Last week, Michael Bargury and the team at Zenity published a video summarizing 6 vulnerabilities that are found in Microsoft Copilot Studio. The video highlights, in sequence, a myriad of ways that business users can create their own AI Copilots that are risky, why they are risky, and how they can be easily exploited. While I highly recommend checking out the video, this blog sets out to provide a look at why these vulnerabilities matter, and what considerations should be taken to mitigate them.

Microsoft Ignite 2023 was an eventful one, with many announcements across Microsoft’s AI Copilot capabilities. The biggest announcement, in our opinion, is that of Microsoft Copilot Studio, a low-code tool that allows professional and citizen developers to build standalone AI Copilots, as well as customize Microsoft Copilot for Microsoft 365.

Citizen developers, often without a formal background in programming, are harnessing the power of generative AI capabilities to create powerful business applications and automations in low-code/no-code platforms like Microsoft Power Platform, Salesforce, and ServiceNow. While this democratization of software development brings about numerous benefits, it also introduces a host of new cybersecurity risks that organizations must address to safeguard their sensitive data and maintain compliance standards.

In an era of rapid technological advancements, healthcare organizations are always looking for ways to become more productive and more efficient. In this quest, they are increasingly turning to citizen development and Generative AI tools to streamline processes and drive innovation. Citizen development empowers non-technical employees to create their own applications and automations, thereby enhancing operational efficiency.

In a rapidly evolving digital landscape, data security has become a paramount concern within the AppSec community As organizations embrace digital transformation and the shift towards cloud-based solutions, the onus is on them to protect sensitive data. However, the recent ServiceNow data exposure highlights an alarming concern: what happens when developers build apps and automations with risky default settings?

In an era where humans are becoming closer and closer to technology, it is reshaping the way we work and do business. This was a prevalent theme from the Microsoft Power Platform 2023 conference, and it was great to experience the event as it provided insight into the cutting-edge tools and strategies driving the next wave of business productivity.

Welcome back to the final part of my blog series on taking Power Platform security and governance to the next level. In Part 2 (which you can read here), I dove into essential strategies for securing and governing Power Platform environments. Today, I’ll encourage everyone to push the envelope further by exploring advanced techniques to establish good hygiene for citizen development, maintain audit logs, implement automation playbooks, and provide ongoing education for builders and makers.

In the first part of this blog series, we explored the foundational steps required to kickstart a robust security program for any organization’s low-code/no-code development environment within Microsoft Power Platform. We discussed the importance of differentiating between sensitive and non-sensitive data, identifying the makers and builders, and implementing the principle of least privilege access.

The world of software development has witnessed a significant transformation thanks to low-code/no-code development platforms like Microsoft Power Platform, Salesforce, and ServiceNow. These platforms have empowered developers and business users of all technical backgrounds to create applications, automations, bots, connections (and more), rapidly and with greater accessibility.

Welcome to the first installment of my three-part blog series on securing low-code/no-code development within the Microsoft Power Platform ecosystem. As Zenity’s Director of Customer Success I’ve seen firsthand how businesses are embracing the power of applications like Power Apps, Power Automate, and Dynamics 365, all fortified by the impressive capabilities of generative AI.