I am building a connection between an external SaaS service and our PowerBI environment. CyberSec raised a flag that the API connections could expose our internal environment to the service provider, potentially leaking all our BI data, given our ambition is that any site could use such connections; thus, all sites would be exposed to the read from the 3rd party. The Vendor replied with the message below, but in my view, they didn't counter the claim from CyberSec. Has anyone of you guys faced this already? Is the claim from CyberSec overreacting, or would we be liable if a hacker invades the SaaS service connection?