We Finally Measured How Broken Permissions Are

An analysis conducted by Oso and Cyera on 2.4 million workers and 3.6 billion permissions reveals that 96% of permissions are unused by employees, highlighting a significant overpermission issue in SaaS systems. This problem becomes critical with the introduction of autonomous agents, which inherit these unused permissions, potentially leading to security breaches due to their lack of judgment and constant operational capacity. Incidents have already occurred where agents, unlike humans who are limited by judgment and time, have caused significant disruptions, such as a prolonged AWS outage and an attack on global targets by a Chinese state-sponsored group. To mitigate risks, it is recommended to audit and separate human and agent permissions, limit agent access to what is necessary, and maintain thorough logs of all actions. Oso is developing infrastructure solutions to address these challenges, emphasizing the urgency of managing agent permissions effectively while the majority are still in pilot phases.