Backdoor Attackers Know About Them — and Most Security Teams Don’t Cover It
Every AI tool, automated workflow, and productivity app your employees connected to Google or Microsoft this year left something behind: a persistent OAuth token with no expiration date, no automatic cleanup, and in most organizations, no one is watching. Your perimeter controls don’t see it. Your MFA doesn’t stop you. And if an attacker catches one, he doesn’t need a password.
OAuth grants do not expire when employees leave. They don’t reset when passwords change. And in most organizations, no one is watching.
The model made sense when several IT-authorized applications needed access to the calendar. It doesn’t get stuck when each employee independently installs AI tools, automated workflows, and productivity applications directly in their Google or Microsoft environment – each gets a persistent, limited token with no automatic expiration and no centralized visibility.
That’s not a bad fix. It’s how OAuth was designed to work. The gap is that most security systems are not built to handle them at scale.
CISOs know it’s a problem. Most don’t solve it.
New research from Material Security measures the gap between awareness and action. 80% of security leaders consider unmanaged OAuth to be a significant or significant risk. Most have been saying that for years.
But awareness does not directly translate into power. A large proportion of organizations (45%) do nothing to monitor OAuth grants at scale. Most of them (33%) run manual processes — tracking grants in spreadsheets, reviewing permits on an ad basis, relying on employees to flag unusual application behavior.
Spreadsheets are not a threat response force. They are a record of how much exposure an organization may not know it has.
It is not a theoretical risk
OAuth visibility conflicts are often isolated as employees enter sensitive information into third-party tools without IT visibility. That’s a real problem, but it’s a minor one. The most pressing problem is that OAuth grants are an effective attack vector. The Drift incident makes that clear.
Drift, a sales engagement platform acquired by Salesloft, has maintained OAuth integration with Salesforce environments for hundreds of customer organizations. A threat actor identified by Palo Alto Unit 42 as UNC6395 obtained valid OAuth renewal tokens – possibly through previous phishing campaigns – and used them to access Salesforce domains for more than 700 organizations.
The structure of the attack is a warning: the tokens were legitimate, the merger was legitimate. From the point of view of any perimeter control, nothing was wrong. MFA was completely bypassed because the attacker wasn’t logging in – they were presenting a token that Drift was already authorized to use. Once inside, the UNC6395 sent the data systematically and compiled it for credentials: AWS access keys, Snowflake tokens, passwords.
Cloudflare, PagerDuty, and many others are affected. The full range is still being tested.
The Drift incident was not an attack from a suspicious, unknown app. It was an attack by using trusted. The lesson is not that organizations should limit OAuth integration — that trusting an application at the time of installation does not mean it remains trustworthy, and that OAuth grants require active, ongoing monitoring rather than passive acceptance.
What monitoring should look like
The current generation of OAuth security tools address the OAuth vulnerability at the point of installation. They check whether the scope of the requested permission is large. They may flag apps from disreputable vendors. That’s helpful — but not enough. In the case of Drift, a legitimate app whose credentials were stolen and weaponized – it caught nothing.
First of all, dealer trust levels and operating systems are important, but they only tell part of the story. Observing the actual behavior of the application—the API calls, the actions it takes—is essential to understanding what the application is actually to do, not just what to do. And even then, without deep visibility into the accounts the app is connected to, you’re still working blindly. A malicious app tied to an intern’s account is one thing–the same app used by a VIP that has access to many sensitive emails, files, and systems is quite another.
The Drift attack did not install a suspicious app that requested unusual permissions on installation. It involved an official app whose credentials were later compromised and compromised. A tool that only checks the grant at creation time would not see anything wrong. The accident happened later – when the token was stolen and used by a completely different actor.
Effective OAuth security requires:
- Continuous monitoring of behavior, not point-in-time reviews. What does the application do after it is granted access? Monitoring API calls through an OAuth-connected application can over time reveal anomalies that no static authorization review can catch – sudden spikes in data access, queries for unusual data types, and access at unexpected hours.
- Blast radius test. An OAuth grant attached to an account with read access to thousands of sensitive documents and years of email history is very different from a similar instance to a newly granted account with limited exposure. User account access determines the potential impact of a malicious or malicious OAuth connection. Risk scoring should reflect that.
- The graduated response is matched to the organization’s risk tolerance. A clearly dangerous app – unknown vendor, broad permissions, weird API behavior from day one – shouldn’t stay in place while a ticket is active in the queue. It should be withdrawn immediately. An objectively significant combination from a major retailer that shows little confusion warrants a personal review before any action is taken. The response layer needs to be smart enough to show the difference.
OAuth Threat Remediation Agent
For each connected application, the agent checks three factors together:
- Vendor trust and scope analysis – the common foundation on which most tools stand
- Monitoring the behavior of actual API calls created by the application over time, reveals anomalies against expected behavior
- Blast radius test based on the access levels and data exposure of the accounts the application is connected to
These inputs combine into a risk signal that indicates both the likelihood of a problem and its potential impact. If an agent identifies a grant that is too dangerous, it can take immediate action — withdraw the token before harm is done. In low-certainty cases involving mission-critical applications, it presents the findings to the security team in full context: what the application is, what it has been doing, what it has access to, and what the risk score is.
Organizations are setting their own limits: how much risk warrants automatic repair, and where the line is to require human intervention. The agent is designed to keep security teams informed of important decisions, and out of the way of those they don’t care about.
Closing the back door
OAuth grants are an automatic way for third-party applications and AI tools to connect to the enterprise workspace. That doesn’t change. The number of grants in many areas will continue to grow as the adoption of AI accelerates. Telling employees they won’t use AI tools isn’t a security posture that works for most organizations — and it won’t address the threat posed by legitimate and malicious applications after installation.
The answer is not a few OAuth grants. Better visibility into existing ones, continuous monitoring of their behavior, and operational capabilities to respond quickly enough to what is important and smart enough to avoid disrupting the integration that keeps the business running.
For security teams who want visibility into what’s connected to their environment — and the ability to respond when something changes, reach out to Essential Security for a demo of the OAuth Threat Remediation Agent.
