THE OAUTH & GOOGLE WORKSPACE RISK REPORT

OAuth risk is growing at the speed of AI

Every OAuth grant can give third-party apps lasting access to your inbox, files, calendar, and identity data. Most teams don’t know which apps have access, what they can reach, or who approved them.
Get the report →
Book a Demo →

What We Found

OAuth sprawl is already inside the workspace.

Across 20 production Google Workspace environments, we found thousands of OAuth grants. Many dormant, over-permissioned, and tied to apps security teams rarely monitor.
AI Explosion
91%
of AI apps appeared in the last 16 months
AI and automation tool adoption is growing rapidly with no signs of slowing down.
Restricted scopes
24.5%
of grants reach restricted APIs
4,335 grants hold full Gmail access. 8,968 hold full Drive access. Read/Write/Send/Delete.
AI EXPLOSION
1,760
median OAuth grants per company
The largest single environment carried 14,337 grants. OAuth risk already distributed across workspaces.
Critical Scopes
>50%
AI apps hold sensitive or restricted scopes
AI is at its most useful when it's deeply integrated, but those connections bring risk.
Dormancy
51.5%
haven't been used in 90+ days
1,526 dormant grants still retain full Gmail access. Forgotten, but never fully revoked.

CAUGHT IN THE WILD

Three dangerous grants that weren't accidents.

We found hundreds of apps connected that shouldn’t be–for a range of reasons.

Netmirror

Malicious
Material's Analysis
NetMirror is credential-stealing malware disguised as a streaming app. Its Android client uses WebView interception to harvest raw credentials at login—making its declared OAuth scopes entirely meaningless—while also tracking device locations and running root shell commands via an active C2 server. Multiple contractor accounts remain actively authorized, creating live exposure, not theoretical risk.

gamma.com.ai

Suspicious
Material's Analysis
The publisher is a clear impersonator of the legitimate AI presentation tool, gamma.app. The vendor uses a generic Gmail contact, carries multiple active phishing warnings, and has been subjected to a Google brand wipeout. The deceptive nature of this entity represents a strong threat indicator for the users who integrated it.

Clockwise

Unnecessary
Material's Analysis
Clockwise permanently shut down on March 27, 2026, after its team was acquired by Salesforce. Its product is gone, but its OAuth grants are not—the app still holds high-privilege directory and calendar access across dozens of enterprise accounts, including four security engineers and several executives. Leaving those grants active on an offline platform is unnecessary exposure with zero operational benefit.

FROM THE TEAMS WHO LOOKED

Thousands of grants. 
Zero visibility.

Security leaders share what they found after finally mapping OAuth access across their environments.

AI Sprawl

“OAuth is the path of least resistance for app login, which is exactly why it's so widely abused. Most users have no idea what they're agreeing to when an app asks for permissions. They click allow and move on.”
Frank Wang
Security Engineer, Surge AI and author of Frankly Speaking

Restricted scopes

“Approved apps hold tokens that can be refreshed indefinitely. They become zombie connections — technically authorized, practically abandoned, and invisible to most of the controls we rely on.”
Chaim Sanders
CISO, Lyft

Streamline SecOps

I went through this exact OAuth journey at a previous company, completely manually. It was painful: reviewing hundreds of apps, figuring out what’s legitimate and what isn’t. Material makes it so much easier than what I had to do before.
Security Engineer
Digital Health Platform

Get The Full Report

What happens after "Allow All"?

The complete analysis across 20 production Google Workspace environments—including grant volume, sensitive scopes, dormant access, AI adoption, and real-world OAuth threats.
Get the report →
Book a Demo →
Privacy Preference Center

By clicking “Accept”, you agree to the storing of cookies on your device to enhance site navigation, analyze site usage, and assist in our marketing efforts. View our Privacy Policy for more information.

Allow all
Decline all
New