated accounts. Key findings from the report include:
- The number of SaaS applications used in an enterprise increased by 40% over the last two years
- SaaS applications per employee have steadily risen, marking an 85% increase in number of accounts per user
- 73% of provisioned users never use their SaaS application license
- ChatGPT was found in 96% of analyzed organizations, and usage has increased 24x since its launch
- 42% of popular AI applications have SAML capabilities, but 80% of these apps are not managed and federated with the SAML protocol
“The sheer volume of unmanaged SaaS apps and AI tools we found in organizations shows the large gap between perceived and actual security,” said Lior Yaari, co-founder and CEO of Grip Security. “Businesses need real-time visibility into these applications and a risk governance program to manage their risks to stay ahead of the curve.”
The Growing Challenges of Shadow SaaS
A major concern highlighted in the report is the rise of Shadow SaaS and Shadow AI—applications used without IT’s visibility or control. These applications put organizations at risk of data breaches, non-compliance issues, operational inefficiencies and confidential information leaks. As Gartner projects that by 2027, 75% of employees will use technologies outside IT’s oversight, organizations must rethink their SaaS security strategies to address the growing risk of unmanaged applications.
Despite billions spent on addressing SaaS-related risks, existing security solutions like CASBs have proven inadequate. These tools fail to keep up with the complexities of modern SaaS environments, generating excessive data noise and false positives that hinder security teams from focusing on real threats.
“As SaaS continues to grow, businesses can’t afford to rely on outdated tools. A holistic, identity-driven approach is now critical to ensure SaaS security and risk management,” added Yaari. “The consequences of inaction are too severe—it’s time for enterprises to address this risk proactively and rethink their security strategies to match the speed of SaaS adoption.”
Also Read: Lenovo Introduces Tailored Partner Journeys with Lenovo 360 to Meet Evolving Needs of the Channel
Need for a New Approach
Today’s SaaS-reliant organizations urgently need to move beyond traditional security tools. As highlighted by industry experts, business-led IT is driving much of this growth. As a result, responsibility for managing SaaS risks can no longer fall solely on IT and security teams—it requires collaboration across departments, including business app owners and end users, to effectively manage SaaS risks at scale. A flexible, identity-centric approach that empowers employees while controlling risk is the only way forward in this evolving landscape.
Without this shift, organizations will remain vulnerable to security breaches. High-profile incidents like those at Snowflake and Microsoft demonstrate the dangers of unmanaged SaaS environments, Shadow SaaS and dangling access. Companies that proactively adjust to these evolving SaaS trends will be better equipped to protect sensitive data, ensure compliance, optimize financial resources and foster innovation while minimizing associated risks.
Methodology
The findings from Grip’s SaaS Security Risks report are based on anonymized data from Grip SaaS Security Control Plane (SSCP) solution. This includes insights from over 29 million SaaS user accounts, 1.7 million identities and 23,987 SaaS applications posing potential risk.
To get additional insights on 2025 SaaS and AI tool security risks, download Grip Security’s full report.
[To share your insights with us as part of editorial or sponsored content, please write to psen@itechseries.com]
