96% of enterprise permissions go unused. AI agents won't leave them that way.

CYERA RESEARCH  · JOINT RESEARCH WITH OSO

We analyzed 2.4 million workers and 3.6 billion permissions. What we found should change how every security team thinks about the age of autonomous AI.
‍
This is the first empirical study of how enterprise permissions are actually exercised in production - not how they’re designed, not how policy says they should work, but what employees actually do with the access they’ve been given. The findings are unambiguous. And the implications, as AI agents enter the picture, are severe.

FINDING 01

Almost no one is using their access. Almost everyone still has it.

Only 4 in 100 workers take any action at all in most enterpriseapplications over a 90-day period. The other 96 hold active credentials andnever open the system. Among the 4% who do log in, they exercise just 17% of the permissions available to them. Theother 83% sit dormant — live, functional, and waiting.

The  exposure isn’t theoretical — it’s structural. 13% of the workforce can reach  regulated data. 31% can modify or delete it. These permissions are  permanently available, whether or not anyone ever uses them.

FINDING 02

Over-provisioning is baked into how enterprise systems are built.

This isn’t an accident. Across enterprise SaaS environments, more than 80% of access is managed through static permission profiles - rigid bundlesconfigured once and expanded over time as roles grow and integrations multiply.A quarter of users have no individual permissions at all; their entire accessmodel is a profile that was set up years ago and never trimmed.

 Admin access tells the same story. Best-practice governance benchmarks set administrative access at around2–5% of users. Some environments we analyzed had assigned admin privileges to nearly 30% — six times the expected level, with high-privilege capabilities distributed far beyond any operational need.

CASE STUDY  ·   CYERA RESEARCH DEEP DIVE

Salesforce: where permission sprawl becomes a concrete,  measurable risk

Everything  described in this post plays out in sharp relief inside Salesforce — the CRM  platform sitting at the center of most organizations’ customer data  ecosystems. Cyera Research conducted a dedicated analysis of Salesforce  environments across multiple organizations and found the numbers are worse  than the enterprise average. Not because Salesforce is uniquely broken, but  because it is uniquely central: the permissions it holds govern access to  customer records, financial data, deals, contacts, and regulated information  at scale.

Salesforce  itself recommends a modular access model: minimal  profiles that define only baseline access, layered with permission sets for role-specific  privileges. Production environments consistently invert this. Profile-heavy  configurations make it harder to audit, harder to reduce, and much harder to  reason about what any given user can actually do — let alone what an agent  would do if it inherited their account.

The ‘nuclear buttons’:  View All Data and Modify All Data

Within  Salesforce, two permissions override the entire sharing model. View All Data grants unrestricted read  access to every record in the org. Modify All  Data goes further - providing read, write, and delete access  across the entire environment, effectively elevating the holder to  super-admin. Cyera Research found these capabilities distributed far more  broadly than intended, in many cases persisting long after the original  justification had passed. While most organizations held admin access to  around 5% of users, several environments showed assignments reaching nearly 30%.

Salesforce access management isn’t a technical chore — it’s a  strategic pillar of data governance. And as AI agents get connected to  Salesforce environments, the governance gaps that have quietly accumulated  become something far more urgent than a hygiene problem.

 READ THE FULL  ANALYSIS  

Are Your Salesforce Permissions Protecting You — or  Exposing You?

The first in Cyera Research’s Salesforce Access Control Deep  Dive series, covering profiles, permission sets, high-privilege capabilities,  record-level access, and public data exposure.

cyera.com/research/salesforce-permissions

THE INFLECTION POINT

Humans have always saved us from our own permissions. Agents won’t.

Until now, the risks above werelargely theoretical. Human behavior has always acted as a natural ceiling:people work slowly, follow routines, and exercise a tiny fraction of theirtechnical access. The 96% of permissions that gounused stay unused because people behave like people.

AI agents remove that ceilingentirely. They operate continuously, at machinespeed, calling APIs directly with no natural stopping point. Theydon’t bring judgment or hesitation. When an agent inherits an employee’spermission set, it doesn’t inherit the small slice that employee typicallyuses. It inherits everything that employee technically could do —including the 96% that was never touched.

Over  40,000 agent instances have been found running malicious  community-contributed integrations. An attacker doesn’t need stolen  credentials — just malicious instructions in content the agent processes.  That dormant 96% becomes an active attack surface, instantly.

 "When agents are handed broad, static permissions, the unused  ones quietly expand the attack surface. What teams need are identity systems  that keep agent actions tightly scoped and tied back to human intent."

Nancy Wang  - CTO, 1Password

WHAT TO DO

The window is open. It won’t stay that way.

The good news: when 96% ofpermissions go unused, there is massive risk reduction available without disrupting anything. Access that noone exercises can be revoked without anyone noticing. Profiles that areover-provisioned can be tightened before an agent ever touches them.

The organizations that get aheadof this treat access governance asinfrastructure - not a compliance checkbox. Before any agentdeployment: audit what’s actually being used. Provision dedicated agentidentities scoped to the specific task, not inherited from human accounts.Start in read-only mode. Log every action from day one. Triage by blast radius - modify, delete, and export permissions first.

 "With agents, risks compound exponentially. Broader surface  area, more secrets, more over-privilege than ever before."

Armon  Dadgar — Co-Founder & CTO, HashiCorp

Agents are moving from pilot toproduction now. Every day with an un-audited permission model is a day closerto that model being inherited by something that will use all of it.

CYERA RESEARCH  & OSO  ·  FULL REPORT

Download the complete findings: 2.4M  workers, 3.6B permissions, 10 actions to close the gap.

Download the report →
‍

ABOUT CYERA RESEARCH

Cyera Research is the data-centric research arm of Cyera, dedicated to advancing  vulnerability research and transforming real-world data insights into  decisive security action. Led by a multidisciplinary team of researchers,  scientists, security engineers, and security vulnerability researchers, they  uncover critical vulnerabilities, emerging attack vectors, and AI-driven  risks across modern data environments. By combining hands-on vulnerability  discovery with rigorous, evidence-based research, Cyera Research delivers  actionable intelligence and practical guidance that empower organizations to  proactively secure, govern, and protect their data and AI assets with confidence.