Experts warn of AI-driven threats to SaaS applications

The cybersecurity experts at AppOmni have shared their predictions for the challenges facing Software-as-a-Service (SaaS) applications in the coming years.

Justin Blackburn, Senior Cloud Threat Detection Engineer at AppOmni, indicated that adversaries will exploit advancements in technology, especially artificial intelligence (AI), to threaten SaaS applications with greater sophistication. "AI will enable threat actors to more easily uncover SaaS vulnerabilities and misconfigurations, bypass traditional security measures, and craft more convincing phishing campaigns," Blackburn stated.

Blackburn also mentioned AI's evolving capabilities and accessibility, arguing that this will lower the barrier to entry for less skilled attackers and increase the speed at which attacks are executed. "Additionally, the emergence of AI-powered bots will enable threat actors to execute large-scale attacks with minimal effort. Armed with these AI-powered tools, even less capable adversaries may be able to gain unauthorised access to sensitive data and disrupt services on a scale previously only seen by more sophisticated, well-funded attackers," he added.

Martin Vigo, Lead Offensive Security Engineer at AppOmni, highlighted the prevalence of automation-driven perimeter breaches expected in 2025. He pointed to tactics such as large-scale reconnaissance, password spraying, and AI-powered phishing automation as primary strategies. "As SaaS platforms increasingly fall within the scope of these attacks, the potential impact of breaches will continue to escalate significantly," Vigo commented.

Vigo advised enterprises to prepare for automated attacks by securing all internet-exposed resources. "Today's attackers no longer selectively target; instead, they pursue any organisation lacking a robust security posture," he noted.

Aaron Costello, Chief of SaaS Security Research at AppOmni, noted a rise in supply-chain attacks on SaaS through compromised third-party applications. "As a result, organisations are placing these integrations and their requested access levels under far more scrutiny," Costello mentioned.

Costello's research into data exposures revealed that threat actors often need no initial foothold to access sensitive data. "The combination of undocumented legacy API endpoints, over-privileged public access, and gaps in vendor logging capabilities will continue to provide a dangerously effective option for threat actors to execute hit-and-run style attacks in the future," he explained.

Brian Soby, Chief Technology Officer and Co-founder of AppOmni, addressed the issue of SaaS 'bypass' breaches that disrupted businesses in 2024 by circumventing identity and access management (IAM) and zero trust (ZT) controls. "2025 will bring awareness to end-to-end controls needed for SaaS with tight interdependencies between ZT, identity, SaaS posture, and detection and response capabilities," Soby concluded.

The future of SaaS security will rely on adapting to AI-driven threats, automated attacks, and supply-chain vulnerabilities. Organisations must prioritise strong access controls and enhanced detection to effectively safeguard against these emerging risks.