No-Code AI Platforms Exposed: Security Research Reveals Vulnerability to Financial Fraud
Security researchers have demonstrated how "no-code" AI platforms can be manipulated to commit financial fraud and steal sensitive data, exposing critical vulnerabilities in enterprise AI adoption. The research, conducted by exposure management firm Tenable, successfully jailbroken Microsoft's Copilot Studio, revealing how easily AI agents can be hijacked despite built-in safeguards.
The findings highlight a growing concern as organisations increasingly embrace no-code AI development platforms to empower non-technical employees, potentially creating security gaps that attackers could exploit to access confidential information and manipulate financial systems.
Background and Context
The rapid adoption of no-code AI platforms represents a fundamental shift in how enterprises deploy artificial intelligence tools. These platforms allow employees without programming expertise to create AI agents and workflows, promising increased efficiency without requiring developer intervention. While the democratization of AI development offers clear productivity benefits, security experts warn that the lack of technical oversight creates new attack surfaces that organizations may not fully understand.
Microsoft's Copilot Studio, launched as part of the company's broader AI strategy, enables users to create custom AI copilots for specific business functions. The platform's ease of use has accelerated adoption across industries, but security researchers argue that convenience comes at the cost of reduced control over potential vulnerabilities.
Key Figures and Entities
Tenable's research team constructed an AI travel agent using Microsoft Copilot Studio to demonstrate the security risks. The agent was designed to manage customer travel reservations, including creating new bookings and modifying existing ones autonomously. In their controlled experiment, researchers provided the AI with demo data containing customer names, contact information, and credit card details, instructing it to verify customer identities before disclosing information or making changes.
According to Keren Katz, Senior Group Manager of AI Security Product and Research at Tenable, "AI agent builders, like Copilot Studio, democratise the ability to build powerful tools, but they also democratise the ability to execute financial fraud, thereby creating significant security risks without even knowing it." The research team successfully used prompt injection techniques to bypass the agent's security protocols and manipulate its core functions.
Legal and Financial Mechanisms
The jailbreak technique employed by Tenable researchers exploited the agent's excessive permissions and insufficient input validation. Through carefully crafted prompts, they circumvented identity verification measures, extracted sensitive credit card information of other customers, and manipulated financial transactions. The researchers demonstrated how the agent's broad "edit" permissions—intended for legitimate booking modifications—could be exploited to change trip prices to $0, effectively granting free services without authorization.
This manipulation poses serious compliance risks under PCI DSS standards for payment card security, as the AI agent was coerced into leaking complete customer payment records. The research also reveals how automated systems without proper safeguards could be weaponized for fraud at scale, potentially causing significant revenue loss through unauthorized transaction modifications.
International Implications and Policy Response
The security findings come amid increasing scrutiny of AI governance frameworks worldwide. As organizations deploy AI agents across critical business functions, the potential for exploitation by malicious actors raises questions about regulatory oversight and corporate responsibility. The research underscores the need for comprehensive AI security protocols that extend beyond traditional cybersecurity measures.
Industry experts are calling for stricter governance of AI development platforms, including mandatory security assessments before deployment and continuous monitoring of AI agent behavior. The findings also highlight the need for updated regulatory frameworks that address the unique challenges posed by no-code AI development and automated decision-making systems.
Sources
This report is based on security research published by Tenable, including their technical analysis of Microsoft Copilot Studio vulnerabilities. Additional context is drawn from public documentation on Microsoft Copilot Studio and industry standards for payment card security (PCI DSS). The research was conducted in controlled laboratory conditions to demonstrate potential vulnerabilities in enterprise AI implementations.
