Reco Blog

As AI becomes deeply embedded across SaaS platforms, it is increasingly operating with trusted internal access once reserved for employees and service accounts. This article examines how AI can function as an insider threat, why these risks are harder to detect than traditional insider activity, and what signals security teams should watch for. It also explores common governance gaps, real-world scenarios, and practical approaches organizations can take to reduce AI-driven insider risk without limiting legitimate AI use.

Clawdbot, the viral AI assistant that went mainstream in January 2026, exposes a new class of shadow AI risk: autonomous agents with shell access, plaintext credential storage, and over 1,200 misconfigured instances leaking API keys and chat logs. Unlike traditional shadow AI tools, Clawdbot represents a qualitative shift in attack surface—if your employees installed it and connected it to work systems, you now have an unmanaged endpoint with persistent access to sensitive data and zero visibility.

Google's Mandiant released AuraInspector, a tool that exploits misconfigured guest user sharing rules in Salesforce Experience Cloud sites through GraphQL endpoints. While the first public tool to use this specific technique, the underlying vulnerabilities have been exploitable since at least 2022 through other tools. Organizations should audit their Salesforce permissions, disable unnecessary guest user API access, and implement continuous monitoring to prevent data exposure.

Reco Device Inventory consolidates MDM, EDR, and identity provider data into a single view, eliminating fragmented dashboards and automatically surfacing rogue devices, unmanaged endpoints, and compliance gaps. Security teams can now proactively close coverage gaps before attackers exploit them, achieving a true single source of truth for all devices.

This article examines the evolution of CISO responsibilities in the AI era, from identity-first security and SaaS risk management to governance, compliance, and exposure-based decision-making. We will also learn how CISOs can maintain visibility, prioritize risk, and keep pace with AI-driven SaaS adoption without losing control over their environment.

Over 900,000 Chrome users had their ChatGPT and DeepSeek conversations stolen by two malicious browser extensions impersonating the legitimate AITOPIA AI sidebar tool. One extension even carried Google's "Featured" badge, creating a false sense of security.

CIS Microsoft 365 v6 introduces 140 controls across six services. Learn what’s new in v6, why it matters, and how continuous monitoring helps prevent drift between audits.

An expert review of the most significant AI and cloud security breaches of 2025, showing how OAuth abuse, shadow AI, prompt injection, and deepfake fraud reshaped enterprise risk and security assumptions.

Legacy SSPM solutions like AppOmni often struggle to keep pace with modern SaaS environments, exhibiting limited app coverage, shadow IT blind spots, and lack of integrated threat detection.This blog identifies five critical signs that indicate it's time to migrate. Organizations experiencing these issues should consider upgrading to a modern platform like Reco that offers broader coverage (225+ apps), automated shadow IT discovery, integrated threat detection, rapid app onboarding, and intelligent risk-based alert prioritization.

Shadow AI is emerging faster and more quietly than traditional Shadow IT, creating new risks around data exposure, governance, and identity-driven workflows. This article explores the Shadow AI adoption curve, explains why legacy SaaS controls fail to detect AI-driven activity, and outlines practical strategies that help organizations manage unapproved AI use safely. It also highlights how Reco enables unified access intelligence to uncover, assess, and govern Shadow AI across SaaS environments.

SaaS-to-SaaS integrations are the backbone of modern productivity, and your biggest blind spot. Each OAuth connection requests permissions that can read sensitive data, modify records, or trigger actions across multiple systems, yet most organizations have no idea which scopes exist or who approved them. Reco's SaaS-to-SaaS Scopes feature gives you complete visibility into these hidden connections, helping you detect risky permissions and enforce least-privilege access before a breach happens.

Salesforce issued an urgent security advisory today after detecting unusual activity in Gainsight-published apps. All access tokens have been revoked and the apps removed from AppExchange. If your organization currently uses or has ever used Gainsight's Salesforce integration, you need to audit your environment and take immediate remediation steps.

This article explains how organizations measure their readiness to secure and govern artificial intelligence through a structured maturity model. It outlines maturity levels, key assessment criteria, operational challenges, access risk analysis, and practical steps that help teams progress with confidence. Readers gain a clear view of how thoughtful governance, strong controls, and consistent monitoring support safer and more effective AI adoption across the enterprise.

In the GTG-1002 campaign, attackers manipulated Claude into autonomously executing 80-90% of a cyberattack across 30 targets at thousands of requests per second—the first documented AI-led espionage operation. Static security tools that can't baseline behavior or correlate cross-app activity miss the patterns AI attacks exploit, making dynamic, real-time defenses essential for modern SaaS environments.

Agentic AI is reshaping enterprise security from static defense to dynamic oversight. Its advanced security protects workflows, reinforces governance, and ensures compliance as intelligent agents make real-time decisions. It helps organizations to build trust, maintain control, and operate confidently within increasingly autonomous digital ecosystems.

This article explores the hidden costs of generative AI in SaaS, including infrastructure, governance, and security risks, and outlines strategies to manage expenses while driving safe adoption.

The ShinyHunters and Salesloft Drift breaches highlight how interconnected SaaS platforms create cascading security risks, where a vulnerability in one integration can quickly spread to multiple connected services. To address these evolving threats, organizations need dynamic SaaS security platforms that provide real-time visibility, adaptive access governance, and anomaly detection across their entire cloud app ecosystem.

Shadow AI is spreading fast. The 2025 State of Shadow AI Report shows that popular apps aren’t secure by default. Learn how leaders can restore visibility.

The Salesloft-Drift breach impacted over 700 companies when attackers exploited Github OAuth tokens to pivot through SaaS integrations into Salesforce and Gmail environments. This supply chain attack succeeded because traditional security tools lack visibility into SaaS-to-SaaS connections and cannot detect threats spanning multiple applications.

In mid-2025, ShinyHunters breached Salesforce instances at Google and Workday using voice phishing and malicious OAuth apps. Learn what happened and how Reco’s SaaS security platform could have stopped it.

Discover the top cloud security trends, challenges, and strategies shaping 2026, with expert guidance on Zero Trust, AI security, and SaaS risk management.

Our threat intelligence team broke Cursor’s background agent and took over an EC2 instance machine. Learn how we did it, implications and next steps.

Ruby Life's CISO successfully secured budget for Reco by strategically aligning with both technical and business stakeholders, demonstrating how SaaS security would enable safe AI adoption and drive revenue growth rather than just mitigate risks. Discover the key to his success that helped Ruby Life gain executive support.

Discover how Coinbase's $400M breach was linked to an outsourced call center, where employees accessing sensitive data triggered phishing scams and social engineering attacks

A Deel insider used Slack to spy on Rippling. This case reveals how SaaS tools expose companies to insider threats and how Reco helps stop them.

ChatGPT now natively connects to Google Drive, Outlook, SharePoint, Box, Dropbox, and more. A valuable productivity boost – paired with a plethora of data security risks. Read this blog to understand SaaS-to-Ai Risks, plus how Reco can help.

Discover effective strategies for managing AI sprawl within your SaaS stack. Implement practical governance to address security, compliance, and data risks efficiently.

In May 2025, CISA issued a warning that Commvault's Metallic cloud backup service had been compromised by threat actors, enabling the adversaries to steal secrets from Commvault customers. Read this blog to learn what happened, how to remediate if you were affected, and how Reco can help you stop attacks like this.

The old days of SaaS, when companies only had a handful of core apps, are long gone. Today’s SaaS environments are no longer static—they’re dynamic, interconnected and AI-infused. Learn why the next revolution in SaaS security is Dynamic SaaS Security.

Threat detection and response for SaaS apps is critical. But should you build it or buy it? Read this blog to learn why building a homegrown solution with your SIEM may be prohibitively complex, costly, and fall short of providing adequate protection.

JPMorgan’s CISO Pat Opet issued a blunt warning that SaaS sprawl is “quietly enabling cyber attackers” and creating systemic vulnerabilities. He calls for new cybersecurity solutions and standards. Read this blog to understand why Dynamic SaaS Security is the answer.

An overpermissioned contractor with malicious intent led to a devastating SaaS security breach. Learn about Kate, Reco's Director of Demand Generation, and her true story of being part of a SaaS security attack.

Discover why browser extensions can harm SaaS security, creating risks and blind spots, and how agentless, dynamic solutions offer safer, smarter protection.

We’re here to lead the SaaS Security market — a space we believe is on the verge of massive growth. Learn why our investors are betting on Dynamic SaaS Security with an additional $25M.

Reco tackles the dangerous configuration sprawl by providing real-time visibility into security setting changes across your integrated applications. Learn about the associated risks and how with its Knowledge Graph technology and business context, Reco helps you quickly identify, prioritize and remediate critical configuration changes.

SaaS identity sprawl refers to the unchecked proliferation of user identities, access permissions, and authentication credentials across an organization's growing SaaS ecosystem. This phenomenon occurs as companies adopt more SaaS apps, each requiring separate user accounts, role definitions, and access controls.

Find out how Reco keeps Microsoft 365 Copilot safe by spotting risky prompts, protecting data, managing user access, and identifying threats - all while maintaining productivity.

Learn how Reco’s AI agents reduce alert overload for Security teams and improve SaaS security by turning unnecessary noise into clear, useful insights.

Learn how one CISO measures the ROI of SaaS security and 5 tips for increasing speed to value.

MFA fatigue attacks exploit user frustration by bombarding them with authentication requests until they approve one just to make the notifications stop. This sophisticated social engineering tactic turns a security measure into a vulnerability, threatening sensitive data and systems across an organization's SaaS ecosystem. Learn more about the risks with MFA fatigue and how by recognizing the warning signs of these attacks—such as unusual spikes in MFA declines or authentication attempts from suspicious locations —security teams can prevent attackers from bypassing this critical security layer.

Detecting ransomware in SaaS environments requires more than traditional security approaches as malicious files can spread through file synchronization and messaging platforms like Teams. While Microsoft and Google provide native scanning capabilities, Reco enhances detection by correlating alerts across platforms, providing crucial context about how ransomware originated, and enabling automated response before threats can spread through interconnected SaaS applications.

As SaaS applications grew increasingly AI powered, CSK needed to visibility and control over AI usage at the organization. The goal was to support AI innovation, without slowing the business down. CSK turned to Reco to help. Read this blog from CSKs Chief Information Officer, Jason Thomas, to learn more.

Organizations face significant security and compliance vulnerabilities when third-party vendors share sensitive data with their own vendors (fourth parties) without adequate oversight. Learn how these fourth-party relationships create blind spots in your security posture that can lead to regulatory penalties and reputational damage when breaches occur.

The Oracle cloud breach underscores how vulnerable identities are, as hackers continuously find ways to expose credentials. This blog discusses what happened, how Oracle cloud users can mitigate risks, and how you can protect your SaaS apps, even when your credentials are exposed by a vendor.

Self-Service Password Reset (SSPR) systems enable users to reset passwords independently but create new security risks that require monitoring for unusual patterns. Learn how effective SSPR monitoring can help prevent account takeovers and how to integrate monitoring into security architecture.

Wellstar Health uses Reco to manage shadow SaaS. In this blog, Wellstar Health's Executive Director of Security & GRC provides 9 actionable tips for reducing shadow IT. By employing these strategies, you too can reduce your shadow SaaS footprint and create a manageable, sustainable, and effective program.

One of the biggest challenges of SaaS security is that SaaS ownership is fragmented. So how do you get app owners to embrace SaaS security in order to drive change? Read this blog from Jennifer Langford at CSK. She improved her posture score from 45 to 75. Learn 5 tips for success.

Microsoft Copilot helps businesses be more efficient, but it also allows malicious actors to potentially exploit your business data. Reco uses prompt analysis to identify and flag risky behavior within Microsoft Copilot. Read this blog to understand how Reco can help you keep Microsoft Copilot secure.

Legacy SSPM is static – it can't keep up with the SaaS rate of change. SSPM+ is the next revolution in SSPM. It covers not only existing apps you know about, but also new apps as soon as they hit your infrastructure. It offers visibility into the entire SaaS lifecycle, and adjusts as your environment changes and grows. ‍

Reco now supports over 160 SaaS apps. Through the SaaS App Factory™, Reco can release new integrations on request in just days.

RFA is a managed IT services provider. They wanted to offer Managed Detection & Response services for Microsoft365 to clients. They signed up with Reco to power this service. Read the blog from RFA's CIO to learn how they did it.

BigID was struggling to build a threat detection and response program for SaaS applications. They signed up with Reco and eliminated months of work. Today, Reco is an integral part of BigIDs SOC automation.

Implementing a robust SaaS security program can help you improve your company's overall security posture. But simply purchasing a security tool won't be enough – you must pay attention to certain critical organizational factors as well. This blog details 6 steps for success.

SaaS has taken over our enterprise world. But it's constantly outscaling Security due to five types of sprawl. Read this blog to understand why traditional solutions, like CASB and SSPM, are not enough for SaaS security and why you need a Dynamic SaaS Security Platform.

Learn more about ESET uncovering PlushDaemon, a China-linked APT behind a 2023 supply chain attack on IPanyVPN. The attackers trojanized the installer to deploy the SlowStepper backdoor, enabling long-term espionage across multiple regions.

Learn more about ESET uncovering PlushDaemon, a China-linked APT behind a 2023 supply chain attack on IPanyVPN. The attackers trojanized the installer to deploy the SlowStepper backdoor, enabling long-term espionage across multiple regions.

Reco identified an ongoing, global campaign targeting SaaS identities originating from Phoenix, Arizona. This technical analysis report identifies attack patterns, attacker infrastructure, targeted accounts, and security measures that prevented or allowed account takeovers.

SaaS supply chain attacks occur when a malicious actor compromises a third-party SaaS vendor and uses that as a launching pad to target the vendor’s customers. By exploiting the interconnected nature of SaaS ecosystems, attackers can scale their reach and impact more victims. Read this blog to learn about the risks and how to mitigate them.

DeepSeek has quickly upended the AI market. But is it safe to use? Short answer: probably not. Read this blog to understand the biggest DeepSeek security risks for organizations.

Deep dive into Reco's shadow app discovery technology, covered by The Hacker News. Reco uses AI-based graph technology and email filtering to discover shadow apps and shadow AI. Learn what Reco can do – and what Reco cannot do – for shadow IT security at organizations.

Mike D'Arezzo, Executive Director of Security and GRC at Wellstar Health, turned to Reco to help him manage shadow IT and secure SaaS deployments at the organization. Learn how Reco empowers him to effectively secure PHI in SaaS apps.

On December 24, 2024, Cyberhaven experienced a security breach involving its Chrome browser extension. What started as a phishing email led to a poisoned Chrome extension, resulting in an estimated 400,000 compromised browsers.

Pat Opet, Chief information Security Officer (CISO) at JPMorgan Chase, recently named SaaS security as a top priority for 2025. Learn why it should be your top priority, too, and best practices for securing SaaS applications.

CISA recently released requirements for federal agencies to secure SaaS applications like Microsoft 365. Learn five steps to get SaaS security right.

Reco's shadow SaaS and shadow AI discovery solution can identify all applications and copilots being used by employees, rank their level of risk, and provide insight into who is using what and how.

The recent surge in generative AI adoption has given rise to a new security concern: shadow AI. A subset of shadow IT, shadow AI refers to the unapproved or unsanctioned use of AI tools and copilots within an organization. This blog discusses shadow AI security challenges, risks, and how to prevent data exposure by reducing shadow AI.

SailPoint includes two built-in organizational admin accounts that are used to provide customer support and ensure smooth operations. While these accounts are designed with good intentions, they introduce potential risks. Read this blog to learn about the risks and how Reco can help.

Discover how APT36's ElizaRAT leverages cloud platforms like Slack, Google Drive, and Telegram for stealthy cyber espionage. Explore its advanced evasion tactics, modular payloads, and evolving campaigns targeting Indian entities, highlighting its persistent threat and adaptability.

On October 30, 2024, Okta resolved a vulnerability affecting the Active Directory (AD) and LDAP delegated authentication systems that could allow unauthorized access to Okta accounts under specific conditions.

Building a strong security culture takes time and effort. Learn how CISOs can foster shared responsibility through foundational practices, policy enforcement, automation, and democratizing security knowledge to reduce risks, streamline compliance, and promote empathy for security requirements.

Find out how an ethical hacker uncovered a Zendesk flaw allowing anyone to impersonate Zendesk's agents, access connected platforms like Slack, and view private channels. The flaw can also let attackers view customer service tickets from any business using the platform by sending a crafted email to a Zendesk-managed support address.

Read our latest thought leadership piece for Forbes Technology Council on the importance of knowing your data exposure. Reco CEO & Cofounder Ofer Klein shares ways to prevent this risk and help organizations stay ahead of regulators and bad actors by gaining visibility into all connected SaaS apps and avoiding giving apps permissions when prompted.

Regular password changes and secure authentication methods are not enough to protect SaaS applications. Hackers can bypass these defenses without needing your password using ghost logins. This blog post by Reco covers how cyber attackers exploit ghost logins in platforms like Zapier using connected apps like Dropbox to maintain unauthorized access without detection.

Sophisticated cyber threats demand a new perspective—one that centers around the behavior of identities across the entire SaaS ecosystem. At Reco, we've developed an advanced analytics platform that leverages ClickHouse to detect and respond to threats like impossible travel, while reducing false positives and adapting to emerging attack vectors.

Darknet Diaries podcast provides true stories of hacking, cybercrime, and the dark web. A recent episode delves into how easily SaaS applications can be compromised, using dubstep music to highlight security vulnerabilities. This episode underscores the importance of SaaS security to protect against increasingly sophisticated web-based threats. We provide our top takeaways.

Explore a few widely used SaaS apps that fall outside what is normally characterized as a ‘crown jewel’ app, how attackers normally gain access to them, and perform reconnaissance to launch the next phases of their attack. We provide best practices that could help prevent these risks and limit the blast radius.

Read our latest thought leadership piece for Forbes Technology Council on zero trust and how it is critical for enterprises to secure their SaaS environment. Reco CEO & Cofounder Ofer Klein shares how in order for a zero-trust framework to be effective, organizations, first and foremost, must be aware of all of the applications that exist in their SaaS environment.

Explore Microsoft Copilot privacy concerns. Learn how Copilot manages user data, complies with regulations, and ensures data protection through encryption and pseudonymization. Find out how Microsoft aims to address evolving privacy challenges, maintaining user trust and data security.

Learn about the security risk connected with Microsoft 365 Copilot to avoid data leakage or unauthorized access while boosting productivity via AI-driven automation. Explore the best practices and strategies for secure Microsoft 365 Copilot deployment in our article.

Learn about the chain of events behind the recent Snowflake data breach from the perspective of a CISO, and gain step-by-step guidance from Reco on how you can secure your SaaS applications including Snowflake proactively.

OpenAI recently released a connector in ChatGPT that requires access to shared drives where personal and organizational environments are located. Preventing potential data exposure is crucial. Learn our recommendations to prevent threat surface from widening.

Explore key pillars of Microsoft 365’s security infrastructure and learn about 21 best practices for securing Microsoft 365. Find out which activities to monitor and how to protect your organization’s data and minimize exposure risk across different devices and applications.

AI-powered assistants, known as Copilots, are becoming more and more popular as they automate routine activities and provide useful insights. However, they also introduce security challenges, such as data leaks and privacy breaches. Ensuring their security is crucial, particularly with laws like GDPR and CCPA. This article explores how various SaaS Copilots handle security, helping businesses understand how to safely integrate these tools into their operations.

Learn our key takeaways for SaaS security from Verizon’s 2024 Data Breach Investigations Report (DBIR). This annual report provides an in-depth analysis of breaches from organizations of all sizes and industries, giving insights into trends and changes in the threat and security landscapes.

Read our latest thought leadership piece for Forbes Technology Council on the importance of SaaS Security Posture Management. Reco CEO & Cofounder Ofer Klein shares how by focusing on the unique security issues of SaaS alone, SSPM solutions help organizations stay ahead of regulators and bad actors.

Microsoft Copilot is transforming the way businesses interact with data and applications through its integration with Microsoft 365, offering a range of tools powered by advanced AI. Getting full visibility on the cost of using Microsoft Copilot is essential, as there can be unexpected charges beyond the basic price.

From antivirus basics to AI-driven solutions, cybersecurity tools have evolved to address increasingly complex threats. Advances in AI, especially Large Language Models (LLMs), have significantly enhanced threat detection and incident response, enabling better protection of digital assets. Explore the list of security tools with LLM capabilities.

Global software automation leader UiPath simplified SaaS data exposure and access management by sending alerts to Microsoft Sentinel of publicly exposed data located in shared Drives with the help of Reco.

Learn how to prepare your business for Microsoft Copilot. Discover Copilot’s functionalities and capabilities but also its potential risks and challenges. Learn about the advantages of using Microsoft Copilot for your business and follow the best practices for secure deployment.

Organizations are looking to generative AI (GenAI) governance as the technology's risks and opportunities continue to emerge. Learn from the world's leading AI experts about security industry priorities around AI safety and governance in our recap of the Digital World Conference Summit.

Microsoft Copilot for Security is an AI-driven platform enhancing cybersecurity across organizations by automating threat detection, analysis, and response, and ensuring data privacy and compliance with advanced encryption and strict regulations. Learn how Microsoft Copilot handles data and discover the best practices for its implementation.

Learn about Microsoft Copilot, an AI chatbot launched earlier this year and its insecurities including potential data leakage from account takeover. Gain an understanding of how easy it is for a threat actor to gain elevated access to organizational data from executing a simple GenAI prompt in Copilot, and learn best practices to secure your Copilot instance.

Learn about the SaaS App Factory from Reco, which extends SaaS security expertise, insights, and continuous monitoring from Reco to any SaaS application.‍ Enterprises can implement a common security framework to ensure universal coverage of all SaaS applications in their tech stack.

Reco CEO and Cofounder Ofer Klein sat down with Chief Digital Evangelist of eViRa Health, Evan Kirstel as part of the podcast What's Up in Tech? to discuss the cybersecurity landscape, the explosion in adoption of SaaS applications, and why SaaS security is no longer an option.

Hear from SaaS security experts on the effectiveness of the National Cybersecurity Strategy to help organizations secure their SaaS applications as we approach the one-year anniversary.

Gain an understanding of the recent Midnight Blizzard cyber attack: how the threat actors were successful, techniques used, and actionable recommendations to protect your Microsoft environment.

Our SaaS security experts use the cyber kill chain to walk through the phases of a SaaS application cyberattack, told from the perspective of a threat actor.

Discover how to leverage Reco AI with Cortex XSOAR for automated SaaS security. Streamline threat detection, automate remediation workflows, and fortify your organization's security posture.

Learn about the importance of Zero Trust and SaaS security for continuous verification of identities, strict access control, and total context across infrastructure.

Reco joins CISO Series, Super Cyber Friday to discuss hacking the SaaS security journey, the evolution of SaaS and security priorities, and the best methods for aligning SaaS security with business goals.