Home » Security Bloggers Network » Uncategorized » Vorlon Survey: 99% of Organizations Got Hit by a SaaS or AI Security Incident in 2025

Vorlon Survey: 99% of Organizations Got Hit by a SaaS or AI Security Incident in 2025

by Techstrong Editorial on March 23, 2026

A survey of 500 U.S. CISOs published by Vorlon ahead of RSAC 2026 found that 99.4% of organizations experienced at least one SaaS or AI ecosystem security incident in 2025. Only three out of 500 reported zero incidents.

The numbers get more uncomfortable from there. One in three enterprises dealt with a security incident involving AI agents. Nearly 31% experienced unauthorized data exfiltration through SaaS-to-AI integrations. And 27.4% were breached through compromised OAuth tokens or API keys, despite 89.2% of those same CISOs claiming strong OAuth governance.

That disconnect between confidence and outcomes runs through the entire report. Organizations deploy an average of 13 dedicated security tools across their SaaS and AI environments. Roughly 77% say they have full behavioral monitoring in place. Yet 83% to 87% of respondents report limitations across every security capability measured.

The AI Agent Blind Spot

CISOs report 80-85% confidence in understanding what data major AI tools like ChatGPT, Claude, Copilot, and Gemini can access. That confidence drops to 65.4% for other AI tools, with a quarter of respondents reporting no confidence at all. Meanwhile, 75.4% characterize AI agents as a critical or significant data security risk.

“The security architecture most organizations have was built for the front door: application configurations, user logins, permission settings,” said Amir Khayat, co-founder and CEO of Vorlon. “The threat has moved to the engine room, the runtime layer where AI agents move sensitive data between systems, where OAuth tokens grant persistent cross-platform access, where a single compromised integration cascades silently across an entire SaaS supply chain.”

Supply chain risk weighs heavy: 99% of CISOs expressed concern about a SaaS or AI supply chain breach in 2026, following incidents like the Salesforce ShinyHunters vishing attack and the Gainsight supply chain compromise. Yet only 0.8%, four out of 500, feel adequately protected.

The spending response is clear. 86.8% plan to increase SaaS security budgets in 2026, and 84.2% plan to increase AI security budgets.

March 23, 2026March 23, 2026 Techstrong Editorial AI Security, CISO Survey, RSAC 2026, SaaS Security, Vorlon

Vorlon Survey: 99% of Organizations Got Hit by a SaaS or AI Security Incident in 2025

The AI Agent Blind Spot

Senator Sanders Wants to Own AI Companies — and Hand America’s Adversaries the Keys

NIST’s Nine: The PQC Signature Race Moves to Round Three

The Quantum Arms Race: Why Washington Just Wrote a $2 Billion Check to Nine Companies

Beyond Moore’s Law: The Hyper-Acceleration of Autonomous AI Cyber Capabilities

The Exception Economy: When Security Teams Stop Protecting and Start Negotiating

GoPlus’s Latest Report Highlights How Blockchain Communities Are Leveraging Critical API Security Data To Mitigate Web3 Threats

C2A Security’s EVSec Risk Management and Automation Platform Gains Traction in Automotive Industry as Companies Seek to Efficiently Meet Regulatory Requirements

Zama Raises $73M in Series A Lead by Multicoin Capital and Protocol Labs to Commercialize Fully Homomorphic Encryption

RSM US Deploys Stellar Cyber Open XDR Platform to Secure Clients

ThreatHunter.ai Halts Hundreds of Attacks in the past 48 hours: Combating Ransomware and Nation-State Cyber Threats Head-On

Randall Munroe’s XKCD ‘Soniferous Aether’