Kaseya Finds 69% of SaaS Accounts have More Guest Access than Licensed Users

Kaseya’s 2026 SaaS Security Report reveals that multi-factor authentication gaps, OAuth sprawl and external file sharing are widening the SMB attack surface

Miami, FL – June 30, 2026 – Kaseya, the leading global provider of AI-powered IT management and cybersecurity software, today released its 2026 SaaS Security Report, which found that trust is the primary source of risk within modern IT environments. Threat actors have abandoned perimeter attacks in favor of softer targets like identities, OAuth integrations and collaboration workflows, leaving a trust gap most small and mid-sized businesses can’t see, let alone close.

The report analyzed more than 27.6 billion SaaS security events across over 50,000 SMB environments, including 5,400 MSP partners and 6.2 million end-user accounts. The data highlights a critical reality: as SaaS ecosystems expand, everyday operational conveniences like unmanaged guest accounts – which now make up 69% of all monitored accounts (4.3 million versus 1.9 million licensed users) – persistent third-party access and externally shared data are creating massive security liabilities for small and mid-sized businesses.

“Today’s AI-emboldened threat actors see one interconnected attack environment, whereas most organizations defend their infrastructure in pieces,” said Jim Lippie, chief product officer, Kaseya. “The most resilient organizations will be those that embrace continuous monitoring, identity governance and automated response as foundational requirements.”

The Rise of Machine Identities and AI-Driven Exploitation

The rush to adopt AI has triggered a sprawl of third-party OAuth integrations that use persistent tokens instead of credentials, granting attackers permanent data access even after password resets. Consequently, non-human service principal logins now account for 20% of critical security alerts. Simultaneously, attackers use AI-driven automation to instantly locate and exploit dormant guest accounts, weaponizing these forgotten entry points faster than manual defenses can react.

Hiding in Plain Sight: The Failure of Legacy Controls

Legacy controls like geolocation blocks are also failing as attackers route traffic through trusted cloud hosts and VPNs. Outside North America, 44% of unauthorized logins originated from trusted infrastructure and outsourced hubs – led by India (14%), the Philippines (10%), Germany (7%), the UK (7%) and the Netherlands (6%) – allowing intruders to blend into normal business traffic. Once inside, they exploit massive identity gaps: 56% of accounts lacked active MFA, and only 27% of SMBs enforced organization-wide MFA. This exposure, combined with a rise of file sharing, allows attackers to silently exfiltrate data from within the network.

Additional Key Findings Include:

  • Microsoft 365 Exposure: Data leakage remains exceptionally high in productivity environments; in Microsoft 365, nearly half (45%) of all shared files were sent outside the organization.
  • Severe Alert Fatigue: In 2025, 98.9% of security events SaaS Alerts monitored were classified as low severity, but organizations still faced more than 278 million medium- and critical-severity alerts requiring investigation.

Closing the Gap: Actionable Defensive Shifts

To counter these evolving threats, organizations must transition from rigid perimeter defenses to active, identity-first governance frameworks. Bridging the modern trust gap requires businesses to move away from static event tracking and instead prioritize automated behavioral monitoring that can flag anomalous activity inside trusted accounts. By aggressively consolidating security stacks, enforcing organization-wide MFA and continuously auditing machine identities and external sharing permissions, SMBs can eliminate critical visibility silos and systematically neutralize attacker persistence before a breach occurs.

To read the full findings and strategic recommendations, download the 2026 SaaS Security Report here.

About Kaseya

Kaseya is the leading global provider of AI-powered IT management and cybersecurity software. Kaseya delivers a unified technology platform to manage infrastructure, secure endpoints, back up critical data, and streamline operations for more than 40,000 MSP and SMB customers around the globe. To learn more, visit www.kaseya.com.