The 96% Blind Spot: Oso and Cyera Research reveal unused permissions lying in wait for AI agents

A joint research study by Oso and Cyera reveals that 96% of enterprise application permissions granted to employees remain unused, posing a significant security risk when such permissions are assigned to AI agents. These agents, unlike human employees, operate continuously and fully utilize available access, increasing the potential for data breaches and unauthorized actions. The research highlights that a large proportion of sensitive data remains untouched by humans, yet AI agents, which lack human constraints like sleep and accountability, could exploit these dormant permissions. As AI agent deployment accelerates, with predictions of substantial growth in AI-enabled applications, the study underscores the need for robust access control and permission management to mitigate risks associated with over-provisioning and static permission profiles. It calls for identity systems that align agent actions with human intent to prevent expanding the attack surface when agents are integrated into enterprise workflows.