AI agent permissions expose dormant access at enterprise scale

At a glance

What this is: Cyera Research says most enterprise permissions sit dormant today, but AI agents can turn that unused access into live attack surface.

Why it matters: For IAM and NHI teams, the finding shifts the control problem from user behaviour to inherited machine-use permissions, where blast radius matters more than login frequency.

By the numbers:

• Only 4 in 100 workers take any action at all in most enterprise applications over a 90-day period.
• Among the 4% who do log in, they exercise just 17% of the permissions available to them.
• Across enterprise SaaS environments, more than 80% of access is managed through static permission profiles.
• Some environments we analyzed had assigned admin privileges to nearly 30% of users.

👉 Read Cyera's analysis of enterprise permissions and AI agent exposure

Context

AI agent identity risk starts with a simple mismatch: enterprises design access for infrequent human use, then connect autonomous software that can exercise every granted permission continuously. In that model, dormant permissions are not harmless background noise. They are standing capability that becomes immediately actionable when an agent inherits it. That is the core NHI governance problem the article raises for IAM teams.

Cyera Research's March 19, 2026 analysis argues that permission sprawl is already widespread before agents enter production. The implication is not that human users suddenly changed, but that access design has been relying on human restraint as an informal control. Once an agent can act at machine speed, that assumption no longer holds, and the starting position is common rather than exceptional.

Key questions

Q: How should security teams govern AI agents that inherit human permissions?

A: Security teams should treat inherited permissions as a starting risk, not a safe default. Give agents dedicated identities, scope them to a specific task, and remove any entitlement that is not essential to that task. Review high-impact actions first, especially modify, delete, export, and administrative rights.

Q: What is the difference between least privilege for humans and least privilege for AI agents?

A: Least privilege for humans can tolerate some unused access because people do not exercise every entitlement. Least privilege for AI agents must be much stricter because agents can use every granted permission continuously and at machine speed. The effective control is task scope, not job title.

Q: When does dormant access become a material security problem?

A: Dormant access becomes material when it can be inherited by automation, connected to central data systems, or used to alter records, export data, or administer environments. At that point, the unused permission is no longer theoretical. It is part of the attack surface and should be reviewed immediately.

Q: Why do AI agents complicate zero trust and IAM assumptions?

A: AI agents complicate zero trust because they are authenticated entities that can operate continuously, yet they do not behave like a human user whose activity naturally limits exposure. IAM teams must therefore verify context, scope, and action, not just identity at login time.

Technical breakdown

Static permission profiles and why they create hidden NHI risk

Static permission profiles bundle access into roles that are created once and then expanded as teams, integrations, and business processes grow. In practice, those profiles often outlive the original need, so the entitlements remain even when users no longer exercise them. That creates dormant access, which is low visibility but still fully functional. For NHI governance, the key point is that an AI agent does not inherit the small fraction of permissions a human actively uses. It inherits the entire entitlement set, including unused high-impact actions.

Practical implication: Prune static profiles before attaching them to any agent identity, and review the highest-risk permissions first.

Why AI agents convert dormant access into active blast radius

AI agents differ from human users because they operate continuously, call APIs directly, and do not naturally stop after a routine task. That means access that looks excessive on paper can become material the moment an agent is granted it. If a user account includes modify, delete, export, or admin permissions, an agent can exercise those capabilities at scale and without hesitation. The architectural failure is not just over-provisioning. It is the assumption that human patterns will constrain machine behaviour.

Practical implication: Scope agent identities to task-specific actions and start with read-only access wherever possible.

Salesforce as a model for governance concentration risk

The article uses Salesforce to show how a central business system can concentrate customer, financial, and regulated data access in a single permission model. When access is profile-heavy and layered with powerful overrides such as broad read or write rights, auditing becomes difficult and privilege boundaries become blurry. For NHI programs, this is the kind of system where agent assignment needs extra scrutiny because one inherited account can reach a disproportionate amount of data. The risk comes from centrality plus breadth, not from the application name alone.

Practical implication: Treat central systems as blast-radius hotspots and review inherited permissions before any agent is connected.

Breaches seen in the wild

• Moltbook AI agent keys breach — Moltbook breach exposed 1.5M AI agent keys.
• Cisco DevHub NHI breach — IntelBroker exploited exposed Cisco credentials, API tokens and keys in DevHub.

Read our 52 NHI Breaches Analysis report for a comprehensive view of breaches impacting Non-Human Identities including AI Agents.

NHI Mgmt Group analysis

Dormant access is now an identity governance liability, not a clean-up task. The article's central finding is that unused permissions are still live permissions, even when human users rarely exercise them. That matters because NHI programs cannot rely on human behaviour as a limiting factor once autonomous agents are present. The governance conclusion is straightforward: access review must measure entitlement breadth, not login frequency, and practitioners should treat dormant privilege as a priority remediation candidate.

Ephemeral behaviour does not eliminate inherited trust debt. AI agents may be temporary in operation, but the identities they inherit are often persistent and over-provisioned. That creates a trust gap between the short life of the task and the long life of the account model. Ephemeral credential trust debt: the accumulated risk created when temporary automation is built on permanent, poorly scoped permissions. Practitioners should reduce that debt before agents scale.

Modify, delete, and export rights are the real control perimeter. The article correctly shifts attention away from generic access counts and toward the actions that change data state or move data out of the system. In NHI governance, those capabilities define blast radius far better than seat counts or nominal role names. Teams should rank entitlements by effect, then constrain the smallest set of identities that can alter, extract, or redistribute sensitive data.

Central platforms turn permission sprawl into enterprise-wide exposure. Systems like CRM and data hubs are not just another app in the stack. They are concentration points where one account can bridge regulated data, customer records, and operational workflows. That makes inherited permissions from human users especially dangerous when assigned to agents. Practitioners should use central-system access reviews as the proving ground for agent governance, because failures there propagate fastest.

Agent governance must be built around intent, not inherited convenience. The article's best insight is that human convenience has historically masked over-provisioning. Agents remove that mask. The field now needs identity models that bind actions to task intent, scope limits, and explicit review points. The practitioner takeaway is to redesign access around what the agent should do, not what the human account technically can do.

From our research:

• 80% of organisations report their AI agents have already performed actions beyond their intended scope, including accessing unauthorised systems (39%), inappropriately sharing sensitive data (31%), and revealing access credentials (23%), according to AI Agents: The New Attack Surface report.
• 52% of companies can track and audit the data their AI agents access, leaving 48% with a complete blind spot for compliance and breach investigation.
• For a broader control model, see OWASP NHI Top 10, which maps the agent privilege and tool-use failures teams need to prevent.

What this signals

Ephemeral credential trust debt: enterprises are now carrying a hidden liability where short-lived automation rides on long-lived, over-broad access. With 98% of companies planning to deploy even more AI agents within the next 12 months, the governance burden will rise faster than most entitlement programmes can absorb. Teams should assume that every agent rollout amplifies existing permission sprawl unless they redesign access around task intent and audited scope.

The practical shift for IAM and NHI teams is from entitlement management to action management. Central systems will become the main proving ground because they concentrate sensitive records and broad permissions in one place. If you cannot explain why a non-human identity needs a powerful action in a critical system, you do not yet have a defensible governance model.

Agent oversight should now be measured by whether the organisation can prove who or what accessed regulated data, not merely whether an identity was authenticated. That aligns well with policy models in the NIST AI Risk Management Framework and with agent-specific controls in the OWASP Agentic AI Top 10. Teams that anchor controls to action, data, and intent will have a far better chance of containing autonomous misuse.

For practitioners

• Rebuild access reviews around blast radius Classify permissions by their effect on data and systems, then review modify, delete, export, and administrative rights before any agent can inherit them.
• Create dedicated agent identities Stop reusing human accounts for autonomous workflows and issue task-scoped identities with only the permissions required for a single bounded job.
• Start agent deployment in read-only mode Use read-only access for initial automation wherever the workflow allows it, then expand only after logging shows the need for broader action.
• Tighten static profiles before integration Review old permission profiles in central platforms and remove unused access before connecting AI agents, especially where regulated data is reachable.
• Log every agent action from day one Capture API calls, object changes, and permission use from the first deployment so audit teams can distinguish normal automation from abnormal escalation.

Key takeaways

• Unused permissions are still active exposure, and AI agents can turn that exposure into immediate blast radius.
• The article's data shows over-provisioning is structural, not incidental, which makes entitlement review a first-order security task.
• Practitioners should scope agents to task-specific identities, start with read-only access, and remove powerful rights before automation inherits them.

Key terms

• Dormant Permissions: Permissions that remain active in an account even though the user rarely or never uses them. In NHI governance, dormant permissions matter because automation can exercise every entitlement, turning what looked like unused access into immediate operational and security exposure.
• Static Permission Profile: A bundled access model that assigns a predefined set of rights to a user or role. Static profiles are efficient to administer, but they often accumulate excess privilege over time and become risky when inherited by agents or other non-human identities.
• Blast Radius: The amount of damage an identity can cause if it is misused or compromised. For AI agents and other NHIs, blast radius is shaped by the permissions attached to the identity, especially rights to modify data, export information, or administer systems.
• Ephemeral Credential Trust Debt: The risk created when temporary automation relies on persistent accounts or over-broad permissions. The debt grows when teams assume short-lived tasks are inherently safe, even though the underlying access model still permits broad and lasting impact.

Deepen your knowledge

AI agent identity risk and dormant permission sprawl are core topics in our NHI Foundation Level course, the industry's only accredited NHI security programme. If you are redesigning access around autonomous workflows, the course is a practical next step.

This post draws on content published by Cyera: 96% of Enterprise Permissions Go Unused. AI Agents Won't Leave Them That Way. Read the original.