99% of Organizations Were Hit by a SaaS or AI Ecosystem Security Incident in 2025, Despite Widespread Claims of Comprehensive Protection

SAN FRANCISCO, March 23, 2026 — Vorlon, the Agentic Ecosystem Security Platform, today released The Agentic Ecosystem Security Gap: 2026 CISO Report, a survey of 500 U.S. security leaders that surfaces a troubling contradiction at the heart of enterprise security. Organizations are more confident, more tooled, and more breached than ever. Simultaneously.

The survey found that 99.4% of CISOs experienced at least one SaaS or AI ecosystem security incident in 2025, with only 3 of 500 reporting zero incidents. At the same time,

• 89.2% claim strong or comprehensive OAuth token governance
• 77% report comprehensive behavioral monitoring
• Organizations deploy an average of 13 dedicated security tools across their SaaS and AI environments

When 99% of organizations are breached and 89% feel protected, while running 13 dedicated tools, the problem is not awareness. It is architecture. Vorlon’s report explains the gap.

“Every CISO we surveyed understands the risk. Most are increasing their budgets to address it,” said Amir Khayat, co-founder and CEO of Vorlon. “But the security architecture most organizations have was built for the front door: application configurations, user logins, permission settings. The threat has moved to the engine room, the runtime layer where AI agents move sensitive data between systems, where OAuth tokens grant persistent cross-platform access, where a single compromised integration cascades silently across an entire SaaS supply chain. Most organizations are running this ecosystem without the ability to see what's happening, investigate when something goes wrong, or contain it before the damage spreads. Vorlon exists to change that.”

The agentic workforce is already generating incidents

One in three enterprises experienced a security incident involving AI agents in 2025 — Year One of serious enterprise AI deployment. These are not hypothetical future risks. They are current ones.

• 75.4% characterize AI agents as a critical or significant data security risk, with 31.4% calling them a major new attack surface
• 30.4% experienced suspicious activity involving AI agents in 2025
• 30.8% experienced unauthorized data exfiltration through SaaS-to-AI integrations
• 83.4% say distinguishing between human and non-human behaviors is a limitation of their current tools

The confidence gap is sharpest where the risk is least visible. CISOs report 80-85% confidence in understanding what data their deployed named-AI tools — ChatGPT, Claude, Copilot, Gemini — can access. However, when asked about other AI tools beyond the big names, that confidence drops to 65.4%, with 25% reporting no confidence at all.

Claimed protection and actual outcomes tell different stories

The survey shows tension between reported governance and breach activity:

• 89.2% claim strong or comprehensive OAuth governance; 27.4% were still breached through compromised OAuth tokens or API keys in 2025
• 78.6% claim comprehensive real-time data flow mapping; 86.8% say seeing what data AI tools exchange with SaaS applications is a limitation of their current tools
• 77% claim comprehensive behavioral monitoring; 30.8% still experienced SaaS-to-AI data exfiltration

Between 83% and 87% of CISOs report limitations across every capability measured, with fewer than four percentage points separating the largest and smallest gaps. This is not evidence that some tools are better than others. It is evidence that the entire existing architecture shares the same blind spot. Of the 39% of CISOs using a SaaS Security Posture Management (SSPM) tool, 42.8% say it detects only within individual applications or functions primarily as a configuration and compliance audit tool rather than a real-time cross-platform threat detection platform.

Eric Richard, Senior Vice President of Engineering at Dutchie, described the same gap from an operational perspective. "Security practitioners know how to manage the hygiene of user accounts and user access. The challenge is that once you move inside the SaaS and AI ecosystem, you're dealing with a different problem space, app-to-app connections, OAuth tokens, API keys, and AI agents operating autonomously. That layer wasn't built to be monitored by the tools most security teams already have. Our SASE stack guards the gates. Vorlon watches what happens inside the city."

Supply chain risk is nearly universal — readiness is not

Following high-profile SaaS and AI supply chain breaches in 2025, including the Salesforce ShinyHunters vishing attack, the Salesloft/Drift OAuth hijack, and the Gainsight supply chain compromise, 99% of CISOs report concern about a similar incident in 2026. Nearly half (46.6%) call it a top priority risk, while only 0.8% — four out of 500 — feel adequately protected.

• 30% experienced a supply chain attack involving a SaaS vendor or integration partner in 2025
• Only 51.2% have an automated incident response playbook for an active SaaS exfiltration event

When a SaaS vendor announces a breach, there is no industry consensus on who owns the impact assessment. Responses span nine organizational functions with no single team cited by more than 21.8%, suggesting this new attack surface has yet to find a settled home in the enterprise.

SecOps is where the agentic ecosystem gets secured and budgets are expanding

Enterprises are increasing investment and operational focus across SaaS and AI security domains:

• Fewer than half of CISOs claim comprehensive coverage across all three SecOps workflow areas for their SaaS and AI ecosystem: exposure management (41.8%), threat hunting and investigation (44%), and incident response (38.2%)
• 93% or more plan to add or expand coverage across all three areas, with nearly half planning to do so within 12 months
• 86.8% plan to increase their SaaS security budget in 2026
• 84.2% plan to increase their AI security budget in 2026

Resources

• CSA Agentic AI Security Summit: Join legendary CISO Andy Ellis, Vorlon CEO Amir Khayat, and OPENLANE CISO Leon Ravenna as they dive into the security implications behind the data. Learn more
  
  
• Full report: The Agentic Ecosystem Security Gap: 2026 CISO Report
  
  
• Report Blog: Survey of 500 CISOs Shows Threat Has Moved to Engine Room. Security Architecture Hasn't
  
  
• FinServ Industry Agentic AI Security Survey Data: Why FinServ, the Most Security-Invested Sector, Still Has an AI Agent Problem
  
  
• Insurance Industry Agentic AI Security Survey Data: The Visibility Problem Insurance CISOs Haven't Priced Into Their AI Risk Models
  
  
• Healthcare Industry Agentic AI Security Survey Data: HIPAA Was Not Written for AI Agents. The 2026 CISO Report Shows What That Costs Healthcare

Survey Methodology

The Agentic Ecosystem Security Gap: 2026 CISO Report surveyed 500 U.S. CISOs at organizations with 500 or more employees across all major industry verticals for the year of 2025. The survey was conducted by an independent research firm from January 27 to February 9, 2026. The full report is available at vorlon.io.

About Vorlon

Vorlon is the Agentic Ecosystem Security Platform that protects the converged SaaS and AI ecosystem where agents, APIs, integrations, and non-human identities operate at machine speed. Its patented DataMatrix™ technology maps how sensitive data, identities, and integrations interact across enterprise systems, giving security teams the visibility, forensics, and remediation to manage sensitive data exposure, prevent breaches, and deploy AI at scale. https://vorlon.io

Media Contact

Chloe Amante

Montner Tech PR

camante@montner.com