In April 2025, JPMorgan Chase CIO Patrick Opet warned of escalating risks stemming from the complex web of integrations connecting modern Software-as-a-Service (SaaS) applications. Opet’s letter highlighted the potential for supply chain attacks to propagate through these often-unseen connections, a concern now gaining traction as security breaches expose vulnerabilities in data sharing between platforms.
The warning comes as organizations increasingly rely on multiple SaaS applications, with the average enterprise platform now linked to over 42 third-party applications through OAuth tokens, API keys, webhooks, and automation platforms, according to security researchers. This proliferation of integrations creates significant blind spots for security teams, allowing attackers to bypass traditional security measures like multi-factor authentication and single sign-on.
Recent incidents, including a breach at Salesloft detailed in a Cloudflare blog post, underscore the difficulty in monitoring data flow between SaaS applications. The Salesloft incident revealed a lack of visibility over data within SaaS ecosystems and highlighted the potential for widespread data exfiltration and tampering when a single integration is compromised. Cloudflare is now developing a proxy solution intended to consolidate SaaS connections for improved monitoring and response capabilities.
Security experts emphasize that the core issue lies in the persistent access granted by OAuth tokens, which function as bearer credentials independent of standard authentication protocols. “Most teams have far more integrations than they realize, and many retain broad privileges long after the original business demand,” noted security consultant Michal, who requested to be identified by only their first name. This over-permissioning exacerbates the risk, as compromised integrations can grant attackers access to sensitive data and systems.
Addressing these risks requires a multi-faceted approach, beginning with a thorough assessment of SaaS vendor security and compliance. Organizations must prioritize least privilege access and continuous monitoring of integration activity. “In parallel, we should raise the security bar for any SaaS vendor we rely on, [with] clear requirements around token security, logging, incident response, and secure integration patterns, and make sure our own tenant configurations and monitoring are hardened so integration activity is least-privilege, observable, and quickly containable when something upstream is compromised,” Michal added.
Beyond technical safeguards, user education is crucial. Security professionals like Grimes recommend educating users to regularly review authorized devices accessing their accounts on platforms like Microsoft and Google, and to exercise caution with email links leading to login pages. This heightened awareness can help prevent phishing attacks and unauthorized access.
The growing focus on SaaS security is reflected in the fact that 86% of organizations now prioritize it, yet many still lack the necessary visibility into their integration landscape. Behavioral detection, which identifies anomalous activity within legitimate connections, is emerging as a key tool for uncovering integration abuse that traditional inventory-based tools often miss.
As of February 20, 2026, Cloudflare has announced plans to offer early access to its SaaS proxy solution, seeking feedback from both data owners and SaaS platform providers. The company has not yet specified a timeline for general availability.
