Grip Security, a leading SaaS identity risk management company, recently released a research report titled “2025 SaaS Security Risks,” revealing alarming statistics regarding unmanaged SaaS applications and user accounts within organizations. According to the report, traditional security measures are falling short in addressing the increasing risks posed by unmanaged SaaS applications, with 90% of SaaS applications and 91% of AI tools remaining unmanaged.
The report highlighted the concept of “SaaS risk creep,” which refers to the gradual increase in vulnerabilities stemming from unmanaged applications and associated accounts. Key findings from the report include a 40% increase in the number of SaaS applications used by enterprises over the last two years, an 85% rise in the average number of SaaS applications per employee, and the fact that 73% of provisioned users never use their SaaS application license.
Additionally, the report found that the usage of ChatGPT has increased significantly, with the AI tool being present in 96% of analyzed organizations and experiencing a 24x increase in usage since its launch. Furthermore, 42% of popular AI applications have SAML capabilities, but 80% of these apps are not managed and federated with the SAML protocol.
According to Lior Yaari, co-founder and CEO of Grip Security, the research underscores the significant gap between perceived and actual security within organizations. Yaari stressed the importance of real-time visibility into SaaS applications and the implementation of a risk governance program to effectively manage these risks.
One of the major concerns highlighted in the report is the rise of Shadow SaaS and Shadow AI, referring to applications used without IT visibility or control. These applications pose serious risks to organizations, including data breaches, non-compliance issues, operational inefficiencies, and leaks of confidential information. A projection by Gartner suggests that by 2027, 75% of employees will use technologies outside IT oversight, emphasizing the need for organizations to rethink their SaaS security strategies.
Despite significant investments in addressing SaaS-related risks, existing security solutions like CASBs have proven inadequate in keeping pace with the complexities of modern SaaS environments. Yaari emphasized the need for a holistic, identity-driven approach to ensure SaaS security and risk management, warning that the consequences of inaction are severe.
In response to the growing challenges posed by unmanaged SaaS applications, organizations are urged to move beyond traditional security tools and adopt a flexible, identity-centric approach. Collaboration across departments, including business app owners and end users, is crucial to effectively manage SaaS risks at scale in today’s evolving landscape.
Failure to address these evolving SaaS trends leaves organizations vulnerable to security breaches, as demonstrated by high-profile incidents at companies like Snowflake and Microsoft. Proactive adjustment to these trends will better equip companies to safeguard sensitive data, ensure compliance, optimize financial resources, foster innovation, and minimize associated risks.
The findings of the Grip SaaS Security Risks report are based on anonymized data from the Grip SaaS Security Control Plane (SSCP) solution, providing insights from millions of SaaS user accounts, identities, and potential risk-causing applications. Organizations seeking further insights on SaaS and AI tool security risks can access Grip Security’s full report online.
Grip Security, known for its innovative solutions in SaaS identity risk management, offers the SaaS Security Control Plane platform to help enterprises discover, prioritize, secure, and orchestrate the mitigation of risks associated with widespread SaaS adoption. By leveraging identity as the key control point, Grip Security empowers companies to secure all SaaS applications and embrace SaaS adoption securely.