OAuth audit for AI agents and SaaS · coming 2026

You have more AI tools connected to your Gmail than you think.

And your auditor is about to ask. AuthScope inventories every app, AI assistant, and agent connected to your Google Workspace — what it can access, who authorised it, and whether it should still be there. Microsoft 365 coming in v1.0.

No spam. Unsubscribe anytime.

80–200
OAuth apps connected to a typical 200-person Workspace tenant
~35%
of those grants are dormant — unused for 90+ days, pure attack surface
1 in 5
is an AI assistant, agent, or MCP tool — often with email or file access

The problem

Questions most companies cannot answer about their own tenant

Employees authorise Claude, ChatGPT, Cursor, Copilot, Fireflies, Otter, Zapier, and custom MCP servers against corporate Google accounts — no review, no inventory, no off-boarding. The grants pile up. Then the auditor asks.

Which apps can read our company email right now?
Which of them are AI agents or MCP servers?
Which grants belong to people who have left?
Which have been dormant for months but still hold access?
Which come from unverified publishers?
What evidence can we hand a SOC 2 auditor?

Example · what one meeting-notes agent holds on your tenant

admin.directory.user.readonlyadmin.reports.audit.readonly

High · 147 users · last reviewed: never

How it works

Authorise once. See everything. Clean it up.

01 · AUTHORISE

Read-only, in minutes

Authorise Google Workspace with read-only admin scopes. First inventory in under ten minutes — nothing to install.

admin.directory.user.readonly
02 · SEE

Every grant, classified and scored

Each app is identified, tagged (AI agent? MCP? meeting-notes?), and risk-scored with a breakdown you can explain to your board.

03 · ACT

Clean up and prove it

Remove risky grants in one step, bulk-clean ex-employee access, and export auditor-ready evidence for SOC 2 and ISO 27001.

→ evidence.csv · evidence.pdf

Why AuthScope

Built for teams that have outgrown spreadsheets but are not ready for enterprise SSPM

AI-agent first

The only OAuth audit tool that treats AI assistants, agents, and MCP servers as a first-class risk category — not an afterthought.

Transparent pricing

Simple flat pricing on the site, no per-seat math and no per-app surcharges. Priced for the mid-market, not the Fortune 1000.

Explainable risk

Every risk score shows its math. No black-box AI verdicts — the kind of transparency security teams actually trust.

Early access · 2026

See every scope.

We are building AuthScope now. Join the early-access list and we will reach out when it opens — early users help shape the product and get founder pricing.