All news with #saas security tag

🔒 Cloudflare has extended its Cloud Access Security Broker (CASB) to support the Claude Compliance API, enabling security and compliance teams to monitor Claude Enterprise activity directly in the Cloudflare dashboard without endpoint agents. The integration surfaces security findings for projects, attachments, chat files, messages, and provider-generated artifacts, and groups findings by category and severity. Customers can immediately convert findings into enforcement actions via Gateway policies and use existing detection and remediation workflows. Setup requires a Claude Enterprise account and Compliance API access, and the integration begins scanning and surfacing findings within minutes.

🔍 While many organizations intentionally deploy AI to improve productivity, unsanctioned AI is proliferating faster — employees install tools or vendors embed assistants into existing apps. The article defines four AI categories and maps specific detection techniques to each, covering DNS, web gateways/NGFW, EPP/EDR, application and browser controls, and SSPM/identity governance. It flags OAuth consent as a high-risk channel and summarizes admin steps for Microsoft Entra, Google Admin, Salesforce, and ServiceNow to block or restrict app access.

🔍 Across organizations, employees run three to five AI tools daily—many unapproved and often connected to corporate data via OAuth, browser extensions, or newly added vendor features—creating a widening "shadow AI" gap that evades traditional network controls. The article outlines five practical steps security teams can apply: build an inventory, write usable policies, create a fast approval lane, implement browser-native monitoring, and deliver just-in-time coaching. Together these measures aim to preserve productivity while restoring visibility, reducing data exposure, and aligning employee workflows with security requirements.

🔒 On May 14, 2026 at 2:00 PM ET, BleepingComputer will host a live webinar titled From phishing to fallout: Why MSPs must rethink both security and recovery with Austin O'Saben and Adam Marget of Kaseya. The session examines how AI-driven phishing, business email compromise, ransomware, and SaaS compromise are reshaping the threat landscape for managed service providers. Attendees will learn why prevention and recovery must operate together and how SaaS backups and a formal BCDR plan can reduce downtime and data loss.

🔎 Orphaned applications silently expand shadow IT by persisting beyond team ownership, continuing to authenticate, exchange data, and consume resources without oversight. They commonly appear when departments adopt tools to meet urgent needs and those workflows, accounts, or service identities are never decommissioned. NETSCOUT Smart Data leverages packet-derived observability to reveal hidden dependencies and enrich the ServiceNow CMDB, helping teams reduce operational, security, and compliance blind spots.

🔗 Amazon Quick now provides 13 new built-in action connectors that let business users take direct actions across Google Workspace, Zoom, Airtable, QuickBooks, Dropbox, and Microsoft Teams without leaving the assistant. Each connector supports managed authentication, enabling secure account connections in a few clicks without manual credential handling. The connectors handle authorization flows on behalf of users and are available in all AWS Regions where Amazon Quick is offered.

🔒 CrowdStrike has expanded its integration with ChatGPT Enterprise to deliver deeper audit logging and continuous activity monitoring within Falcon Shield SaaS security. The enhancement ingests OpenAI’s expanded logs to capture authentication events, administrative changes, tool and Codex usage, and conversation-level records across workspaces. By correlating AI activity with identity, device, and SaaS telemetry, the capability aims to detect suspicious behaviors, enforce policy, and support faster investigations. This marks a shift from configuration visibility to operational threat detection for AI-driven workflows.

🔒 Amazon Quick now supports adding co-owners to admin-managed Microsoft SharePoint Online and Google Drive knowledge bases and their data source connections. Owners receive full management capabilities — editing, syncing, sharing, and deleting — while Viewers have query-only access. The Owner co-owner option is restricted to admin-managed SharePoint and Google Drive; other knowledge base types support Viewer sharing only. Administrators can also share connections so teams can create knowledge bases from the same integration. The feature is available in all AWS Regions where Amazon Quick is offered.

🔍 Shadow AI describes the unsanctioned use of generative AI by employees, which is growing faster than most organizations can monitor or control. When staff submit internal documents, customer data, or source code to public GenAI services, organizations frequently lack visibility into how that data is processed, stored, or reused. Traditional security architectures and fragmented point solutions cannot correlate the signals needed to assess risk end to end. Fortinet recommends combining network visibility (FortiOS and FortiGuard Labs), endpoint enforcement (FortiDLP), and cloud-delivered policy (FortiSASE) to detect, govern, and control shadow AI usage.

🔒 Enterprise security must stop reflexively blocking tools and start governing browser sessions. The article argues that legacy controls—kernel‑hooking agents, SSL inspection and URL blocks—create a "Workaround Economy" where users move sensitive data to unmanaged apps and extensions. It urges a shift to session‑level governance with prompt‑level DLP, extension risk scoring, and agentless clipboard/upload controls to enable productivity while reducing blind spots.

🔒 Work has shifted into the browser, creating a broad visibility and control gap as employees access SaaS, collaborate with GenAI and interact across unmanaged devices. Legacy perimeter and endpoint tools cannot see last-mile actions such as sensitive uploads to unsanctioned models, malicious extensions, or agentic browser behaviors that reassemble malware in memory. Prisma Browser restores control with context-aware policies, embedded Enterprise DLP, continuous page inspection and governance for both human and agent activity, enabling safe AI use without blocking innovation.

🔒 CrowdStrike introduces Falcon Data Security, a unified solution that discovers, classifies, and defends sensitive information across endpoints, browsers, SaaS, cloud services, and GenAI workflows. The offering uses a shared classification engine for consistent identification of PCI, PII, PHI, and other sensitive types, and applies AI to reduce manual tagging. Real-time visibility into data in motion — including egress context and runtime cloud flows via eBPF telemetry — lets teams stop risky transfers at the moment they occur. Natively integrated with the Falcon platform, it correlates data events with device, user, and adversary telemetry to prioritize and automate response.

🔒 Reco has introduced Reco AI Agent Security, a capability designed to give enterprises visibility and control over autonomous AI agents operating across SaaS environments. The tool detects agent activity beyond traditional OAuth discovery by analyzing API call patterns, service-account correlations, and automation workflow signatures in platforms like Microsoft Copilot, ChatGPT, Zapier and n8n. It consolidates agent discovery, risk analysis, and governance into Reco's existing SaaS security platform.

🔍 Nudge Security provides continuous discovery, monitoring, and governance for shadow AI, delivering a Day One inventory of every AI app and account introduced into an organization. A lightweight IdP integration analyzes machine-generated SaaS emails (without storing content) to detect account creation, password changes, and security setting updates. An optional browser extension monitors AI conversations, flags sensitive data and file uploads, visualizes data flows, and issues real-time nudges and configurable alerts to guide users toward approved tools and enforce acceptable use.

🔒 SafeLine is presented as a self-hosted web application firewall that inspects every HTTP request and emphasizes behavioral and semantic analysis rather than simple signature matching. It combines a Semantic Analysis Engine, anti-bot challenges, rate limiting and identity controls to reduce fake sign-ups, credential stuffing, scraping and abusive automation. Deployable as a reverse proxy, it gives SaaS teams control over logs, latency and compliance while providing a dashboard for tuning and visibility.

🔁 AWS Marketplace now supports Concurrent Agreements for SaaS and Professional Services products, enabling multiple active purchases of the same product within a single AWS account. The change removes the prior one-agreement-per-product limitation and lets different business units procure independently with separate terms and pricing. Buyers gain flexibility for mid-term expansions and repeat purchases, while sellers can close multi-unit deals immediately and avoid operational workarounds.

🔒 South Korea's Personal Information Protection Commission fined Louis Vuitton, Christian Dior Couture, and Tiffany a combined $25 million after cloud-based customer management systems were compromised, exposing data for more than 5.5 million customers. Investigators found an employee device infected with malware at Louis Vuitton and successful phishing and voice-phishing attacks at Dior and Tiffany that granted attackers access to the SaaS platform. Regulators cited failures to enforce IP-based access controls, deploy strong authentication, restrict bulk downloads, and monitor access logs, and penalized late breach notification. The PIPC emphasized that using a SaaS provider does not relieve companies of responsibility for protecting client data.

🔒 South Korea’s Personal Information Protection Commission (PIPC) fined the local subsidiaries of Louis Vuitton, Christian Dior Couture and Tiffany a combined KRW 36.033 billion plus KRW 10.8 million in additional penalties for failures securing customer data processed via a SaaS platform. The regulator found critical lapses — absent IP‑based access restrictions, weak or missing strong authentication, inadequate controls over bulk exports and insufficient log review — that allowed credential theft and social‑engineering attacks to expose personal information. The PIPC stressed that SaaS environments qualify as personal information processing systems under Korean law, placing responsibility squarely on data controllers, and ordered the firms to publicly disclose the enforcement actions.

🔒 The Buyer’s Guide for AI Usage Control warns that AI adoption has far outpaced visibility and governance, producing a widening gap as AI is embedded across SaaS, browsers, copilots, extensions and shadow tools. It reframes the problem as an interaction issue rather than solely a data or app problem, and positions AI Usage Control (AUC) as a distinct governance layer that must discover and enforce policy at the moment of interaction. The guide outlines four operational stages—Discovery, Interaction Awareness, Identity & Context, and Real-Time Control—and stresses that architectural fit, operational overhead, and user experience are decisive factors when selecting a solution.

🔓 Security researchers at Wiz discovered a public Supabase API key in Moltbook’s client-side JavaScript that granted unauthenticated read/write access to the production database. The misconfiguration—absence of Row Level Security (RLS) policies—exposed around 1.5 million agent tokens, roughly 30,000 email addresses and thousands of private messages. With write privileges an attacker could impersonate any agent, inject malicious content or prompt-injection payloads, and deface the site. Moltbook’s developer has since remediated the issue after multiple rounds of fixes with Wiz.