This shift was recently explored in News in the Channel, where  Adrian Hunt, Chief Security Officer at Redsquid, was interviewed on the rising cyberthreats facing SaaS environments and the evolving responsibility of the channel in responding to them. 

Today’s most common SaaS incidents are rarely the result of traditional “break-in” techniques. Instead, they are driven by the abuse of legitimate access. Identity compromise remains the dominant risk, increasingly enabled by token theft, MFA bypass and OAuth abuse rather than stolen passwords alone. Crucially, this now extends beyond human users. In many organisations, non-human identities such as API keys, service accounts and automation bots already outnumber employees, yet often operate with excessive privilege and limited oversight. 

At the same time, SaaS environments have become deeply interconnected. Integrations between productivity suites, CRM platforms, finance systems and collaboration tools have effectively created digital supply chains. Several high-profile SaaS incidents in 2025 demonstrated how a single compromised token or malicious OAuth grant can provide persistent access across multiple platforms, often without triggering traditional security controls. Attackers are increasingly exploiting trusted SaaS-to-SaaS connections to move laterally, rather than targeting applications in isolation. 

Artificial intelligence is accelerating both sides of this equation. On the offensive side, AI is scaling phishing, automating reconnaissance and enabling more autonomous identity-based attack chains. On the defensive side, AI is improving behavioural anomaly detection, automating policy enforcement and reducing investigation times. However, the growing use of autonomous and semi-autonomous AI agents introduces new governance challenges, particularly where those agents are over-privileged or poorly controlled. 

These shifts are reshaping the opportunity for the channel. Customers are no longer looking for standalone tools; they want demonstrable outcomes. Many MSPs are now combining continuous SaaS posture management with tighter governance of identities, integrations and AI, and, where browser-based access dominates, applying CASB-style session controls to reduce risky data movement and data leakage. Increasingly, buying decisions are influenced by measurable results such as reduced risky access, faster containment of SaaS incidents and improved audit readiness. 

For resellers, SaaS security is moving from a bolt-on service to a core operational capability. Those that can translate growing SaaS complexity into continuous, measurable protection will be best positioned to capture long-term value in an increasingly SaaS-first world.