Latest news with #ShadowAI
Forbes
25-06-2025
- Business
- Forbes
Securing SaaS In The Age Of AI: What CISOs Need To Know
Galit Lubetzky Sharon was Head of the Stategic Center of the IDF's Cyber Defense Division and is now the Co-Founder & CEO of Wing Security. AI is everywhere. It's driving productivity, accelerating workflows and powering SaaS for every department. But while AI tools are making life easier for teams, they are also creating new opportunities for cybersecurity attacks. The unpleasant truth is that the security implications of AI are growing fast. CISOs and security teams need to understand where these risks are emerging and get ahead of them fast. Shadow AI is the new shadow IT. AI-powered apps are entering your SaaS stack often without approval from your security team. Tools that seem harmless, such as writing assistants, meeting notetakers or document summarizers, can plug directly into your SaaS environment and access sensitive data. Some of these tools request broad access to emails, file storage or chat platforms. Others quietly collect user inputs. If they are operating outside of monitored processes, they increase your organization's exposure, and you won't even know about it. Make sure you know if the apps in your stack utilize AI and understand the potential risks of that exposure. AI integrations can go from access to exploitation. AI tools often require deep access to functions, including admin-level permissions, API keys or OAuth tokens. Once granted, this access is hard to track and even harder to revoke. If a connected AI tool is compromised, the attacker also inherits its permissions. A single compromised integration can become a foothold into your SaaS ecosystem and allow attackers to move laterally from there. This is why it's so important to be aware of the permissions granted to AI apps and monitor to ensure those permissions are removed when no longer needed. Weak privacy laws create long-term exposure. AI privacy regulations are still evolving in many regions. As a result, vendors have broad leeway in how they collect, process and store your company's data. Without strong legal protections or vendor transparency, sensitive internal information shared with AI tools can end up being stored, reused or even incorporated into the training datasets of your competitors. This means your product road map, brand terminology or financial models could become part of someone else's model training process. It's important to assess the data policy of your AI vendor to make sure it aligns with your company policy. AI is helping attackers move faster. On top of the risks discussed above, attackers are also using AI to scale and enhance their attacks. From tailored phishing emails to automating credential stuffing across multiple platforms, AI has lowered the barrier for launching large-scale identity-based attacks and increased their success rate. These attacks are more efficient, are harder to detect and often mimic legitimate activity with alarming accuracy. What used to be one-off attacks can now be executed at scale with minimal effort. So, the same way that AI is accelerating your work, it is accelerating breaches. There is no time to wait for an airtight security policy around AI. The time to implement strategies and tools is now. Can you have safe AI in your organization? AI adoption is not slowing down, and simply avoiding AI is not realistic and not the goal. What you can do is focus on visibility, control and consistent enforcement. You can only secure what you can see. Identify all AI-powered tools in use across your organization, including embedded features and third-party integrations. A strong SaaS security posture management (SSPM) solution can help uncover what might otherwise go undetected. AI tools often request more access than they actually need to serve their intended purpose. Review access scopes closely and apply least privilege policies. Pay attention to any tool requesting access to documents, calendars, messaging platforms or admin-level functions. When in doubt, reject. Most employees want to do the right thing but might not understand the risks. Provide practical, easy-to-follow guidelines and provide training. Do not assume that employees are reading memos or organization-wide emails. Any tool that processes your company's data is a vendor and should be vetted accordingly. This means conducting risk assessments, reviewing how data is handled and requiring security controls and adherence to compliance standards. Achieve a safe AI reality. With AI, the risks are getting more complex, but SaaS security can still be controlled. My advice is not to fear AI, but to approach it with a clear strategy. By understanding the risks, establishing clear policies and implementing the right tools, you can enable productivity and innovation without compromising on your security. The threat landscape is changing. Is your SaaS security agile enough to change with it? Forbes Technology Council is an invitation-only community for world-class CIOs, CTOs and technology executives. Do I qualify?
Yahoo
12-02-2025
- Business
- Yahoo
Torii Unveils 2025 SaaS Benchmark Report, Exposing the True Cost of Shadow AI & SaaS Sprawl
NEW YORK, February 12, 2025--(BUSINESS WIRE)--Torii, the leader in SaaS Management, has unveiled its highly anticipated 2025 SaaS Benchmark Annual Report, exposing the staggering financial and security threats posed by Shadow AI and unchecked SaaS sprawl. Based on exclusive first-party data from hundreds of organizations, the report highlights how businesses are struggling with a dramatic rise in Shadow IT—now dominated by AI-powered tools. Most businesses today recognize the threat of Shadow AI—unsanctioned AI use outside IT governance—but few realize how pervasive it already is. Because these tools often rely on proprietary company data, they pose significant security and compliance risks, and since they often use a consumption-based pricing model, they can undermine cost management. Importantly, while some instances of Shadow AI are new apps, many are AI-driven features within already approved software. Yet despite these differences, in many ways, Shadow AI is simply the next chapter in the same story of software governance. Since its founding in 2017, Torii has tackled SaaS sprawl with a visibility-first approach to SaaS Management. Today's AI surge is another form of ungoverned software that can be secured and optimized if it is first discovered. Torii remains the market leader, ensuring IT teams stay ahead of risks and inefficiencies before they escalate. Want to see how Shadow AI is silently driving up your costs? Read the full 2025 SaaS Benchmark Report here. The Cost of Unchecked SaaS Sprawl: Key Findings The surge in AI-driven tools is reshaping software ecosystems, adding new urgency to long-standing SaaS sprawl challenges. Shadow AI now accounts for the majority of newly unmanaged applications, further complicating visibility, cost tracking, and compliance efforts. Torii's SaaS Benchmark Report quantifies the true scale of Shadow AI's impact, revealing just how pervasive and costly the issue has already become: Organizations manage an average of 668 applications—over half (54%) classified as Shadow IT – As software portfolios continue to expand, Shadow AI has fueled much of the 21% increase in total app counts across five company sizes since Q1 2024, intensifying visibility and cost challenges for IT teams. AI-driven tools make up the majority of unmanaged applications– The top four most frequently unmanaged apps in companies are 100% AI-driven tools, with four of the next five also AI-dependent. This unchecked AI adoption outside IT oversight makes cost tracking nearly impossible due to unpredictable consumption-based pricing models. 61% of SaaS applications are inactive, yet companies continue paying for them – Many of these applications have had no active users in the last 30 days, yet they still carry active, paid licenses. At the same time, both average and median SaaS contract values have increased year-over-year, making renewals a crucial opportunity for cost containment and right-sizing entitlements. "The extent of Shadow AI and underutilized applications that would have gone unnoticed without Torii is staggering," said Uri Haramati, CEO and Co-Founder of Torii. "Organizations don't realize how much budget waste and compliance risk is hidden in their software stacks. This report highlights how Torii is giving IT leaders the visibility, insights, and automation they need to stay ahead—before costs and risk spiral out of control." Torii Customers Take Control of Shadow AI & SaaS Sprawl Torii customers rely on the platform's industry-leading, multi-source discovery and intelligent automations to gain unmatched visibility into their software ecosystem. By exposing hidden software, optimizing spend, and enforcing compliance, Torii ensures IT teams stay ahead of risks and inefficiencies before they escalate: Daryl Dore, Director of IT at Higher Logic, shares: "My first budget season I almost quit my job because it was so painful. With Torii, I only have to spend about four hours on it. Now, Finance relies on me to correct their budget because my data is more accurate." Joshua James, IT Operations Expert at Sennder, explains: "Torii gives us a central source of truth for all things SaaS. Now, we have control over our apps and expenses. I fully recommend Torii for its great SaaS detection, time-saving workflows, and comprehensive cost savings." Raveh Kahaner, Head of Global Procurement at HiBob, shares: "After deploying Torii I was taken aback by the huge gap between the SaaS apps we were managing, how many we believed existed, and the reality. We knew we were struggling to account for all of our SaaS apps, but had no idea there were hundreds of them left unaccounted for. Torii gave us that visibility." Torii: The Must-Have Platform for Tackling Shadow AI Torii's latest research highlights the critical insights that often go unnoticed until it's too late. Without the right tools, organizations struggle to uncover Shadow AI, hidden software costs, and compliance blind spots. Torii's discovery capabilities, cost-saving insights, and automation empower IT teams to take a proactive approach, shifting from reactive firefighting to strategic technology advisors. By revealing the true state of software environments, Torii helps businesses close compliance gaps, optimize spending, and drive operational efficiency with ease. To explore the full insights, access the 2025 SaaS Benchmark Annual Report here. For more information on how Torii is reshaping SaaS management, visit View source version on Contacts Media Contact: Lauren WhiteheadDirector, Product Sign in to access your portfolio
