Material Security — Persistent OAuth Grants and AI Tool Proliferation

AI relevance: Every AI tool employees connect to Google or Microsoft workspaces creates a persistent OAuth token that never expires, bypasses MFA, and survives employee departures — creating an expanding, largely invisible attack surface unique to AI adoption patterns.

• Material Security research finds that 80% of security leaders consider unmanaged OAuth grants a critical or significant risk, yet 45% of organizations do nothing to monitor them at scale.
• OAuth grants don't expire when employees leave, don't reset when passwords change, and in most organizations, nobody is watching them. AI tool proliferation accelerates the problem as employees independently connect new tools.
• The Drift incident (Salesloft acquisition) illustrates the risk: threat actor UNC6395 obtained valid OAuth refresh tokens — likely via prior phishing — and used them to access Salesforce environments across 700+ organizations, exporting credentials including AWS keys and Snowflake tokens.
• The attack bypassed MFA entirely because the attacker wasn't logging in — they were presenting tokens that Drift had already been granted. From any perimeter control's perspective, nothing was wrong.
• Material's three-factor risk model evaluates: (1) vendor trust and scope, (2) behavioral monitoring of actual API calls over time, and (3) blast radius based on the connected account's access level and data exposure.
• 33% of organizations track OAuth grants manually — spreadsheets, ad-hoc reviews, employee self-reporting — which provides no real-time visibility into compromised tokens.

Why it matters

OAuth is the default integration mechanism for AI tools connecting to enterprise environments. As AI adoption accelerates, the number of grants grows — but unlike passwords, these tokens never expire and aren't covered by MFA or password-rotation policies. A compromised OAuth token is functionally equivalent to a permanent backdoor that traditional security controls can't see.

What to do

• Inventory all OAuth-connected applications across Google Workspace and Microsoft 365 — include grants created before your current security tooling.
• Implement continuous behavioral monitoring for OAuth-connected apps, not just point-in-time review at installation.
• Apply blast-radius scoring: an OAuth grant on a VIP account with broad data access is categorically higher risk than the same grant on a limited account.
• Establish automated revocation thresholds for high-risk grants, while preserving human review for mission-critical integrations.

Sources:

• Material Security — Automating OAuth Grant Management (Research)
• The Hacker News — The Back Door Attackers Know About
• Material Security — The Drift Incident Analysis