Your employees ignore 96% of their permissions. Agents won't. → Read the research
OsoBlogPress Release
Press Release

The 96% Blind Spot: Oso and Cyera Research reveal unused permissions lying in wait for AI agents

by Meghan Gill
Last updated:
March 19, 2026
Published:
March 18, 2026

New study reveals that nearly all enterprise permissions are left untouched by humans, creating a massive risk when agents inherit human access

NEW YORK — March 19, 2026: Oso, the agent permissions posture company, and Cyera, the world's leading AI Security Platform, today released joint research analyzing permission usage across 2.4 million workers and 3.6 billion application permissions. The study found that corporate workers leave 96% of their application access dormant, underscoring the systemic risk of assigning existing human permissions and profiles to AI agents, which operate continuously, at machine speed, and without judgment.

The research presents the first empirical measurement of how enterprise access is actually used. Key findings include:

  • The 96% Blind Spot: Employees leave 96% of their granted permissions dormant - access they never touch, but AI agents will.
  • Systemic Over-provisioning: Over 80% of SaaS access is managed through static profiles, with 1 in 4 users relying on these broad, difficult-to-audit bundles that accumulate over time.
  • Invisible Exposure: Humans never interact with 91% of the sensitive data available to them, yet 13% of the workforce maintains standing access to regulated PII, financial, and health records. 
  • The Sledgehammer Risk: 31% of users have the power to modify or delete sensitive data.

The research comes as organizations accelerate AI agent deployment. IDC predicts spending on AI-enabled applications will reach $1.3 trillion by 2029, and Gartner forecasts 40% of enterprise apps will feature AI agents by 2026.

For human workers, unused permissions largely stay dormant. Time, judgment, and professional accountability constrain the damage any one person can do. AI agents operate under none of those constraints. They run continuously, interact directly with APIs and data systems, and will exercise every capability available to them. Recent real-world incidents have already demonstrated agents deleting production databases, wiping laptop drives, and exfiltrating data — not because of a breach, but because of the access they were handed.


"For humans, overpermissioning was a bad habit we could live with. Humans sleep. They work business hours. They don’t want to get fired. There's only so much damage a person can do before they have to go to bed," said Graham Neray, Co-Founder and CEO of Oso. “That bargain just expired. Agents don't sleep, they don't stop, and they have no concept of consequences. The 96% of permissions that humans never touch are the next agent-induced incident waiting to happen. Bear in mind these findings come from organizations that already invest in access and data security. The gap at the average enterprise is almost certainly worse."

“Agentic AI is a new species of user - one that follows intent and operates at machine speed,” said Jason Clark, Chief Strategy Officer at Cyera. “This research proves that dormant permissions are no longer just a bad habit; they are an existential risk. In the age of agents, if you don’t secure the data, you can’t secure AI. Period.”

To access the full research report, along with recommendations for securing agentic deployments, visit https://www.osohq.com/research

Supporting Quotes

"At Brex, we're deploying agents aggressively, but we're designing for failure modes upfront, not after an incident. Speed without control is risk, and control without speed is a blocker. Oso gives us the authorization foundation to move fast without expanding our attack surface." — Mark Hillick, CISO, Brex

"At 1Password, we're seeing the same pattern this research highlights as teams start putting AI agents into real production workflows. Access models built for humans don't map cleanly to agents. When agents are handed broad, static permissions, the unused ones don't just sit there — they quietly expand the attack surface. What teams need instead are identity systems that keep agent actions tightly scoped and explicitly tied back to human intent." — Nancy Wang, CTO, 1Password

About Cyera

Cyera is the AI Security Platform built for the age of agents. Enterprises like Paramount, Chipotle, and Valvoline use Cyera to control exactly what data their AI can reach — and govern what happens next. The platform secures data at rest, in motion, and in use, whether touched by humans or AI agents. Valued at $9 billion and backed by over $1.7 billion from Accel, Blackstone, Cyberstarts, Georgian, Lightspeed, and Sequoia. Protect your data. Secure AI. 

About Oso

Oso makes AI agents safe. As agents take on increasingly powerful actions, getting access control right actually matters. Oso's Agent Permissions Posture platform gives security teams more than just visibility, alerts, and auditing. It scopes down agent permissions to ensure that even a rogue agent can’t take down your business. Backed by Sequoia and Felicis, Oso is trusted by organizations including Duolingo, Vanta, and Brex. 

Media Contacts:

Cyera: Natalie Wilson | press@cyera.io

Oso: Meghan Gill | meghan@osohq.com

Want us to remind you?
We'll email you before the event with a friendly reminder.

Frequently asked questions

About the author

Meghan Gill

Oso GTM

Meghan Gill leads marketing and developer relations at Oso.

Related content

Secure your agents with automated least privilege
Book a demo

Ready to get started?

Try Oso for FreeMeet an Eng