Securing SaaS In The Age Of AI: What CISOs Need To Know
Galit Lubetzky Sharon was Head of the Stategic Center of the IDF's Cyber Defense Division and is now the Co-Founder & CEO of Wing Security.
AI is everywhere. It's driving productivity, accelerating workflows and powering SaaS for every department. But while AI tools are making life easier for teams, they are also creating new opportunities for cybersecurity attacks. The unpleasant truth is that the security implications of AI are growing fast.
CISOs and security teams need to understand where these risks are emerging and get ahead of them fast.
Shadow AI is the new shadow IT.
AI-powered apps are entering your SaaS stack often without approval from your security team. Tools that seem harmless, such as writing assistants, meeting notetakers or document summarizers, can plug directly into your SaaS environment and access sensitive data.
Some of these tools request broad access to emails, file storage or chat platforms. Others quietly collect user inputs. If they are operating outside of monitored processes, they increase your organization's exposure, and you won't even know about it. Make sure you know if the apps in your stack utilize AI and understand the potential risks of that exposure.
AI integrations can go from access to exploitation.
AI tools often require deep access to functions, including admin-level permissions, API keys or OAuth tokens.
Once granted, this access is hard to track and even harder to revoke. If a connected AI tool is compromised, the attacker also inherits its permissions. A single compromised integration can become a foothold into your SaaS ecosystem and allow attackers to move laterally from there. This is why it's so important to be aware of the permissions granted to AI apps and monitor to ensure those permissions are removed when no longer needed.
Weak privacy laws create long-term exposure.
AI privacy regulations are still evolving in many regions. As a result, vendors have broad leeway in how they collect, process and store your company's data.
Without strong legal protections or vendor transparency, sensitive internal information shared with AI tools can end up being stored, reused or even incorporated into the training datasets of your competitors. This means your product road map, brand terminology or financial models could become part of someone else's model training process. It's important to assess the data policy of your AI vendor to make sure it aligns with your company policy.
AI is helping attackers move faster.
On top of the risks discussed above, attackers are also using AI to scale and enhance their attacks. From tailored phishing emails to automating credential stuffing across multiple platforms, AI has lowered the barrier for launching large-scale identity-based attacks and increased their success rate.
These attacks are more efficient, are harder to detect and often mimic legitimate activity with alarming accuracy. What used to be one-off attacks can now be executed at scale with minimal effort. So, the same way that AI is accelerating your work, it is accelerating breaches. There is no time to wait for an airtight security policy around AI. The time to implement strategies and tools is now.
Can you have safe AI in your organization?
AI adoption is not slowing down, and simply avoiding AI is not realistic and not the goal. What you can do is focus on visibility, control and consistent enforcement.
You can only secure what you can see. Identify all AI-powered tools in use across your organization, including embedded features and third-party integrations. A strong SaaS security posture management (SSPM) solution can help uncover what might otherwise go undetected.
AI tools often request more access than they actually need to serve their intended purpose. Review access scopes closely and apply least privilege policies. Pay attention to any tool requesting access to documents, calendars, messaging platforms or admin-level functions. When in doubt, reject.
Most employees want to do the right thing but might not understand the risks. Provide practical, easy-to-follow guidelines and provide training. Do not assume that employees are reading memos or organization-wide emails.
Any tool that processes your company's data is a vendor and should be vetted accordingly. This means conducting risk assessments, reviewing how data is handled and requiring security controls and adherence to compliance standards.
Achieve a safe AI reality.
With AI, the risks are getting more complex, but SaaS security can still be controlled.
My advice is not to fear AI, but to approach it with a clear strategy. By understanding the risks, establishing clear policies and implementing the right tools, you can enable productivity and innovation without compromising on your security.
The threat landscape is changing. Is your SaaS security agile enough to change with it?
Forbes Technology Council is an invitation-only community for world-class CIOs, CTOs and technology executives. Do I qualify?
Hashtags
Try Our AI Features
Explore what Daily8 AI can do for you:
Comments
No comments yet...
Related Articles
Yahoo
21 minutes ago
- Yahoo
3 Reasons IonQ Could Be a Millionaire-Maker Quantum Computing Stock
The quantum-computing startup has market-leading products. IonQ boasts several key partnerships in the industry. The nascent market could be massive a decade from now. 10 stocks we like better than IonQ › In the fledgling field of quantum computing, IonQ (NYSE: IONQ) has emerged as one of the leading start-up investment options. It holds key contracts with top players in the quantum computing field, like the Air Force Research Lab, and offers top-notch technology. Although it's far from a surefire bet, is this quantum computing start-up the best chance at transforming a meager investment into $1 million? After all, quantum computing has the potential to transform high-powered computing. Let's take a closer look. Quantum computing can potentially be an absolute game changer in the high-powered computing world. It lets users tackle problems they've never been able to fully model before (like weather patterns and logistics networks), but it also could have massive implications for artificial intelligence (AI). Quantum computing could deliver huge value for whichever company can win the quantum computing arms race, but each competitor must solve a key problem first: errors. Unlike traditional computing, quantum computing doesn't have a clear black-and-white answer. While traditional computers use bits to transmit information, which can only be in the form of a 0 or a 1, quantum computing uses qubits. While qubits collapse down to a 0 or a 1 when measured, they can exist in a state between 0 and 1 during the calculation process. This opens up many possibilities within a calculation, which is why quantum computers could perform better at workloads with thousands of possibilities. The best way most companies have found to deal with this error issue is to let the qubits interact with each other to reduce errors. While many competitors have placed their qubits in a grid-like system to let the qubits interact with their neighbors, IonQ has taken it a step further. They use all-to-all connectivity, which lets every qubit interact with every other qubit. This leads to unparalleled 2-qubit gate fidelity, and IonQ's process already has greater than 99.9% fidelity. This shows that IonQ has already made a fantastic start on the most critical problem with quantum computing, which is why it has several key partnerships. IonQ holds one of the largest contracts in quantum computing with the U.S. Air Force Research Lab, a facility known for testing cutting-edge technologies. This indicates that quantum computing is not just a future technology; it can be used in its current state. To further support this option, IonQ hardware is available for use on the three major cloud computing providers: Microsoft Azure, Alphabet's Google Cloud, and Amazon Web Services. With IonQ's hardware becoming more widely available, it's making key progress in this race. If it can differentiate itself from its competitors and start to capture a customer base, it could create a foothold that would be hard to disrupt. To circle back to the original question, can IonQ be a millionaire-maker stock? I'm not sure. There's a huge market for quantum computing in the future, but it's not that large right now. IonQ estimates that the market opportunity will reach $87 billion by 2035, but it's unlikely that one company will capture that complete market share. Even if IonQ captures 50% of it and generates around $40 billion in annual revenue, that's still less than another key quantum computing competitor, IBM. IBM is about a $270 billion company -- about 27 times the size of IonQ. So, can IonQ transform $10,000 into $1 million? Likely not. But can IonQ deliver strong stock performance if it wins the quantum computing arms race? Absolutely. However, this is far from a surefire bet, as the field is ripe with potent competition, and IonQ still has years to go before proving commercial relevancy. Before you buy stock in IonQ, consider this: The Motley Fool Stock Advisor analyst team just identified what they believe are the for investors to buy now… and IonQ wasn't one of them. The 10 stocks that made the cut could produce monster returns in the coming years. Consider when Netflix made this list on December 17, 2004... if you invested $1,000 at the time of our recommendation, you'd have $713,547!* Or when Nvidia made this list on April 15, 2005... if you invested $1,000 at the time of our recommendation, you'd have $966,931!* Now, it's worth noting Stock Advisor's total average return is 1,062% — a market-crushing outperformance compared to 177% for the S&P 500. Don't miss out on the latest top 10 list, available when you join . See the 10 stocks » *Stock Advisor returns as of June 23, 2025 John Mackey, former CEO of Whole Foods Market, an Amazon subsidiary, is a member of The Motley Fool's board of directors. Suzanne Frey, an executive at Alphabet, is a member of The Motley Fool's board of directors. Keithen Drury has positions in Alphabet and Amazon. The Motley Fool has positions in and recommends Alphabet, Amazon, International Business Machines, and Microsoft. The Motley Fool recommends the following options: long January 2026 $395 calls on Microsoft and short January 2026 $405 calls on Microsoft. The Motley Fool has a disclosure policy. 3 Reasons IonQ Could Be a Millionaire-Maker Quantum Computing Stock was originally published by The Motley Fool Error in retrieving data Sign in to access your portfolio Error in retrieving data Error in retrieving data Error in retrieving data Error in retrieving data
Yahoo
21 minutes ago
- Yahoo
Borouge Partners with Honeywell to Develop Autonomous Operations in UAE
This article was first published on Rigzone here Abu Dhabi-based petrochemicals company Borouge PLC has partnered with Honeywell to conduct a proof of concept for AI-powered autonomous operations. The company said in a media release that this collaboration has the potential to revolutionize its UAE plant operations. The collaboration between Borouge and Honeywell is set to deliver the petrochemical industry's first AI-driven control room designed for full-scale, real-time operation, establishing a new standard for the future of AI in petrochemicals, Borouge said. 'Borouge's AI, Digitalization, and Technology (AIDT) transformation program is setting new standards in operations, innovation, and business performance. By collaborating with global AI leaders such as Honeywell, we are accelerating growth, driving efficiency, and enhancing shareholder value. This project further strengthens Borouge's competitive edge as we continue to deliver on our ambitious AIDT roadmap,' Hazeem Sultan Al Suwaidi, Chief Executive Officer of Borouge, said. The companies agreed to bring their expertise in process technology and autonomous control capabilities to identify new opportunities to deploy Agentic AI solutions and advanced machine learning algorithms, Borouge said. Take control of your THOUSANDS of Oil & Gas jobs on Search Now >> 'Our collaboration with Borouge is a clear example of how joint efforts can accelerate innovation across industry. By integrating AI and automation technologies into core operations, we are helping unlock new levels of efficiency, safety, and performance. This agreement shows how advanced technologies, applied with purpose, can reshape industrial operations at scale', George Bou Mitri, President of Honeywell Industrial Automation in the Middle East, Turkey, Africa and Central Asia, said. Borogue said the initiative seeks to implement proof-of-concept technologies that will improve its operations across its Ruwais facilities in the UAE. By embracing autonomous operations, Borouge said it can optimize production, cut energy consumption, and boost safety, all while driving down costs, at what will be the world's largest petrochemical site. Borouge expects its AIDT program to bring in $575 million in value this year. In 2024, Borouge's diverse portfolio of over 200 AIDT initiatives - spanning operations, health and safety, sales, sustainability, and product innovation - generated $573 million in value, the company said. To contact the author, email More From The Leading Energy Platform: Thailand's PTT Signs Cooperation Agreement with Glenfarne Alaska LNG USA Crude Oil Inventories Drop by Almost 6 Million Barrels WoW Chevron Field in Israel Allowed to Resume Production EIA Fuel Update Shows Increasing USA Gasoline Price >> Find the latest oil and gas jobs on <<
Yahoo
29 minutes ago
- Yahoo
Microsoft Will Delete Your Passwords in One Month: Do This ASAP
Passwords are a thing of the past for Microsoft Authenticator. Starting in August, Microsoft will require you to use passkeys instead of keeping all of your Microsoft passwords on its mobile app, and your old passwords will vanish. But that's not bad news. Passkeys can cut out risky password habits that 49% of US adults have, according to a recent survey by CNET. Making it a practice to use the same password for multiple accounts or to include personal hints, like your birthday, can be risky. It could be an easy giveaway for hackers to guess, which can lead to identity theft and fraud. Here's what you need to know about Microsoft's timeline for the switch and how to set up passkeys for your Microsoft accounts before it's too late. Microsoft Authenticator houses your passwords and lets you sign into all of your Microsoft accounts using a PIN, facial recognition such as Windows Hello, or other biometric data, like a fingerprint. Authenticator can be used in other ways, such as verifying you're logging in if you forgot your password, or using two-factor authentication as an extra layer of security for your Microsoft June, Microsoft stopped letting users add passwords to Authenticator, but here's a timeline of other changes you can expect, according to Microsoft. July 2025: You won't be able to use the autofill password function. August 2025: You'll no longer be able to use saved passwords. If you still want to use passwords instead of passkeys, you can store them in Microsoft Edge. However, CNET experts recommend adopting passkeys during this transition. "Passkeys use public key cryptography to authenticate users, rather than relying on users themselves creating their own (often weak or reused) passwords to access their online accounts," said Attila Tomaschek, CNET software senior writer and digital security expert. So what exactly is a passkey? It's a credential created by the Fast Identity Online Alliance that uses biometric data or a PIN to verify your identity and access your account. Think about using your fingerprint or Face ID to log into your account. That's generally safer than using a password that is easy to guess or susceptible to a phishing attack. "Passwords can be cracked, whereas passkeys need both the public and the locally stored private key to authenticate users, which can help mitigate risks like falling victim to phishing and brute-force or credential-stuffing attacks," Tomaschek added. Passkeys aren't stored on servers like passwords. Instead, they're stored only on your personal device. More conveniently, this takes the guesswork out of remembering your passwords and the need for a password manager. Microsoft said in a May 1 blog post that it will automatically detect the best passkey to set up and make that your default sign-in option. "If you have a password and 'one-time code' set up on your account, we'll prompt you to sign in with your one-time code instead of your password. After you're signed in, you'll be prompted to enroll a passkey. Then the next time you sign in, you'll be prompted to sign in with your passkey," according to the blog post. To set up a new passkey, open your Authenticator app on your phone. Tap on your account and select "Set up a passkey." You'll be prompted to log in with your existing credentials. After you're logged in, you can set up the passkey.
