96% of enterprise permissions go unused. AI agents won't leave them that way.
.avif)
CYERA RESEARCH · JOINT RESEARCH WITH OSO
We analyzed 2.4 million workers and 3.6 billion permissions. What we found should change how every security team thinks about the age of autonomous AI.
This is the first empirical study of how enterprise permissions are actually exercised in production - not how they’re designed, not how policy says they should work, but what employees actually do with the access they’ve been given. The findings are unambiguous. And the implications, as AI agents enter the picture, are severe.
FINDING 01
Almost no one is using their access. Almost everyone still has it.
Only 4 in 100 workers take any action at all in most enterpriseapplications over a 90-day period. The other 96 hold active credentials andnever open the system. Among the 4% who do log in, they exercise just 17% of the permissions available to them. Theother 83% sit dormant — live, functional, and waiting.
The exposure isn’t theoretical — it’s structural. 13% of the workforce can reach regulated data. 31% can modify or delete it. These permissions are permanently available, whether or not anyone ever uses them.
FINDING 02
Over-provisioning is baked into how enterprise systems are built.
This isn’t an accident. Across enterprise SaaS environments, more than 80% of access is managed through static permission profiles - rigid bundlesconfigured once and expanded over time as roles grow and integrations multiply.A quarter of users have no individual permissions at all; their entire accessmodel is a profile that was set up years ago and never trimmed.
Admin access tells the same story. Best-practice governance benchmarks set administrative access at around2–5% of users. Some environments we analyzed had assigned admin privileges to nearly 30% — six times the expected level, with high-privilege capabilities distributed far beyond any operational need.
CASE STUDY · CYERA RESEARCH DEEP DIVE
Salesforce: where permission sprawl becomes a concrete, measurable risk
Everything described in this post plays out in sharp relief inside Salesforce — the CRM platform sitting at the center of most organizations’ customer data ecosystems. Cyera Research conducted a dedicated analysis of Salesforce environments across multiple organizations and found the numbers are worse than the enterprise average. Not because Salesforce is uniquely broken, but because it is uniquely central: the permissions it holds govern access to customer records, financial data, deals, contacts, and regulated information at scale.
Salesforce itself recommends a modular access model: minimal profiles that define only baseline access, layered with permission sets for role-specific privileges. Production environments consistently invert this. Profile-heavy configurations make it harder to audit, harder to reduce, and much harder to reason about what any given user can actually do — let alone what an agent would do if it inherited their account.
The ‘nuclear buttons’: View All Data and Modify All Data
Within Salesforce, two permissions override the entire sharing model. View All Data grants unrestricted read access to every record in the org. Modify All Data goes further - providing read, write, and delete access across the entire environment, effectively elevating the holder to super-admin. Cyera Research found these capabilities distributed far more broadly than intended, in many cases persisting long after the original justification had passed. While most organizations held admin access to around 5% of users, several environments showed assignments reaching nearly 30%.
Salesforce access management isn’t a technical chore — it’s a strategic pillar of data governance. And as AI agents get connected to Salesforce environments, the governance gaps that have quietly accumulated become something far more urgent than a hygiene problem.
READ THE FULL ANALYSIS
Are Your Salesforce Permissions Protecting You — or Exposing You?
The first in Cyera Research’s Salesforce Access Control Deep Dive series, covering profiles, permission sets, high-privilege capabilities, record-level access, and public data exposure.
cyera.com/research/salesforce-permissions
THE INFLECTION POINT
Humans have always saved us from our own permissions. Agents won’t.
Until now, the risks above werelargely theoretical. Human behavior has always acted as a natural ceiling:people work slowly, follow routines, and exercise a tiny fraction of theirtechnical access. The 96% of permissions that gounused stay unused because people behave like people.
AI agents remove that ceilingentirely. They operate continuously, at machinespeed, calling APIs directly with no natural stopping point. Theydon’t bring judgment or hesitation. When an agent inherits an employee’spermission set, it doesn’t inherit the small slice that employee typicallyuses. It inherits everything that employee technically could do —including the 96% that was never touched.
Over 40,000 agent instances have been found running malicious community-contributed integrations. An attacker doesn’t need stolen credentials — just malicious instructions in content the agent processes. That dormant 96% becomes an active attack surface, instantly.
"When agents are handed broad, static permissions, the unused ones quietly expand the attack surface. What teams need are identity systems that keep agent actions tightly scoped and tied back to human intent."
Nancy Wang - CTO, 1Password
WHAT TO DO
The window is open. It won’t stay that way.
The good news: when 96% ofpermissions go unused, there is massive risk reduction available without disrupting anything. Access that noone exercises can be revoked without anyone noticing. Profiles that areover-provisioned can be tightened before an agent ever touches them.
The organizations that get aheadof this treat access governance asinfrastructure - not a compliance checkbox. Before any agentdeployment: audit what’s actually being used. Provision dedicated agentidentities scoped to the specific task, not inherited from human accounts.Start in read-only mode. Log every action from day one. Triage by blast radius - modify, delete, and export permissions first.
"With agents, risks compound exponentially. Broader surface area, more secrets, more over-privilege than ever before."
Armon Dadgar — Co-Founder & CTO, HashiCorp
Agents are moving from pilot toproduction now. Every day with an un-audited permission model is a day closerto that model being inherited by something that will use all of it.
CYERA RESEARCH & OSO · FULL REPORT
Download the complete findings: 2.4M workers, 3.6B permissions, 10 actions to close the gap.
Download the report →
ABOUT CYERA RESEARCH
Cyera Research is the data-centric research arm of Cyera, dedicated to advancing vulnerability research and transforming real-world data insights into decisive security action. Led by a multidisciplinary team of researchers, scientists, security engineers, and security vulnerability researchers, they uncover critical vulnerabilities, emerging attack vectors, and AI-driven risks across modern data environments. By combining hands-on vulnerability discovery with rigorous, evidence-based research, Cyera Research delivers actionable intelligence and practical guidance that empower organizations to proactively secure, govern, and protect their data and AI assets with confidence.
.svg)