Tel-Aviv, Israel
  |  By Andrew Silberman
Varonis researchers have recently disclosed that several government agencies and private-sector companies had customized or added features to their Salesforce Apex code that leaked data, allowed data corruption, or allowed an attacker to disrupt business functions. Impacted data included the usual suspects like phone numbers, addresses, social security numbers, and username/password combinations.
  |  By Andrew Silberman
In a story that’s making rounds, Air Canada, Canada’s largest airline, is being ordered to pay a misled customer based on information they received from one of its chatbots.
  |  By Andrew Silberman
Unless you have been living under a rock, you have seen, heard, and interacted with Generative AI in the workplace. To boot, nearly every company is saying something to the effect of “our AI platform can help achieve better results, faster,” making it very confusing to know who is for real and who is simply riding the massive tidal wave that is Generative AI.
  |  By Andrew Silberman
Many are speculating that at long last, OpenAI’s GPT store is set to go live this week. GPT builders and developers received an email on January 4th notifying them of the launch, which has been rumored for months, and likely only delayed due to the drama that has taken place at the company. This blog will summarize what this means for citizen development and how security teams should approach this new technological breakthrough from the AI giant.
  |  By Ziv Daniel Hagbi
Businesses of all shapes and sizes are leveraging Microsoft Power BI to find insights within their own data. This standalone tool (not a part of Power Platform, despite its name) has emerged as a powerful tool, empowering all business users, not just trained data scientists, to transform raw data into meaningful insights. From data visualization to interactive dashboards, Power BI has become a cornerstone for decision-making across industries.
  |  By Ben Kliger
At Zenity, 2023 was a year of tremendous growth, exciting performance, and important milestones. I am so proud of our team as we strive to support our customers, partners, as well as each other during what was a challenging, but fruitful year for all of us.
  |  By Andrew Silberman
Last week, Michael Bargury and the team at Zenity published a video summarizing 6 vulnerabilities that are found in Microsoft Copilot Studio. The video highlights, in sequence, a myriad of ways that business users can create their own AI Copilots that are risky, why they are risky, and how they can be easily exploited. While I highly recommend checking out the video, this blog sets out to provide a look at why these vulnerabilities matter, and what considerations should be taken to mitigate them.
  |  By Ben Kliger
Microsoft Ignite 2023 was an eventful one, with many announcements across Microsoft’s AI Copilot capabilities. The biggest announcement, in our opinion, is that of Microsoft Copilot Studio, a low-code tool that allows professional and citizen developers to build standalone AI Copilots, as well as customize Microsoft Copilot for Microsoft 365.
  |  By Ziv Daniel Hagbi
Citizen developers, often without a formal background in programming, are harnessing the power of generative AI capabilities to create powerful business applications and automations in low-code/no-code platforms like Microsoft Power Platform, Salesforce, and ServiceNow.
  |  By Andrew Silberman
In an era of rapid technological advancements, healthcare organizations are always looking for ways to become more productive and more efficient. In this quest, they are increasingly turning to citizen development and Generative AI tools to streamline processes and drive innovation. Citizen development empowers non-technical employees to create their own applications and automations, thereby enhancing operational efficiency.
  |  By Zenity
Zenity's low-code security research team is exposed to real world low-code applications on a daily basis, and we're glad to share our knowledge in this domain in order to help you to design and develop secure low-code applications.

Continuously protecting all low-code/no-code applications and components! Design and implement governance policies, identify security risks, detect emerging threats and drive automatic mitigation and response.

Low-code/no-code development and automation platforms are the wave of the future. The largest companies in the world are already adopting low-code/no-code development for their core business units. But with all their benefits, low-code/no-code development brings with it a host of governance challenges and risks that are unaddressed by existing InfoSec and AppSec solutions.

Zenity, the first and only governance and security platform for low-code/no-code applications, creates a win-win environment where IT and information security can give business and pro developers the freedom and independence they want in order to continue pushing their business forward while retaining full visibility and control.

Our Platform:

  • Discover: Identify shadow-IT business applications across your low-code/no-code fleet and track sensitive and business data movement.
  • Mitigate: Identify insecure, vulnerable and risky configurations. Drive mitigation and remediation immediately.
  • Govern: Design policies and implement automatic enforcement. Eliminate risks without disrupting business.
  • Protect: Detect suspicious and malicious activity, such as supply-chain attacks, malware obfuscation and data leakage.

Governance and Security for Low-Code/No-Code Applications.