Over 90% of organizations using Google or Microsoft cloud services have at least one active OAuth token that’s been sitting undisturbed for more than a year — some for over three years — with full access to corporate data, email, and internal systems. These tokens weren’t issued by IT. They weren’t approved by security. They were created when someone installed an AI summarizer, connected a calendar bot, or authorized a file converter. And they never expire.
- OAuth tokens issued in 2023–2026 commonly have no expiration date, granting indefinite access once approved.
- Attackers are already exploiting these tokens — 83% of cloud breaches in Q1 2026 involved stolen or misused OAuth tokens, according to new data.
- Zero trust models fail here: MFA doesn’t block token-based access, and perimeter defenses don’t see it.
- Most companies lack visibility: fewer than 1 in 5 use tools to monitor or revoke third-party app consents at scale.
- AI tools are the fastest-growing source: each new workflow automation increases the attack surface by an average of 2.7 persistent tokens.
The Door Was Always Open
OAuth was supposed to make life easier. Instead of handing apps your password, you click “Allow,” and the app gets a token — a digital key to access specific data on your behalf. For users, it’s smooth. For developers, it’s standard. For attackers, it’s a goldmine.
The flaw isn’t in the protocol. It’s in the defaults. Google and Microsoft both allow third-party apps to request OAuth tokens that don’t expire. And unless an administrator manually revokes them — or the user remembers to do it — they sit there indefinitely.
That wouldn’t be so bad if usage was low. But it’s not. The average employee at a midsize tech company has authorized 11.4 third-party apps over the past 18 months, according to internal audits cited in original report. More than half of those apps requested access to email, contacts, or files. Nearly all issued non-expiring tokens.
And no one’s watching.
Why MFA Doesn’t Help
Multi-factor authentication stops password theft. It does nothing against OAuth token abuse. Once a token is issued, the attacker doesn’t need your password or your second factor. They just present the token, and the system treats them as you.
This isn’t theoretical. In March 2026, a threat actor compromised a fintech startup by hijacking a single OAuth token tied to a deprecated AI note-taking tool. The tool had been removed from the app store months earlier. But the token remained active. The attacker used it to access shared drives, extract customer PII, and move laterally into Slack and Zoom integrations — all without triggering a single alert.
The breach lasted 14 days.
No failed logins. No brute force attempts. No suspicious geolocation. Just clean, authorized traffic.
AI Tools Are the New Attack Vector
Every AI-powered workflow app demands access. The “smart” calendar assistant that reschedules meetings? It needs read-write access to your calendar and email. The document summarizer that pulls from Google Drive? It asks for full file access. The AI recruiter that scans LinkedIn and exports to Sheets? It wants everything.
And we’re installing them constantly.
Developers build internal tools using no-code platforms like Make and Zapier. Founders plug in AI copilots for sales, support, and finance. Teams connect GPT wrappers to Outlook to auto-draft replies. Each integration requires OAuth approval. Each one creates a token. Most are set to “no expiration” by default.
The irony is brutal: the tools meant to make us more productive are quietly creating permanent entry points for attackers.
Google lets developers mark tokens as long-lived. Microsoft calls them “refresh tokens” and allows them to persist for up to 90 days — but if activity continues, they automatically renew. In practice, that means they never go away.
Blind Spots in Identity Management
Security teams focus on devices, networks, and passwords. Identity and access management (IAM) tools rarely flag third-party OAuth grants as high risk. SIEMs don’t log them by default. EDR agents can’t see them. Even dedicated cloud security platforms often treat them as “user activity,” not a threat surface.
It’s worse at scale. In one enterprise audit reviewed in the report, a single executive had 37 active third-party app consents — including several for tools banned company-wide. None had been reviewed in over two years. Two were tied to domains that no longer existed. At least one was linked to a known malicious redirect URL.
And it’s not just external apps. Internal developers building microservices often use personal accounts to test integrations. They grant access, move on, and forget. Those tokens linger.
- Google Workspace admins can view OAuth grants under Security > API controls — but fewer than 12% check it monthly.
- Microsoft 365 has a similar dashboard under Enterprise Applications — accessed by less than 20% of security teams regularly.
- Automated revocation policies exist — but only 6% of companies have implemented them.
- The average time to detect a rogue OAuth token in active use: 217 days.
Attackers Are Already Inside
Cybercriminals aren’t waiting. They’re using phishing to trick users into granting access to fake apps — a tactic called “consent phishing.” These aren’t credential harvesters. They’re OAuth grant stealers.
One campaign in April 2026 used a fake “Google AI Workspace Optimizer” that promised to clean up inbox clutter. Over 400 employees across 17 companies clicked. The app requested access to Gmail, Drive, and Contacts. Once approved, it exfiltrated data silently for weeks.
Another targeted Microsoft 365 users with a “Teams Performance Analyzer” — a non-existent tool that looked legitimate. It used a real Azure AD app registration, complete with verified publisher status. The token it generated had mailbox, files, and user.read permissions.
And because the access was authorized, Microsoft’s native threat detection didn’t flag it.
Cloudflare reported a 300% spike in OAuth-based attacks in the first four months of 2026. Microsoft Threat Intelligence confirmed that identity-based attacks now account for 68% of all cloud intrusions — up from 44% in 2024.
What This Means For You
If you’re a developer, stop treating OAuth as a harmless convenience. Every token your app requests is a potential backdoor. Default to short-lived tokens. Require just-in-time access. Don’t ask for more permissions than you need. And if you’re building internal tools, enforce automatic revocation after 90 days — or less.
If you’re a founder or tech lead, audit your third-party app consents now. Not next week. Today. Use Google’s Token Audit API or Microsoft’s PowerShell cmdlets to pull every active grant. Revoke anything unused, unverified, or outdated. Set up automated alerts for new consents. Treat OAuth approvals like admin privileges — because that’s what they are.
The Real Problem Isn’t Technical — It’s Behavioral
The tools to fix this exist. Google and Microsoft both offer ways to limit token lifespan, restrict app permissions, and enforce consent policies. But adoption is abysmal.
Why? Because nothing breaks when you ignore it. The risk is invisible until it’s catastrophic.
We’ve built a culture where convenience wins. “Just click Allow” is the mantra of productivity. Security teams are seen as blockers. Developers ship features, not compliance.
But the threat model has shifted. The perimeter is gone. The password is dead. And the thing we trusted to replace it — OAuth — has become the weakest link.
We’re not defending against hackers anymore. We’re defending against our own behavior.
“We’re giving third-party apps the equivalent of a skeleton key to our systems and calling it innovation,” said one security architect quoted in the report. “And we’re surprised when someone uses it.”
What This Means For You
If you’re responsible for building, managing, or securing digital systems, this isn’t someone else’s problem.
Start with an inventory: run a full OAuth consent audit across your Google and Microsoft environments. Revoke anything that shouldn’t be there. Then enforce policies: disable legacy apps, require admin approval for high-risk scopes, and rotate or expire tokens aggressively.
On the development side, stop using personal accounts for testing. Never request broad permissions “just in case.” Design your apps to work with short-lived tokens. And always, always include deauthorization workflows.
This isn’t about locking things down. It’s about accountability. Every token should have an owner, a purpose, and an expiration.
So Who’s Watching the Keys?
The tools won’t save us. The platforms won’t fix it for us. The attackers already know the door is open.
We do too.
The only question left is whether we’ll close it before the next breach makes headlines on May 05, 2026.
Sources: The Hacker News, Cloudflare 2026 Threat Report
