A recent report revealed startling facts about digital security in the era of artificial intelligence (AI) and SaaS. A whopping 99.4 percent of 500 Chief Information Security Officers (CISOs) in the United States reported experiencing at least one security incident by 2025.
This study, conducted by the security platform Vorlon, found that only three out of 500 respondents experienced no incidents at all—a figure that demonstrates the magnitude of the threat to the modern digital ecosystem.
Threats Move to the “Engine Room”
While most companies claim to have robust security systems in place, the reality is that threats are now evolving into more complex areas.
A total of 89.2 percent of respondents reported having robust OAuth token governance, while 77 percent reported implementing comprehensive behavioral monitoring. However, this approach is considered insufficient.
Vorlon CEO and Co-founder Amir Khayat believes that many current security systems still focus on the “front door” such as user login and access management.
“Threats have now moved to the engine room—the runtime layer where AI agents move sensitive data between systems and OAuth tokens provide persistent cross-platform access,” he said.
He added that many organizations lack full visibility into activity at this layer, making it difficult to detect or stop threats before they escalate.
AI Agents Become a New Source of Risk
The report also highlights the increasing risks from the use of AI agents. Approximately one in three companies reported experiencing a security incident involving AI agents by 2025.
As many as 75.4 percent of respondents considered AI agents a significant to critical data security risk. Meanwhile, 31.4 percent identified them as a major new attack surface.
Other data shows:
- 30.4 percent experienced suspicious activity related to AI agents
- 30.8 percent experienced data breaches through SaaS-to-AI integrations
- 83.4 percent had difficulty distinguishing between human and non-human activity
This suggests that AI technology, which is supposed to increase efficiency, is actually opening new opportunities for cyberattacks.
High Trust, But Not Complete
CISOs reported being quite confident in understanding data access on major AI platforms like ChatGPT, Claude, Copilot, and Gemini, with confidence levels reaching 80–85 percent.
However, this confidence dropped significantly when it came to other AI tools outside of popular platforms. The trust level dropped to 65.4 percent, with 25 percent of respondents claiming no trust at all.
Supply Chain Risks Are Increasingly Worrying
Another equally serious threat comes from the digital supply chain. While 46.6 percent of respondents cited this risk as a top priority, only 0.8 percent felt fully protected.
In fact, around 30 percent of companies reported experiencing an attack involving a SaaS vendor or integration partner by 2025.
Vorlon Introduces New Solutions
In response to these growing threats, Vorlon is launching two new products:
- AI Agent Flight Recorder
- AI Agent Action Center
This second solution is designed to deliver forensic capabilities and coordinated response within an enterprise AI agent ecosystem.
This report confirms that rapid digital transformation, particularly in the use of AI and SaaS, brings increasingly complex security challenges.
While many companies have increased their investment in security, evolving threats demand a new, more adaptive and comprehensive approach.
With nearly every enterprise experiencing a security incident, the question is no longer “will we be attacked,” but “when and how prepared are we to face one.”
