The result is an explosion of AI capabilities across the SaaS stack, a phenomenon of AI sprawl where AI tools proliferate without centralized oversight. For security teams, this represents a shift. As these AI copilots scale up in use, they are changing how data moves through SaaS. An AI agent can connect multiple apps and automate tasks across them, effectively creating new integration pathways on the fly.
A threat group dubbed ShadyPanda spent seven years playing the long game, publishing or acquiring harmless extensions, letting them run clean for years to build trust and gain millions of installs, then suddenly flipping them into malware via silent updates. In total, about 4.3 million users installed these once-legitimate add-ons, which suddenly went rogue with spyware and backdoor capabilities. This tactic was essentially a browser extension supply-chain attack. The ShadyPanda operators even earned featured and verified badges in the official Chrome Web Store and Microsoft Edge Add-ons site for some extensions, reinforcing user confidence. Because extension updates happen automatically in the background, the attackers were able to push out malicious code without users noticing a thing.
The cause of the latter may be the shared security responsibility model. Security for SaaS is delivered by the shared responsibility model. The provider is responsible for the security the cloud - it secures the core application and the infrastructure it runs on. The customer is responsible for security the cloud - their own data, user accounts and access, and correctly configuring the security settings offered by the individual provider.
Multi-tenant authorization effectively manages user permissions across accounts, ensuring that each tenant operates within its own isolated environment and has tailored access controls.