Material Security Study Reveals OAuth Risk Growing With the Rise of AI, Creating New Concerns for Organizations
-
South Africa vows firm response to anti-migrant violence
-
New Zealand make England toil as Stokes returns for series decider
-
Poland, Ukraine hold key Gdansk conference without Zelensky
-
Americans impacted by climate change demand answers from lawmakers
-
Massive police deployment blocks Kenya protest anniversary
-
Heat-struck Italians cool off in ancient stone 'trulli'
-
Court orders TotalEnergies to account for clients' emissions
-
French teaching unions call strike over 'unacceptable' heat
-
Stocks rally on renewed AI optimism, oil price declines
-
US Fed's preferred inflation gauge hits fresh three-year high
-
Venezuela twin quakes kill at least 164 with many trapped under rubble
-
Dominant Osaka cruises into Bad Homburg semis
-
IOC votes to continue ski mountaineering for 2030 Games
-
New Zealand frustrate England as Stokes returns for series decider
-
Stocks rally on AI optimism after Micron's blowout forecast
-
Poland, Ukraine tone down dispute at reconstruction conference
-
Tunisia's short-lived World Cup experience lays bare deep dysfunctions
-
At-risk UK elderly bid to stay cool as heatwave bears down
-
'Everything collapsed': Venezuela region hit hardest by quakes cries for help
-
'Need each other': Macron hosts Meloni after Trump rift
-
Kenya police turn out in force on protest anniversary
-
Stokes straight back into the action as New Zealand bat in 3rd Test
-
Baking heatwave gives Europe no respite
-
Amazon pledges additional $13 bn in India AI investment
-
Trump climate pushback spurs courtroom battles, report says
-
Struggling VW to sell majority stake in marine engine unit
-
Kenya police in massive show of force on protest anniversary
-
Seoul stocks soar in Asia tech rally after Micron's blowout forecast
-
USA, Germany in control as Dutch eye World Cup knockouts
-
Trump-linked resort shines light on Albania's 'stolen' land
-
Violence feared as Kenya marks protest anniversary
-
French aversion to air conditioning melts as homes sizzle
-
Ukraine recovery summit opens, overshadowed by Kyiv-Warsaw row
-
Municipal misery weighs on looming S.African elections
-
Chad sees influx of drone victims from Sudan
-
Hong takes blame as South Korea's World Cup hopes fade
-
'We shut up big mouths,' says South Africa's World Cup coach Broos
-
Brazil advance at World Cup, history for South Africa, Canada, Bosnia
-
Mothers search, men weep amid debris of Venezuela quakes
-
Confirmation still a rite of passage in Denmark but less Christian
-
South Africa stun South Korea to make World Cup history
-
Seoul stocks soar in Asia tech rally after Micron blowout forecast
-
Clarke fears Scotland 'probably going home' after Brazil World Cup loss
-
Moriyasu vows Japan will play to win and top group against Sweden
-
Secret cameras, mics and AI reveal rare Cambodia wildlife
-
Beloved spiritual utopia under threat in Modi's India
-
Bulgaria's milk farmers falter in former yogurt empire
-
Ancelotti hails Vinicius as Brazil march on at World Cup
-
Trump opens US 250th birthday party with rally-style speech
-
Morocco have 'ingredients' of World Cup winners, says coach Ouahbi
Material Security Study Reveals OAuth Risk Growing With the Rise of AI, Creating New Concerns for Organizations
Analysis of 22,332 OAuth-connected apps finds that 91% of AI and automation apps in the dataset appeared in just the last 16 months, while nearly half have been dormant for 90 days or more
SAN FRANCISCO, CA / ACCESS Newswire / June 24, 2026 / Material Security, the leading provider of cloud workspace security, today released findings from a study showing the stark reality of unmanaged OAuth exposure across Google Workspace environments. The report, "OAuth & Google Workspace Risk Report," analyzed 22,332 OAuth-connected applications across 21 enterprise Google Workspace environments. The findings show that OAuth has become a persistent and poorly governed access layer connecting AI tools, productivity applications, internal automations and third-party services to sensitive workspace data.
Notably, the report found that 91% of AI and automation apps in the dataset appeared in just the last 16 months, a pace of adoption that reflects individual employees connecting tools on their own rather than any coordinated IT rollout. At the same time, 47.2% of all applications analyzed had recorded no active usage in 90 days or more, with their OAuth authorizations still fully intact. While the applications analyzed are not necessarily malicious or being abused, together these findings reveal a rapidly widening gap between the access organizations have authorized and their ability to monitor and manage it.
As attackers are turning their attention to exploiting over-permissioned access and long-lived OAuth tokens, many organizations lack a practical way to identify, assess, and remediate their exposure. OAuth authorizations are persistent by design, but governance processes often remain manual, fragmented, or incomplete. As a result, once-legitimate grants can remain in place long after an app falls out of use, an employee leaves the company, or a new application is adopted outside formal IT processes, a risk made more urgent by the rapid spread of new AI tools.
"OAuth has become one of the main ways modern work gets connected, but it is also one of the hardest parts of the workspace to monitor," said Abhishek Agrawal, CEO of Material Security. "The risk is the accumulation of perfectly reasonable authorizations that have fallen by the wayside. Security teams need a way to identify dormant access, connect OAuth revocation to offboarding, and govern AI adoption without slowing the business down."
Key findings from the report include:
AI App Adoption Is Surging: 91% of AI and automation apps in the dataset appeared in the last 16 months (325 of 356 first observed since January 2024). The average AI-connected app has been running for 9 months, 42% have been connected for over a year, and more than half hold sensitive or restricted scopes. 149 have been connected for 12+ months with no review on record.
One in Four Apps Holds Restricted Google Scopes: 24.5% of all 22,332 applications (5,461) hold at least one active restricted scope type, based on Google's own classification rather than a third-party risk model. Among public, governable apps, 53.4% hold sensitive or restricted scopes, with Gmail and Drive the most common and often appearing together.
Nearly Half of All Apps Are Dormant: 47.2% of applications (10,545) recorded no active usage in the past 90 days, and 25.8% (5,752) have not been used in 180 days or more. In every case, the OAuth authorization remains intact, and the app retains the permissions it was originally granted.
Zombie Tokens Outlive the Users Who Created Them: 1,064 applications show zero active users but still hold live tokens, issued by employees who left, changed roles, or stopped using the tool. 463 of those (43.5%) hold sensitive or restricted scopes, including full Gmail and full Drive access on accounts no active employee is monitoring.
"OAuth has quietly become an important control plane in the enterprise, especially as AI tools connect deeper into email, files, and workflows," said Gabe Bello, Staff Security Engineer. "This research makes clear that OAuth grants cannot be treated as one-time approvals. Security teams need continuous visibility, clear ownership, and automated revocation when access is no longer needed."
To close the visibility gap, the report recommends connecting OAuth revocation to employee offboarding, creating a governed pathway for application adoption, and setting a dormancy threshold, starting with apps unused for 90 days or those with no current users and sensitive or restricted scopes.
Secure Material's OAuth Remediation Agent helps security teams operationalize this process by continuously discovering OAuth-connected apps, evaluating their permissions and behavior, and revoking risky, dormant, malicious or over-privileged access before it becomes a persistent backdoor into the cloud workspace.
The full report is available at material.security/oauth-risk-report.
About Material Security
Material Security Inc. is the leading provider of cloud workspace security solutions. Material's platform helps lean security teams wrap their arms around workspace security, providing a unified platform to address email security, file protection, and identity threat mitigation. Material is backed by Andreessen Horowitz and protects the world's fastest-growing and agile companies like Figma, Mars, DoorDash, Lyft, and more.
Media Contact:
Carmen Mantalas
Verdis on behalf of Material Security
[email protected]
SOURCE: Material Security
View the original press release on ACCESS Newswire
F.Ramirez--AT
