The Front Door Is Locked. The Engine Room Is Wide Open.

CSA Agentic AI Security Summit | Session Replay | April 30, 2026

The security tools built over the past decade, perimeter defenses, identity platforms, SSPMs, were designed for a different set of problems. The most active layer of the enterprise has shifted. AI agents are now browsing, querying, and moving sensitive data across systems via the execution layer. Most security teams cannot see it happening.

Vorlon commissioned a survey of 500 U.S. CISOs in January and February of this year. The findings are hard to set aside: 99.4% of organizations experienced a SaaS or AI ecosystem incident in 2025. 1 in 3 encountered suspicious AI agent activity. And 86.8% still cannot see what data AI tools are exchanging with their SaaS applications. The average organization runs 13 security tools just to cover SaaS and AI. In financial services, that number reaches 16. It has not been enough.

This session, recorded live at the CSA Agentic AI Security Summit on April 30, 2026, brings together three security leaders to examine what's happening in the execution layer, and what a defensible response looks like.

What the conversation covers:

Why existing categories (CASB, SSPM, ITDR) leave the agentic layer unmonitored, and what the engine room actually looks like to an attacker
The OAuth governance gap: nearly 90% of CISOs report strong governance, while 27.4% were breached through compromised OAuth tokens or API keys
How AI agents are masking as human identities inside enterprise environments, and why traditional behavioral detection misses it
The proliferation problem: when any employee can spin up an AI agent or SaaS integration without IT approval, the concept of a defined attack surface starts to break down
What one concrete action looks like for a CISO who needs to move forward this week

The conversation draws on real data from the Agentic Ecosystem Security Gap: 2026 CISO Report, real breach cases including ShinyHunters, Salesloft/Drift, and the Vercel incident, and the operational perspective of a CISO running this problem inside a live multinational enterprise.

ABOUT THE SPEAKERS

leon-ravenna

Leon Ravenna

CISO, OPENLANE

Leon Ravenna is the Chief Information Security Officer at OPENLANE, a global vehicle remarketing platform operating across multiple countries. He has spent 30 years building and running security programs across healthcare, financial services, and technology, holding both CISO and CIO roles over the course of his career. Leon brings deep experience in regulatory compliance including ISO 27001, HIPAA, PCI, and NIST frameworks, along with a track record of defending complex enterprise environments where the threats are real and the resources are finite. He is a recognized practitioner voice on the gap between security confidence and actual security coverage, a theme at the center of this conversation.

andy-ellis

Andy Ellis

Hall of Fame CSO | Author, 1% Leadership | Moderator

Andy Ellis is one of the most respected voices in cybersecurity, known for bringing clarity to problems the industry tends to overcomplicate. He served as Chief Security Officer at Akamai Technologies for more than 20 years, where he led the company's security strategy and helped design and build many of Akamai's security products. He was inducted into the CSO Hall of Fame in 2021. Today Andy is the founder and CEO of Duha, a boutique advisory firm working at the intersection of security, leadership, product, and strategy. He is the author of 1% Leadership, co-host of The CISO Series podcast, and editor of How to CISO. He holds a degree in computer science from MIT and served as an officer in the United States Air Force.

Amir Khayat

CEO and co-founder of Vorlon

Amir Khayat is the CEO and co-founder of Vorlon, a cybersecurity company that helps enterprises secure the sensitive data flowing across their converged SaaS and AI ecosystem. Amir’s journey through twenty years in cybersecurity has taken him from hands-on software development to being a founding team member at Demisto, the widely adopted SOAR platform, and through Demisto’s acquisition by Palo Alto Networks, where he ran global solutions engineering for their XSOAR platform. But while helping hundreds of global enterprises automate and streamline their security operations, Amir saw a new and rapidly growing need to protect sensitive data in motion from one system to another. He graduated from Reichman University, Herzliya, Israel (IDC) with a BA in Computer Science, and he holds an MBA from the Hebrew University of Jerusalem.

Executive summary: Securing the Converged SaaS and AI Ecosystem: What CISOs and Practitioners Need to Know

Traditional security frameworks don’t fit today’s reality

The enterprise perimeter has shifted. Organizations are no longer securing just endpoints and networks. Sensitive data now moves across a converged SaaS and AI ecosystem where:

SaaS applications are interconnected through APIs and OAuth integrations
AI copilots, agents, and automations access sensitive records with organizational authority
Data constantly flows between human and non-human identities

Legacy SSPM and DSPM tools were designed for static environments. Today’s attack surface is dynamic, interconnected, and much harder to govern.

Nearly every organization runs on a converged SaaS and AI ecosystem

Justin Lam, 451 Research:
“Security has never been a solitary effort. Enterprises now operate inside a converged SaaS and AI ecosystem — one unified attack surface. If you treat SaaS and AI separately, you’re already behind.”

What defines this shift:

Broad SaaS adoption makes apps the backbone of daily business operations.
AI models and copilots act at machine speed, moving sensitive data instantly.
Together, they form a SaaS+AI ecosystem moving faster than most security frameworks can address.

Why Vorlon was founded

Amir Khayat, Vorlon:
“Organizations don’t own their data pipelines anymore. They flow through the converged SaaS and AI ecosystem. Vorlon was built to restore visibility and control for security teams operating in this new environment.”

Key founding insights:

Enterprises lost direct ownership of data movement.
Productivity gains created fragmented oversight.
Security teams need a way to see, govern, and remediate risks across SaaS+AI ecosystems.

The attack surface expands with SaaS and AI convergence

The converged SaaS and AI ecosystem accelerates work, but it also widens exposure:

SaaS apps, plug-ins, and AI add-ons increase data touchpoints
Secrets and tokens power integrations without oversight
Shadow SaaS and AI tools bypass security review
Sensitive data-in-motion is rarely governed end-to-end

Amir Khayat compared this to driverless cars: you trust them until the moment they don’t behave as expected. Security leaders cannot rely solely on vendor assurances.

Cracks in the shared responsibility model

The ShinyHunters phishing campaign exposed Salesforce customers without breaching Salesforce itself. Attackers used OAuth abuse to compromise customer environments.

Justin Lam:
“The shared responsibility model often feels like shared fate. Vendors can’t be accountable for risks across your converged SaaS and AI ecosystem.”

Enterprises must take ownership of how SaaS and AI integrations are secured, monitored, and remediated in their use.

Shadow SaaS and shadow AI

Every organization already runs on more SaaS+AI tools than leadership realizes.

Unsanctioned SaaS apps create hidden connections
AI copilots and plugins access data without approval
Inter-app automations silently move sensitive information

Mapping the converged SaaS and AI ecosystem is the first line of defense.

SaaS and AI convergence drivers

According to 451 Research, three forces are accelerating the convergence of SaaS and AI:

Frictionless adoption — with low-code and API-first design, new SaaS+AI tools are added easily, often outside IT.
Vendor stickiness — established SaaS vendors embed AI into their platforms to deepen reliance and lock-in.
Reward-first culture — enterprises prioritize productivity and innovation over controls, leaving governance gaps.

Shared risk vectors across SaaS and AI

Amir Khayat notes that the risks are not separate; they converge inside one ecosystem:

Overshared access rights and privilege drift
Shadow SaaS and AI usage outside IT governance
Data exfiltration risks from opaque data flows
Non-human identity (NHI) risks from service accounts, tokens, bots, and AI agents

These are now shared risks across the SaaS+AI ecosystem, not siloed categories.

Data is the constant

Justin Lam:
“No matter how fast the SaaS and AI landscape evolves, the constant is the data. Protecting data-in-motion across the converged SaaS and AI ecosystem is the only sustainable defense model.”

CISOs should prioritize risk management by data impact: intellectual property, customer records, employee HR data, and regulated financial or healthcare information.

Case study: stopping ShinyHunters in the SaaS+AI ecosystem

Amir shared how Vorlon detected and mitigated a Salesforce-focused OAuth compromise aligned with ShinyHunters tactics:

Discovery: Vorlon monitored eight SaaS applications but auto-detected 51 downstream connections, including AI tools
Detection: Alert triggered when a new OAuth app with full permissions appears
Enrichment: Vorlon correlated identity misuse, TOR IP communication, and data-access patterns
Response: Tokens revoked automatically or delegated to IT. Mean-time-to-response reduced from weeks to minutes

This shows the importance of continuous monitoring across the entire converged SaaS and AI ecosystem, not just the primary vendor app.

Secure by design vs. secure by operation

Vendors may design their SaaS+AI products with security features.
Enterprises still need to operate their own environments securely.

That requires:

Continuous monitoring of every new connection
Governing tokens and non-human identities
Rapid detection of abnormal behaviors and data flows

Closing insights

Key takeaways for security leaders:

Visibility is foundational. You can’t secure what you can’t map.
Shared responsibility ≠ shared protection. Enterprises must secure their own use cases.
Data-in-motion is today’s perimeter inside the converged SaaS and AI ecosystem.

Amir Khayat:
“Don’t cede your company’s security destiny to SaaS vendors. The future is proactive, unified defense across the converged SaaS and AI ecosystem.”

Next steps for security leaders

Map your converged SaaS and AI ecosystem: uncover every sanctioned and shadow connection
Treat non-human identities like users: monitor bots, scripts, tokens, and copilots carefully
Secure data-in-motion: track and prioritize risks by the sensitivity of data flows
Invest in unified SaaS+AI ecosystem security platforms: avoid piecemeal tools that create blind spots