Low-code platforms have become a transformative force in the dynamic world of software development. They’ve democratized the designing, building, and deployment of software, which has had a ripple effect across entire industries. Today, with minimal coding expertise, users can craft innovative applications tailored to meet the needs of consumers and businesses alike. But the allure of low-code simplicity also creates a challenge.

Technology can change in the blink of an eye, and nowhere is this more evident than in the rise of “citizen developers.” Often without formal technical training, these individuals leverage user-friendly platforms to create, innovate, and deploy AI-driven solutions. But with the support of intuitive interfaces, templates, and code snippets come challenges. Security can be a challenge hidden in the simplicity of drag-and-drop designs.

Varonis researchers have recently disclosed that several government agencies and private-sector companies had customized or added features to their Salesforce Apex code that leaked data, allowed data corruption, or allowed an attacker to disrupt business functions. Impacted data included the usual suspects like phone numbers, addresses, social security numbers, and username/password combinations.

In a story that’s making rounds, Air Canada, Canada’s largest airline, is being ordered to pay a misled customer based on information they received from one of its chatbots.

Unless you have been living under a rock, you have seen, heard, and interacted with Generative AI in the workplace. To boot, nearly every company is saying something to the effect of “our AI platform can help achieve better results, faster,” making it very confusing to know who is for real and who is simply riding the massive tidal wave that is Generative AI.

Many are speculating that at long last, OpenAI’s GPT store is set to go live this week. GPT builders and developers received an email on January 4th notifying them of the launch, which has been rumored for months, and likely only delayed due to the drama that has taken place at the company. This blog will summarize what this means for citizen development and how security teams should approach this new technological breakthrough from the AI giant.

Businesses of all shapes and sizes are leveraging Microsoft Power BI to find insights within their own data. This standalone tool (not a part of Power Platform, despite its name) has emerged as a powerful tool, empowering all business users, not just trained data scientists, to transform raw data into meaningful insights. From data visualization to interactive dashboards, Power BI has become a cornerstone for decision-making across industries.

At Zenity, 2023 was a year of tremendous growth, exciting performance, and important milestones. I am so proud of our team as we strive to support our customers, partners, as well as each other during what was a challenging, but fruitful year for all of us.

Last week, Michael Bargury and the team at Zenity published a video summarizing 6 vulnerabilities that are found in Microsoft Copilot Studio. The video highlights, in sequence, a myriad of ways that business users can create their own AI Copilots that are risky, why they are risky, and how they can be easily exploited. While I highly recommend checking out the video, this blog sets out to provide a look at why these vulnerabilities matter, and what considerations should be taken to mitigate them.

Microsoft Ignite 2023 was an eventful one, with many announcements across Microsoft’s AI Copilot capabilities. The biggest announcement, in our opinion, is that of Microsoft Copilot Studio, a low-code tool that allows professional and citizen developers to build standalone AI Copilots, as well as customize Microsoft Copilot for Microsoft 365.