A new IGA report from CloudEagle.ai, based on a survey of 1,000 enterprise CIOs and CISOs, finds that 60% of enterprise SaaS and AI applications now operate outside IT's visibility, and the access risk that creates is materializing in breach data.

The headline number: 48% of former employees still have active access to company applications months after leaving. 

The root cause is structural. Manual offboarding, quarterly access reviews, and siloed deprovisioning workflows cannot keep pace with the speed at which people join, move roles, and leave in modern enterprises.

The report also found that 1 in 2 current employees have excessive privileged access beyond what their role requires, a condition known as privilege creep, which accumulates silently over time as access is granted but never removed.

What CIOs flagged as their top concerns

The survey surfaced three findings that frame the scale of the problem:

• 70% of CIOs flagged unsanctioned AI tools as their top data concern
• Only 15% have implemented Just-In-Time access controls
• 60% of SaaS and AI applications operate entirely outside IT visibility

The third number is what makes the first two compounding risks. Shadow AI tools carry the same access and data exposure problems as shadow SaaS, but they move faster, are adopted by more employees, and are harder to detect without dedicated discovery tooling.

Why traditional IAM tools can't solve this

Not all SaaS applications are managed through centralized IAM systems. Employees adopt tools directly, through credit card purchases, free-tier signups, or embedded features in existing software. When those employees leave, their access in those applications is never connected to the offboarding workflow that IT controls.

"Traditional IAM tools can't keep up with today's SaaS and AI-driven environments because not all apps are managed by IT, and not everything sits behind a centralized IAM system," the report states.

Quarterly access reviews compound the problem. In the time between reviews, an employee can change roles, gain inappropriate access, and leave, with no automated process to catch any of it.

CloudEagle.ai provides continuous SaaS and AI application discovery, automated offboarding workflows triggered by HRIS and identity provider events, and access reviews that run on a schedule rather than waiting for manual initiation, addressing the visibility gap that makes 48% of former employee access possible in the first place.

‍