Analyst Chat #288: From Shadow SaaS to Shadow AI - Closing the Unowned Security Gap
Analyst Chat
KuppingerCole Analysts · Matthew Gardiner, Matthias Reinwarth
Audio is streamed directly from the publisher (media.kuppingercole.com) as published in their RSS feed. Play Podcasts does not host this file. Rights-holders can request removal through the copyright & takedown page.
Show Notes
Shadow IT has evolved. Now it’s Shadow SaaS. Shadow AI. And it’s everywhere.
In this week's episode of the KuppingerCole Analyst Chat, Matthias welcomes Matthew Gardiner for his first appearance to unpack one of the fastest-growing security domains: SaaS Security Posture Management (SSPM) and why that name may already be too narrow. Today’s organizations run on hundreds of SaaS applications. Many are sanctioned. Many aren’t. Some are connected via OAuth. Others are quietly leaking data through AI tools. And most security teams don’t have full visibility.
In this conversation, we explore:
✅ What SSPM actually means (and why the “PM” might be limiting)
✅ How Shadow IT evolved into Shadow SaaS and Shadow AI
✅ The intersection of identity and cybersecurity in SaaS environments
✅ Misconfiguration risks, MFA bypass, OAuth sprawl & SaaS drift
✅ Why continuous monitoring beats periodic audits
✅ CASB vs SSPM vs CNAPP — where the lines blur
✅ The growing governance challenge in AI-powered SaaS
✅ Why SaaS security can’t be ignored anymore
If your organization uses SaaS (spoiler: it does), this discussion is not optional.