Last week, Oso and Cyera published the first empirical study of how enterprise permissions are actually used in production. The numbers are stark: across 2.4 million workers and 3.6 billion application permissions, 96% of granted access goes completely untouched. For years, that dormant excess was a bad habit organizations could live with. AI agents are changing that calculus entirely.
The coverage has been swift, and the framing consistent: this isn't a new problem, it's an old one that agentic AI just made impossible to ignore.
InfoWorld
Writing in InfoWorld, Matt Asay reached for an avalanche metaphor. Enterprise access control is a "persistent weak layer" buried under years of role accumulation, waiting for a trigger. AI agents, he argues, are that trigger: unlike humans, who move slowly, get distracted, and generally prefer to keep their jobs, agents operate continuously, chain actions across systems, and will exercise every privilege they've been handed. The 96% of permissions that humans never touch become an immediate operational risk.
Puck News
Puck News situated the research in the broader race to build guardrails around agentic AI, noting that human workers' broad access represents a "dormant attack surface," a phrase that links directly back to the research. The piece covers the emerging ecosystem of identity and authentication tools scrambling to catch up.
Techstrong
On Techstrong TV, Oso CEO Graham Neray joined Alan Shimel to discuss the findings, making the case that authorization, long the unglamorous backwater of the security world, has suddenly become a C-suite priority. The conversation covers why most enterprises still have their AI agents stuck in pilot, and what it would actually take to deploy them safely.
The through-line across all of it: the risk isn't primarily malicious agents. It's well-intentioned ones, handed permissions no one ever cleaned up, doing exactly what they were told in systems they shouldn't be touching.
Frequently asked questions
