Back to the blog
July 9, 2026
|
Perspectives

What the 2026 DBIR reveals about risks from shadow AI and SaaS sprawl

More than 22,000 confirmed breaches. Four findings that matter most for SaaS security teams.

Verizon released its 2026 Data Breach Investigations Report last week, and it's the largest dataset the team has ever published: more than 22,000 confirmed breaches across 145 countries. If you've been tracking AI and SaaS security trends over the past few years, a lot of what's in this report will feel familiar. While the direction of the trends won’t surprise you, the pace of change reflected in the latest numbers might.

‍

Here are the findings that stood out most, and what they mean if you're responsible for securing your org's AI and SaaS footprint.

‍

1. Nearly 50% of all breaches involve a third party.

The sharpest multi-year jump in the dataset belongs to third-party involvement. In last year's DBIR, third parties were involved in 30% of confirmed breaches. The year before that, the figure was 15%. This year, it's 48%.

‍

That's not a gradual trend. Three years ago, third-party involvement was a meaningful minority of breaches. Today, nearly half of all of breaches involve a third party.

‍

The report breaks down how these breaches unfold into three distinct archetypes:

  1. The first is a vulnerability or backdoor in a vendor's software that makes your environment exploitable. SolarWinds remains the textbook example; more recently, the TanStack npm supply chain attack follows the same pattern. (We’ll come back to this in the next section.)
  2. The second archetype is a vendor that hosts your data getting breached directly, or your credentials to that vendor's environment being stolen and used to exfiltrate it. That's what happened in the threat campaign targeting Snowflake customers: no vulnerability in your own environment, just stolen credentials to a platform holding your data.
  3. The third archetype is a vendor that has a connection into your environment being compromised, and attackers using that connection as a bridge to reach your systems and data. In the recent Vercel breach, for example, a threat actor gained entry using a stolen Context.ai OAuth token granted by a single Vercel employee. (That's exactly the kind of exposure that's hard to see without the right visibility.)

It’s worth noting that these archetypes aren't always separate incidents. For example, the 2026 DBIR points out that the Salesloft Drift campaign combines archetypes two and three: Attackers stole OAuth tokens from the Salesloft Drift application, then pivoted into Salesforce instances and stole data from hundreds of customer organizations.

‍

The critical takeaway here is that every third- or fourth-party vendor in your AI and SaaS supply chain expands your own security posture. To effectively assess and mitigate third-party risks, you need to know which apps your employees have adopted (through official channels or independently), who’s using them, how they’re connected to your sensitive data and systems, whether they meet your security requirements, and how those considerations change over time.

‍

There’s another key lesson in the DBIR’s analysis of the commonalities between the third-party breaches in their analysis. The report points out that many of these incidents hinged on basic identity security posture controls, specifically weak authentication or excessive privileges in IaaS, PaaS and SaaS environments. Unfortunately, the DBIR also observed lagging remediation timelines from third-parties for critical findings related to MFA, password strength, and permissions. While you can’t control your vendors’ response times, you can implement strong identity security posture controls to remediate risks across the long tail of apps in your own environment.

‍

2. Vulnerability exploitation is rising fast, and it's a third-party problem too.

Exploitation of vulnerabilities rose to 31% of all initial access vectors, up from 20% last year, making it the most common entry point for attackers. Remediation isn't keeping pace: only 26% of vulnerabilities in CISA's Known Exploited Vulnerabilities catalog were fully remediated in 2025, down from 38% the year before, and the median time to full remediation stretched from 32 days to 43.

‍

The implications for your own environment are significant. The implications for your vendors' environments are just as important. (Remember how I said we’d come back to that first archetype for third-party breaches?)

‍

A vendor that fails to patch an internet-facing vulnerability doesn't just put their own data at risk. Once an attacker has a foothold inside a vendor's infrastructure, the build pipeline, the software update mechanism, and the credentials connecting that vendor to its customers all become viable targets. One unpatched CVE can become a supply chain event affecting an entire customer base. That's the SolarWinds model, and it's why the vulnerability and third-party trends in this report compound each other rather than operating as separate concerns.

‍

This is the part of the vulnerability story that belongs in a conversation about third-party risk management (TPRM). You can invest heavily in your own remediation program and still be exposed through a vendor who hasn't. Knowing what software and services your organization depends on, and having a way to assess and respond when a vendor in that chain is compromised, matters alongside whatever patching discipline you maintain internally.

‍

3. Shadow AI went from a theoretical risk to a measurable problem in one year.

Last year's DBIR flagged generative AI as an emerging concern: employees accessing AI tools through personal accounts, with unclear data governance implications. The 2025 report described it as a risk worth watching. This year's report has data to back it up.

‍

According to the 2026 findings, 45% of employees are now regular AI users on corporate devices, up from 15% in the previous report. Shadow AI, meaning AI platforms accessed outside of sanctioned channels, is now the third most common non-malicious insider action in DLP datasets, representing a fourfold increase from the year before. The most common type of data being submitted to unauthorized AI tools is source code, by a significant margin. In 3.2% of DLP violations, employees uploaded research and technical documentation.

‍

What changed between last year and this year is the visibility, not the behavior. Organizations now have enough data to see what's been happening all along.

‍

Our own enterprise AI adoption research found consistent patterns: AI adoption is accelerating faster than governance programs can keep up with, and most security teams don't have a complete picture of what AI tools are in use, who's using them, or what data they can access. The same dark pattern dynamic we described in our piece on AI notetakers applies here: many AI tools are designed for viral adoption, with freemium models and sharing features that spread them across an organization before IT ever sees them.

‍

Nudge Security’s AI governance framework covers discovery, risk assessment, policy enforcement, and workforce enablement in one place. If you want to start with the discovery piece specifically, here's how Nudge Security approaches it.

‍

4. Credential abuse is still everywhere. It’s just not the front door anymore.

Here's a nuance that's easy to miss. Credential abuse fell from the top spot as an initial access vector: 22% in last year's report, down to 13% this year, as vulnerability exploitation took over the lead position.

‍

That's not because credentials matter less. When you look at credential abuse at any point in the breach chain, not just at initial access, it's still present in 39% of all breaches. Attackers are using vulnerabilities to get in, then using stolen or misused credentials to move laterally, escalate privileges, and reach their objectives.

‍

Identity security is a lateral movement problem, not just an initial access problem. Visibility into which accounts have excessive permissions, dormant OAuth grants, or weak authentication across SaaS apps matters at every stage of the breach chain, not just at the perimeter. The Initial Access Broker pricing data shared within the 2026 DBIR reinforces this: admin accounts sell for ~$1,300 on criminal markets vs. ~$700 for regular accounts, which quantifies why privilege management matters.

‍

For security teams, this matters in a specific way. The attack path the DBIR describes maps directly onto how SaaS-to-SaaS integrations and OAuth grants work in practice. Once an attacker has a foothold in one application, app-to-app connections become a pathway. Overly permissive OAuth scopes, dormant integrations, and accounts without MFA create the openings they need to keep moving.

‍

This is part of why identity governance for SaaS is about more than controlling who can log in. It's about understanding what each account is connected to, what it can access, and what happens if it's compromised. If you're not sure where to start on investigating OAuth grants for risky scopes or suspicious activity, we've put together a practical guide that walks through what to look for.

‍

What to do with this

The 2026 DBIR doesn't describe a radically different threat landscape from last year's. The patterns are consistent: third-party risk is growing, AI adoption is outpacing governance, and credentials remain central to how breaches unfold even when they're not the front door.

‍

What has changed is the scale. The DBIR analyzed more than 22,000 confirmed breaches this year, nearly double last year's count. The problems aren't new. They're bigger.

‍

For SaaS security teams, the practical focus areas are the same ones they've always been, just more urgent:

  • Know what's connected. Every OAuth grant, every SaaS-to-SaaS integration, and every AI tool your workforce is using is a potential entry point in a supply chain attack. You can't assess or respond to exposure you can't see.
  • Govern AI usage before the data walks out. The 3x jump in employee AI adoption means your policies and your discovery capabilities need to catch up—fast. Source code, internal documents, and research data are already moving to unauthorized AI platforms.
  • Don't assume your vendors are handling their posture. Third-party cloud misconfiguration takes nearly eight months to remediate at the median. Build your own visibility and response capability rather than depending on vendor timelines.

Security teams that already have visibility into their SaaS supply chain, their OAuth connections, and their AI footprint are in a better position to respond to the next campaign than those who are still working from a partial picture.

Related posts

Report

Debunking the "stupid user" myth in security

Exploring the influence of employees’ perception
and emotions on security behaviors