New study reveals that nearly all enterprise permissions are left untouched by humans, creating a massive risk when agents inherit human access
Oso, the agent permissions posture company, and Cyera, the world’s leading AI Security Platform, today released joint research analyzing permission usage across 2.4 million workers and 3.6 billion application permissions. The study found that corporate workers leave 96% of their application access dormant, underscoring the systemic risk of assigning existing human permissions and profiles to AI agents, which operate continuously, at machine speed, and without judgment.
The research presents the first empirical measurement of how enterprise access is actually used. Key findings include:
- The 96% Blind Spot:Â Employees leave 96% of their granted permissions dormant – access they never touch, but AI agents will.
- Systemic Over-provisioning:Â Over 80% of SaaS access is managed through static profiles, with 1 in 4 users relying on these broad, difficult-to-audit bundles that accumulate over time.
- Invisible Exposure:Â Humans never interact with 91% of the sensitive data available to them, yet 13% of the workforce maintains standing access to regulated PII, financial, and health records.
- The Sledgehammer Risk:Â 31% of users have the power to modify or delete sensitive data.
The research comes as organizations accelerate AI agent deployment. IDC predicts spending on AI-enabled applications will reach $1.3 trillion by 2029, and Gartner forecasts 40% of enterprise apps will feature AI agents by 2026.
For human workers, unused permissions largely stay dormant. Time, judgment, and professional accountability constrain the damage any one person can do. AI agents operate under none of those constraints. They run continuously, interact directly with APIs and data systems, and will exercise every capability available to them. Recent real-world incidents have already demonstrated agents deleting production databases, wiping laptop drives, and exfiltrating data — not because of a breach, but because of the access they were handed.
“For humans, overpermissioning was a bad habit we could live with. Humans sleep. They work business hours. They don’t want to get fired. There’s only so much damage a person can do before they have to go to bed,” said Graham Neray, Co-Founder and CEO of Oso. “That bargain just expired. Agents don’t sleep, they don’t stop, and they have no concept of consequences. The 96% of permissions that humans never touch are the next agent-induced incident waiting to happen. Bear in mind these findings come from organizations that already invest in access and data security. The gap at the average enterprise is almost certainly worse.”
“Agentic AI is a new species of user – one that follows intent and operates at machine speed,” said Jason Clark, Chief Strategy Officer at Cyera. “This research proves that dormant permissions are no longer just a bad habit; they are an existential risk. In the age of agents, if you don’t secure the data, you can’t secure AI. Period.”
To access the full research report, along with recommendations for securing agentic deployments, visit https://www.osohq.com/research
Supporting Quotes
“At Brex, we’re deploying agents aggressively, but we’re designing for failure modes upfront, not after an incident. Speed without control is risk, and control without speed is a blocker. Oso gives us the authorization foundation to move fast without expanding our attack surface.” — Mark Hillick, CISO, Brex
“At 1Password, we’re seeing the same pattern this research highlights as teams start putting AI agents into real production workflows. Access models built for humans don’t map cleanly to agents. When agents are handed broad, static permissions, the unused ones don’t just sit there — they quietly expand the attack surface. What teams need instead are identity systems that keep agent actions tightly scoped and explicitly tied back to human intent.” — Nancy Wang, CTO, 1Password