back arrow white icon
Back to Press releases
Press Release
October 23, 2024

Grip Security Releases 2025 SaaS Security Risks Report: Reveals 90% of SaaS Applications and 91% of AI Tools are Unmanaged

Report unveils new SaaS risk insights previously unavailable to the industry.

BOSTON, October 23, 2024 – Grip Security, the leader in SaaS identity risk management, today released its research report, “2025 SaaS Security Risks.” The report reveals that traditional security measures are no longer sufficient to address the growing risks from unmanaged SaaS applications and user accounts. Alarmingly, 90% of SaaS applications and 91% of AI tools within organizations remain unmanaged, underscoring a widespread vulnerability that continues to grow.

As SaaS reliance expands, Grip's research highlights the limitations of traditional security strategies in combating the “SaaS risk creep” – the gradual increase of vulnerabilities from unmanaged applications and their associated accounts. Key findings from the report include:

·       The number of SaaS applications used in an enterprise increased by 40% over the last two years.

·       SaaS applications per employee has steadily risen, marking an 85% increase in number of accounts per user.

·       73% of provisioned users never use their SaaS application license.

·       ChatGPT was found in 96% of analyzed organizations, and usage has increased 24x since its launch.

·       42% of popular AI applications have SAML capabilities, but 80% of these apps are not managed and federated with the SAML protocol.

“The sheer volume of unmanaged SaaS apps and AI tools we found in organizations shows the large gap between perceived and actual security,” said Lior Yaari, co-founder and CEO of Grip Security. “Businesses need real-time visibility into these applications and a risk governance program to manage their risks to stay ahead of the curve.”

The Growing Challenges of Shadow SaaS


A major concern highlighted in the report is the rise of Shadow SaaS and Shadow AI—applications used without IT’s visibility or control. These applications put organizations at risk of data breaches, non-compliance issues, operational inefficiencies, and confidential information leaks. As Gartner projects that by 2027, 75% of employees will use technologies outside IT’s oversight, organizations must rethink their SaaS security strategies to address the growing risk of unmanaged applications.

Despite billions spent on addressing SaaS-related risks, existing security solutions like CASBs have proven inadequate. These tools fail to keep up with the complexities of modern SaaS environments, generating excessive data noise and false positives that hinder security teams from focusing on real threats.

"As SaaS continues to grow, businesses can't afford to rely on outdated tools. A holistic, identity-driven approach is now critical to ensure SaaS security and risk management," added Yaari. "The consequences of inaction are too severe—it's time for enterprises to address this risk proactively and rethink their security strategies to match the speed of SaaS adoption."

Need for a New Approach


Today’s SaaS-reliant organizations urgently need to move beyond traditional security tools. As highlighted by industry experts, business-led IT is driving much of this growth. As a result, responsibility for managing SaaS risks can no longer fall solely on IT and security teams—it requires collaboration across departments, including business app owners and end users, to effectively manage SaaS risks at scale. A flexible, identity-centric approach that empowers employees while controlling risk is the only way forward in this evolving landscape.

Without this shift, organizations will remain vulnerable to security breaches. High-profile incidents like those at Snowflake and Microsoft demonstrate the dangers of unmanaged SaaS environments, Shadow SaaS and dangling access. Companies that proactively adjust to these evolving SaaS trends will be better equipped to protect sensitive data, ensure compliance, optimize financial resources, and foster innovation while minimizing associated risks.

Methodology

The findings from Grip’s SaaS Security Risks Report are based on anonymized data from Grip's SaaS Security Control Plane (SSCP) solution. This includes insights from over 29 million SaaS user accounts, 1.7 million identities, and 23,987 SaaS applications posing potential risk.

To get additional insights on 2025 SaaS and AI tool security risks, download Grip Security’s full report.

About Grip Security

Grip Security is a pioneer in SaaS identity risk management, providing innovative solutions to help enterprises address the security risks associated with widespread SaaS adoption. The company’s SaaS Security Control Plane platform helps companies discover, prioritize, secure, and orchestrate the mitigation and remediation of risks. The innovative approach of leveraging identity as the key control point allows companies to secure all SaaS applications and empowers enterprises to embrace SaaS adoption securely.

The complete SaaS identity risk management solution.​

Uncover and secure shadow SaaS and rogue cloud accounts.
Prioritize SaaS risks for SSO integration.
Address SaaS identity risks promptly with 
policy-driven automation.
Consolidate redundant apps and unused licenses to lower SaaS costs.
Leverage your existing tools to include shadow SaaS.​

See Grip, the leading SaaS security platform, live:​