App Overload: Why SaaS apps and AI Sprawl Are Breaking Enterprise Security  

Kasey Cromer, Netlok | April 29, 2026

Executive summary

In 2026, most enterprises are running more applications than they can realistically govern, and AI is accelerating the problem. Zylo’s 2026 SaaS Management Index reports that the average organization manages 305 SaaS (software as a service) applications and spends $55.7 million annually on SaaS apps. Even though the number of SaaS apps being used appears flat at roughly 300 tools per organization, the specific apps inside that portfolio are constantly changing as teams add, replace, and experiment with new tools. AI‑native applications, in particular, are growing at more than 100 percent year over year, driving significant app turnover and creating a major challenge for IT to keep up, while multiplying the identity surface where accounts, credentials, and tokens can be abused.

AI itself has gone mainstream. Netskope’s 2025 Generative AI Report shows that 98 percent of organizations use apps with AI features, while 90 percent use generative AI apps. Among those organizations, the volume of data sent to genAI apps has increased more than thirtyfold over the past year. This combination of app sprawl and AI powered functionality has created a sprawling, often ungoverned identity surface where every account, credential, and token becomes another way in. CrowdStrike’s 2026 Global Threat Report confirms: cloud focused intrusions increased 37 percent over last year, and valid account abuse now drives 35 percent of cloud incidents.

The answer to intrusion is not yet another standalone security product. It is a dedicated identity provider (IdP) linked with an authentication server that can deliver phishing resistant, passwordless authentication across this entire landscape and protect the person behind the account.

The app sprawl problem

Over the past decade, SaaS has become the default way to deliver business capabilities. Finance, HR, marketing, engineering, sales, and operations all run on specialized applications that are easy to procure and constantly updated. Zylo’s 2026 data shows where this ends up: the typical enterprise now uses 305 SaaS applications, and that count has effectively plateaued at a very high level.

However, “plateaued” does not mean stable. Within large organizations, teams still add an average of 21 new applications each month, often chasing new features and AI capabilities, while removing an equal number of “outdated” apps. Average SaaS spend has climbed to $55.7 million per year, up 8 percent even without a meaningful increase in app count, as AI native tools and usage based pricing push costs higher.

Shadow IT magnifies this complexity. Lansweeper’s 2025 research finds that 42 percent of company applications exist outside formal approval. Even worse, the average company now has 975 cloud services untracked by IT, compared to just 108 known services tracked by IT, which means roughly 90 percent of cloud services are effectively invisible to central teams.

Employee behavior reinforces the trend. According to 1Password’s Access Trust Gap report, 52 percent of employees have downloaded apps without IT approval, and 42 percent bypass IT specifically to boost productivity. Yet every unsanctioned app that asks for credentials or OAuth tokens becomes another entry point for bad actors that the organization does not control. Even where organizations have invested in single sign on (SSO), coverage is incomplete: 30 to 34 percent of applications are not protected by SSO at all. That is the environment into which AI has arrived.

AI amplifies the risk

AI is no longer a side project; it is now a core part of daily work. Microsoft’s AI Economy Institute reports that by late 2025, 16.3 percent of people globally were using generative AI tools, with usage in advanced economies reaching 24.7 percent of the working age population. Many of those people are employees asking AI to draft content, analyze data, or write code.

Netskope’s 2025 Generative AI Cloud and Threat Report shows what this looks like at the application level. Netskope tracks 317 distinct genAI apps across its customer base and reports that the amount of data sent to genAI in prompts and uploads has increased more than 30 fold in a year, including source code, regulated data, intellectual property, and secrets.

The governance story is more troubling. While 90 percent of organizations use genAI apps, roughly 72 percent of genAI use in enterprises is classified as shadow AI. That means only 28 percent is company‑approved, with the rest driven by employees using personal accounts, free tiers, and unsanctioned tools. 1Password’s research shows that 73 percent of employees say they are encouraged to use AI, but roughly a third admit they do not always follow AI policies.

From an attacker’s perspective, this environment is ideal. AI assistants and copilots are often granted wide permissions so they can read mailboxes, browse documents, search code repositories, or update CRM records on behalf of users. If a bad actor can obtain a valid credential or compromise an OAuth token, they can operate as the user or as the AI agent with very little friction and can exfiltrate sensitive data at machine speed, not human speed.

CrowdStrike’s 2026 Global Threat Report confirms this is already happening. Cloud focused intrusions increased by 37 percent, with a 266 percent increase among nation-state threat actors. At the same time, 1Password observes that enterprises now have 82 to 144 non human identities for every human identity, including service accounts, API keys, SaaS bots, and AI agents. Traditional IAM was never designed for that ratio.

Why traditional IAM falls short

Most organizations did not design their IAM strategies for a world with 300 plus SaaS applications, hundreds of genAI tools, and more than 100 machine identities for each person. They built their strategies for a smaller number of core systems and human users who logged in a few times a day.

SaaS security posture management (SSPM) tools emerged to help, but they tackle a different problem: configuration and policy hygiene inside each SaaS application. Those controls matter, but they do not change how a user proves who they are and they do not stop attackers from abusing valid credentials.

The governance gap is clear in the data. The Cloud Security Alliance’s 2025 State of SaaS Security report shows that 58 percent of organizations struggle to enforce privileges, 54 percent lack automation for identity lifecycle management, and 46 percent struggle to monitor non human identities. Meanwhile, 66 percent of employees admit to poor password habits, and compromised credentials remain the primary cause of 53 percent of substantial breaches. MFA fatigue attacks compound the problem. Traditional IAM cannot keep up with app sprawl and AI driven identity risk.

The Difference Between Identity Systems and SaaS Apps

In this environment, “yet another security SaaS app” is not the answer. The key question is not “Which app can we buy to protect our apps?” but “How do we shift security back to the identity layer?”

Identity providers (IdP) are the first login step in Identity and Access Management (IAM) solutions and are not Software as a Service (SaaS) programs. Unfortunately, the cybersecurity industry has failed to explain this critical difference, which causes confusion among online users. An identity provider (IdP) is the identity system that verifies who a user is and issues trusted tokens that applications use for access decisions. IdP systems include passwords, biometrics, passkeys, etc. SaaS programs include common programs like Office 365, financial software, calendars, video games, etc.

Photolok is an emerging passwordless identity provider (IdP) designed to meet 2026 industry standards for phishing resistant authentication while adding capabilities that protect the person, not just the user’s credentials. Photolok sits at the identity layer, integrates with existing identity providers such as Okta Workforce, and becomes the place where users prove who they are before accessing SaaS applications, AI tools, and AI agents. Instead of creating more app sprawl, Photolok acts as the secure front door for your online environment, simplifying and standardizing how the user can logon safely across their app sprawl.

How Photolok addresses the gap

Photo based authentication across all apps. Photolok replaces passwords with photo based authentication that can be applied across all of your applications. Because Photolok sits at the identity layer, this authentication can be integrated with your existing SSO and Okta Workforce policies rather than implemented separately for each app.

1 Time Photo: defending against AI powered credential capture. With 1 Time Photo, users can create up to five single use photos for authentication. When a 1 Time Photo is active, only the first panel is shown during login — the user’s regular photos never appear on screen. Once used, a 1 Time Photo cannot be reused, and an attacker who captures the screen or records the session gains no knowledge of the user’s standard photo set.

Duress Photo: protecting the person in coercion scenarios. Photolok’s Duress Photo gives employees a way to signal danger even when they are forced to authenticate. Duress Photo is a special visual panic button that looks like a normal login but acts as a silent alarm that sends an alert to IT and security teams. If a user is coerced to log in, the Duress Photo alerts responders while not tipping off the person doing the coercing. This is a human safety and duty of care capability that IAM tools do not address.

Simplified authentication that reduces fatigue. Photolok provides point and click interactions, autosaves where appropriate, and integrates with Okta Workforce. By consolidating authentication into a single phishing resistant flow, you can reduce password fatigue and MFA fatigue across your entire app portfolio.

What security leaders should do now

Your challenge is to reassert control at the identity layer without undermining the productivity gains that SaaS and AI deliver. The following practices can help.

1. Unify SaaS and AI into one identity inventory. Build and maintain a unified inventory — a single, living list of apps and services — that spans sanctioned SaaS apps, shadow IT (tools employees adopt without formal approval that you discover via logs, identity data, and expense reports), genAI tools, and AI features embedded in existing applications. Track which human and non‑human identities can access each entry.
2. Establish a “no orphan app” policy for authentication. No new app or AI tool should go live without being anchored to your primary identity provider and phishing‑resistant authentication. Make it someone’s job to continuously discover and onboard previously unknown apps into that model. Track and report on the percentage of apps that are not yet connected to centralized authentication—whether they are sanctioned but not onboarded, or shadow IT—and set targets to reduce that number over time.
3. Optimize for fewer logins, not fewer apps. A 300 app portfolio is the new normal. Focus on reducing the number of distinct login experiences by standardizing on a passwordless, phishing resistant IdP across as many applications as possible.
4. Extend identity governance to AI agents and machine identities. Use your identity provider as the system of record for AI agents, bots, and service accounts. With 82 to 144 non human identities per human, this is no longer optional.
5. Track shadow AI and shadow SaaS as identity risks. Measure how many unsanctioned tools accept credentials or tokens outside your primary IdP. Use these metrics to prioritize onboarding into your primary IdP.

The bottom line

In the age of AI, apps have become a primary security risk not because any single SaaS tool is uniquely dangerous on its own, but because together they create an identity surface that is too large and too dynamic for traditional IAM to manage alone. Threat actors have already adapted: cloud focused intrusions and valid account abuses are rising sharply, and compromised credentials drive 53 percent of substantial breaches while a third of apps remain outside SSO.

The strategic move is to consolidate authentication at the identity layer with a phishing resistant identity provider that works across your SaaS and AI environment. Photolok is an emerging passwordless identity provider and authentication server designed to meet 2026 industry standards while adding capabilities that protect the person, not just the account. By integrating with Okta Workforce, applying photo based authentication, 1 Time Photo, and Duress Photo across apps, Photolok helps you regain control of the identity and authentication surface without fighting the tide of app and AI adoption. To fully realize that benefit, you also need a program focused on discovering shadow IT and onboarding those apps to your primary identity provider.

The question for security leaders is no longer whether app and AI sprawl will happen — it already has. The question is whether your identity layer is ready for the world you are already in.

Request Your Personalized Demo

About the author

Kasey Cromer is Director of Customer Experience at Netlok.

Sources

[1] Zylo. “2026 SaaS Management Index.” February 2026. zylo.com

[2] Lansweeper. “Effective Shadow IT Management in 2025.” June 2025. lansweeper.com

[3] 1Password. “Annual Report 2025: The Access Trust Gap.” October 2025. 1password.com

[4] 1Password. “AI and the Rise of Credential Sprawl.” April 2026. 1password.com

[5] Netskope. “Cloud and Threat Report: Generative AI 2025.” March 2026. netskope.com

[6] Microsoft AI Economy Institute. “Global AI Adoption in 2025.” April 2026. microsoft.com

[7] CrowdStrike. “2026 Global Threat Report.” March 2026. crowdstrike.com

[8] Cloud Security Alliance. “The State of SaaS Security: 2025–2026.” April 2025. cloudsecurityalliance.org

[9] Netlok. “How Photolok Works.” netlok.com