A survey of 500 CISOs working for U.S. organizations with more than 500 employees finds 31% acknowledging they have already seen unauthorized data exfiltration between software-as-a-service (SaaS) applications and AI tools and platforms.

Conducted by the market research firm Censuswide on behalf of Vorlon, a provider of a data security platform, the survey also finds 87% admit they are unable to see what data AI tools are exchanging with SaaS applications.

Nevertheless, well over three quarters (79%) claim to have a comprehensive ability to map data flows across SaaS and AI tools and platforms, with 77% also noting they have comprehensive behavioral monitoring at the data-layer in place.

Vorlon CEO Amir Khayat said that suggests there is a significant gap between the confidence CISOs have in their existing tools and what is actually occurring in their IT environments. For example, a full 89% claim to have strong or comprehensive OAuth token governance capabilities. However, 27% of the breaches involving SaaS involved a compromised OAuth token or application programming interface (API) key, the survey finds.

Nearly all (99%) were breached despite having on average 13 dedicated security tools, the survey finds.

Not surprisingly, 86% of respondents also noted their organization plans to increase their SaaS security budget in 2026, while 84% plan to increase their AI security budget.

The rise of AI tools and platforms is, in many cases, simply exacerbating long-standing security issues involving SaaS applications, noted Khayat. In fact, nearly all survey respondents (99%) experienced at least one security incident involving a SaaS or AI tool in 2025.

The challenge is that with the rise of AI agents, maintaining data security is about to become even more challenging. Three quarters of respondents (75%) of CISOs now identify AI agents as either a critical or significant security risk to the organization.

Ultimately, cybersecurity teams will need to adopt platforms and tools that enable them to track the behavior of AI agents, which for all intents and purposes are a new type of identity that is being rapidly added to SaaS application environments, Khayat noted. In an era where cyberattackers have already shown a propensity to steal credentials, AI agents represent a massive expansion of the attack surface that needs to be defended, he added. To address that issue, Vorlon has developed an AI Agent Flight Recorder that extends its attack simulation capabilities to continuously capture an immutable audit trail of every agent interaction.

Of course, recognizing a risk is not quite the same thing as being able to thwart a potential attack. Nearly all respondents (98%) remain concerned about there being a SaaS application supply chain breach in 2026.

Less clear is to what degree business leaders will start to appreciate the inherent risks AI represents. It may require a few large scale incidents involving AI agents before enough budget dollars are allocated. In the meantime, cybersecurity teams might want to assume there will continue to be death by a thousand cuts as more data is exposed to AI agents. The trouble is that once that data is exposed there really is no telling how long it might be before that sensitive data belonging to the organization manifests itself in some way that is nearly impossible to predict.