A significant and growing security risk is emerging from the widespread adoption of AI tools and workflow automation apps, specifically concerning unmanaged OAuth tokens. Every application connected to Google or Microsoft environments by employees this year has left behind a persistent OAuth token. These tokens often lack expiration dates, automatic cleanup mechanisms, and in many organizations, any form of centralized monitoring, leaving them invisible to traditional security perimeters and unaffected by multi-factor authentication.
When an attacker gains access to one of these unmanaged OAuth tokens, they can bypass the need for a password altogether. These grants remain active even when employees leave the organization or change their passwords, creating a persistent backdoor. While this model may have been adequate for a few IT-approved applications in the past, it is no longer sufficient in an era where employees independently integrate a multitude of AI tools, automation, and productivity applications directly into their corporate Google or Microsoft accounts. Each integration establishes a persistent, scoped token without automatic expiration or centralized oversight, a design inherent to OAuth but a gap in most security programs.
CISOs Acknowledge the OAuth Grant Risk, Most Lack Solutions
New research from Material Security highlights a substantial disconnect between high-level awareness of unmanaged OAuth grants as a security risk and the actual implementation of effective mitigation strategies. The study indicates that 80% of security leaders identify unmanaged OAuth grants as a critical or significant risk, a sentiment that has been consistent for several years. However, mere awareness has not translated into widespread capability.
A significant portion of organizations, 45%, are reportedly doing nothing to monitor these OAuth grants at scale. Many others, 33%, rely on manual and ad hoc processes. These often involve tracking grants in spreadsheets, conducting periodic, informal permission reviews, or depending on employee reports of unusual application behavior. Such manual methods are insufficient for comprehensive threat response, merely documenting unknown exposure levels rather than actively defending against them.
Spreadsheet-based tracking provides a record of potential vulnerabilities but does not constitute a robust threat response capability. It essentially serves as a ledger of an organization’s unmanaged risk, rather than a mechanism to mitigate it.
The OAuth Risk is Not Theoretical; It’s an Active Attack Vector
While the argument for OAuth visibility is often framed around employees sharing sensitive information with third-party tools without IT oversight, a more immediate and pressing concern is that OAuth grants themselves are an active attack vector. The recent Drift incident serves as a stark illustration of this threat.
In the Drift incident, a threat actor gained access to valid OAuth refresh tokens, likely through prior phishing activities. These tokens were then used to infiltrate the Salesforce environments of over 700 organizations. The attack’s structure underscores a critical security loophole: the OAuth tokens were legitimate, and the integration itself was sanctioned. From the perspective of perimeter security controls, no suspicious activity was detected. Multi-factor authentication (MFA) was completely bypassed because the attacker did not log in; instead, they presented a token that Drift had already been granted permission to use.
Once inside these Salesforce environments, the threat actor systematically exfiltrated data and searched for credentials, including AWS access keys, Snowflake tokens, and passwords. This breach, affecting prominent companies such as Cloudflare and PagerDuty, demonstrates that the challenge isn’t solely about suspicious third-party applications but also about compromised credentials within trusted integrations. The incident emphasizes that while trusting an application at the point of installation is necessary, it does not guarantee its continued trustworthiness. Consequently, OAuth grants require continuous, active monitoring, not passive acceptance.
Effective OAuth Monitoring Requires a Comprehensive Approach
Current generations of OAuth security tools primarily focus on risk assessment at the point of application installation. These tools typically evaluate whether requested permission scopes are excessive or flag applications from vendors with poor reputations. While these measures offer some utility, they are ultimately insufficient. For scenarios like the Drift attack, where a legitimate application’s credentials were stolen and weaponized, such point-in-time evaluations would provide no warning.
Vendor trust levels and application scopes are important considerations but represent only a partial view of the risk landscape. Crucially, monitoring the actual behavior of an application—the API calls it makes and the actions it performs—is essential for understanding its real-world activities beyond its potential capabilities. Furthermore, without deep visibility into the specific accounts to which an application is linked, security teams operate with significant blind spots. A risky application connected to an intern’s account presents a different level of risk compared to the same application being used by a VIP with access to extensive sensitive data.
The Drift attack did not involve a suspicious app requesting unusual permissions during setup. Instead, it involved a legitimate app whose credentials were later compromised and exploited. A tool that only evaluates grants at their inception would miss such threats, as the risk materializes later when a token is stolen and misused by an unauthorized actor.
Effective OAuth security necessitates a more robust approach, encompassing:
- Continuous Behavioral Monitoring: Beyond initial setup, it is vital to track what an application actually does with its granted access. Monitoring the API calls an OAuth-connected app makes over time can reveal anomalies, such as sudden increases in data access, queries for unusual data types, or access occurring at unexpected hours, none of which would be caught by a static permission review.
- Blast Radius Assessment: The potential impact of an OAuth grant is heavily dependent on the access levels of the user account it’s connected to. A grant linked to an account with read access to thousands of sensitive documents and years of email history poses a far greater risk than the same grant on a newly provisioned account with limited exposure. Risk scoring must reflect this critical factor.
- Graduated Response Mechanisms: Security protocols should incorporate intelligent responses tailored to the detected level of risk and organizational tolerance. Obviously malicious applications, characterized by unknown vendors, broad permissions, and anomalous API behavior from the outset, should be immediately revoked. In contrast, mild anomalies in mission-critical integrations from major vendors might warrant human review before action is taken. The response system must be sophisticated enough to differentiate between these scenarios.
Material Security’s OAuth Threat Remediation Agent Addresses the Gap
For each connected application, the agent evaluates three key factors in combination. These include the standard vendor trust and scope analysis commonly provided by other tools, augmented by behavioral monitoring of actual API calls made by the application over time to surface deviations from expected behavior. Additionally, it performs a blast radius assessment, considering the access levels and data exposure of the accounts to which the application is linked. This integrated approach generates a risk signal that reflects both the probability of a security incident and its potential impact.
When the agent identifies a high-risk grant, it can initiate immediate action, such as revoking the token before any harm can occur. For situations involving less certain risks or mission-critical applications, the agent provides detailed context to the security team, including information about the application, its observed activities, its access permissions, and its calculated risk score. Organizations have the flexibility to configure their own thresholds, determining which risk levels trigger automated remediation and at what point human sign-off is required. This design ensures that security teams remain involved in crucial decision-making while automating responses for routine or low-risk events.
Closing the OAuth Backdoor for Enhanced Enterprise Security
OAuth grants have become the de facto standard for third-party applications and AI tools to connect with enterprise workspaces, and this trend is unlikely to reverse. The number of OAuth grants within most organizations is projected to continue growing as AI adoption accelerates. Telling employees to cease using AI tools is an impractical security stance for many businesses and would not address the threat posed by applications that become malicious after initial installation.
The optimal approach is not to reduce the number of OAuth grants but to enhance visibility into existing ones, implement continuous monitoring of their behavior, and establish the operational capability for rapid and intelligent response. This ensures that critical integrations remain functional while security threats are effectively managed. Organizations seeking to gain comprehensive visibility into their environment and the ability to respond to changes can explore Material Security’s OAuth Threat Remediation Agent.