Modern enterprises are drowning in SaaS applications, which are increasingly AI-powered and operate outside traditional security visibility. On average, organizations now deploy over 1,000 SaaS apps, a number that has surged 26% in just two years. At the same time, 80% of employees admit to using unauthorized SaaS or AI apps (shadow IT/AI), which contribute to roughly 35% of data breaches. This sprawling SaaS ecosystem, rife with misconfigurations and unsanctioned AI tools, has opened a massive security gap that legacy solutions were never designed to fill. Security teams are left blind to where sensitive data is flowing, which identities have access to what, and how to protect an ever-expanding number of SaaS apps.
SaaS Sprawl Meets Shadow AI and Agents: A Growing Risk
The rise of Generative AI and cloud-first work has accelerated SaaS sprawl to unprecedented levels. Business units now onboard new SaaS apps at the click of a button, often without IT’s knowledge. Employees experiment with AI tools like ChatGPT, code copilots, and countless niche SaaS offerings to boost productivity, creating a long tail of “shadow AI” usage beyond corporate oversight. Each of these apps can become a conduit for data exposure or a target for attack. The result is a perfect storm of SaaS misconfigurations, unchecked third-party app integrations, and rogue AI agents running with access to sensitive data.
Traditional SaaS Security Posture Management (SSPM) tools struggle to keep up. They typically cover a limited set of major apps and often require lengthy development to onboard new services, a model that fails when new AI SaaS tools emerge weekly. As Reco’s CEO Ofer Klein observes, “The adoption of AI apps and agents has made SaaS security more complex and dynamic than ever. Combine this with the proliferation of SaaS apps – including shadow apps – and we’re seeing a growing gap between the reality of the ecosystem and what legacy SSPM tools can provide”. In short, businesses face an expanding attack surface with insufficient tools to address it.
An AI-Native Approach to Dynamic SaaS Security
Reco’s platform continuously and autonomously discovers every SaaS application, AI agent, and third-party integration in use, including the “shadow” and embedded AI apps that often evade traditional controls. It maps the complex web of users, data, and inter-app connections in a graph-based architecture that provides a holistic view of SaaS usage and risk. Every user identity, every piece of data, and every app tie-in is represented, enabling Reco to spot risky misconfigurations or access relationships that siloed tools would miss. Armed with this contextual visibility, Reco delivers automated protection and policy enforcement across the entire SaaS stack. The platform uses advanced analytics on user behavior and app interactions to flag anomalies: from misconfigured permissions and toxic SaaS-to-SaaS integrations to compromised accounts and suspicious user activity. When a policy violation or threat is detected, Reco can take action: enforcing a security policy, revoking risky access, or alerting security teams with pinpoint context. This agentless, API-driven approach means Reco deploys in minutes and starts delivering value immediately, without disrupting users.
Speed of coverage is a hallmark of Reco’s design. Thanks to its innovative SaaS AppFactory model, Reco can integrate new applications in as little as 3–5 days – dramatically faster than legacy providers that often need months to support a new app. This rapid extensibility ensures that enterprises adopt the latest AI services or niche SaaS apps securely.
Why S Ventures Invested in Reco
At S Ventures, we seek out startups that don’t just add an incremental layer of defense, but fundamentally rethink how security is done for the challenges of tomorrow. Reco embodies this ethos. The company isn’t simply building a better SSPM, it’s pioneering an AI-SaaS security purpose-built for the Saas, AI and agentic era. By continuously mapping and controlling SaaS usage in real time, Reco enables businesses to contain SaaS sprawl, AI sprawl and agent sprawl proactively rather than reactively. This represents a step-change in security capability, aligning with SentinelOne’s vision for autonomous, machine-speed protection.
Our investment in Reco reflects a belief that SaaS security isn’t a feature, it’s now a mission-critical layer of the enterprise security architecture. We are also excited to collaborate with Reco as we expand enterprise AI security. Reco’s platform deeply maps and monitors SaaS-based AI usage, which perfectly complements Prompt Security’s real-time AI governance capabilities. By integrating our approaches, enterprises will gain a 360° view of how generative AI and SaaS applications are being used across their business and the means to secure that usage. This partnership strengthens SentinelOne’s ability to protect organizations holistically in the age of ubiquitous SaaS and intelligent AI agents. We’re thrilled to support Ofer, Gal, Tal, and the entire Reco team as they accelerate their vision of AI-SaaS security. Together, we look forward to empowering our customers with the freedom to innovate through SaaS, AI, and agents, securely and autonomously, with no gaps in sight.