On paper, applications are created to be useful tools that solve specific business needs. Think of an application that tracks all ongoing projects for a product manager, an automation that triggers emails to prospective customers when they fill out a marketing form, or a flow that sends aggregated payment information to a finance manager. While all these applications are fairly straightforward, and seemingly used for singular cases, they are anything but.

Generative AI capabilities continue to make their way into every organization, with increasingly useful ways of helping employees and contractors be more productive. This includes advancing how fully automated vulnerability remediation works, and with the power of generative AI, is able to take into account unique environments and uses in real-time.

On June 12th, Salesforce announced ‘AI Cloud,’ which aims to embed generative AI capabilities throughout their market leading CRM tool in an effort to enhance productivity for all Salesforce CRM users. The announcement features eight different sections: Sales GPT, Marketing GPT, Slack GPT, Flow GPT, Service GPT, Commerce GPT, Tableau GPT, Apex GPT.

A couple weeks ago, ServiceNow and NVIDIA announced a groundbreaking partnership to help expand ServiceNow’s generative AI use cases for their customers to strengthen workflow automation and rapidly increase productivity. ServiceNow is also helping NVIDIA streamline its IT operations by using NVIDIA data to customize NVIDIA NeMo foundation models running on hybrid-cloud infrastructure.

In today’s rapidly evolving digital landscape, organizations not only seek out, but need to harness the power of emerging technologies to stay ahead of the competition. Two of the most promising trends in the tech world are generative AI and low-code/no-code development. Generative AI, in particular, has generated the majority of the headlines, with seemingly infinite use cases to spur productivity for end users and business.

The landscape of application development is constantly evolving, driven by technological advancements and changing user demands. Over the past few years, we have witnessed the rise of generative AI, the “shift left” approach, and the increasing prominence of low-code/no-code development.

Analysis of Microsoft Power Platform’s security features revealed limitations that could expose organizations to security risks, such as difficulty enforcing DLP policies for pre-existing resources and issues with HTTP calls or custom connectors.

The rise of low-code/no-code platforms has empowered business professionals to independently address their needs without relying on IT. Now, the integration of generative AI into these platforms further enhances their capabilities and eliminates entry barriers. However, as everyone becomes a developer, concerns about security risks arise.

About seven months ago at Defcon, Zenity CTO Michael Bargury presented security research that discovered and outlined a way to take over Microsoft Power Automate enabling bad actors to send ransomware to connected machines by using Power Automate as it was designed. By simply taking over an endpoint, our research showed that attackers can run their own payloads and execute malware by assigning machines to a new administrative account using a basic command line.

Hello everyone! I’m Yuval Adler, Customer Success Director at Zenity. I’m inviting you to read my blog series where I share new Microsoft Power Platform DLP Bypass findings we’ve uncovered.